Values for content-security-policy-report-only:
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 136
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 99
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 93
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 65
default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.tax.service.gov.uk hmrc-uk.digital.nuance.com gov.klick2contact.com www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 53
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 38
frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com player.grabnetworks.com www.kickstarter.com staging.slideshare.com player.anyclip.com verify.vote.org movieclips.com scache.vevo.com *.adyen.com www.voteplz.org player.hulu.com www.crackle.com www.dailymotion.com cache.vevo.com www.slideshare.net crackle.com embed.5min.com embed.ted.com register.vote.org absentee.vote.org www.crunchyroll.com videoplayer.vevo.com w.soundcloud.com embed-ssl.ted.com *.youtube.com *.ytimg.com player.vimeo.com vine.co scache.vevo.com bid.g.doubleclick.net *.fls.doubleclick.net pinterest-waterloo.s3.amazonaws.com pinlogs.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com *.appcues.com; report-uri /_/_/csp_report/?reportonly 22
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 20
20
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 15
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 14
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 13
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 11
default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens.com/ 11
default-src https:; child-src https: blob:; connect-src https: wss: data:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:;  object-src https:;  worker-src https: blob:;  script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 11
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 11
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 9
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; connect-src https: ws:; report-uri https://ls.getresponse.com/log/csp_report?source=www 9
default-src 'self' 9
default-src * 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; script-src *  'self' 'unsafe-inline' 'unsafe-eval' s798535241.t.eloqua.com/ s1343588892.t.eloqua.com www.youtube.com *.brightcove.net  s.ytimg.com vjs.zencdn.net/  img.en25.com players.brightcove.net/ e.issuu.com www.gstatic.com/ *.google.com *.visma.chat *.episerver.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaw s.com d3dc1lgancj6l0.cloudfront.net www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com optimize.google.com static.hotjar.com static.hotjar.com script.hotjar.com api.cludo.com customer.cludo.com api-eu1.cludo.com/ chat.kindlycdn.com; style-src * 'self' 'unsafe-inline' *.episerver.net optimize.google.com fonts.googleapis.com; img-src * 'self' data: s798535241.t.eloqua.com/ s1343588892.t.eloqua.com cf-images.eu-west-1.prod.boltdns.net *.brightcove.net *.brightcove.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net script.hotjar.com script.hotjar.com www.googletagmanager.com www.googletagmanager.com www.google-analytics.com optimize.google.com static.kindlycdn.com; frame-ancestors 'self' www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net; worker-src  'self' blob: *.hotjar.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; connect-src  'self' blob: statistics-dot-calconic-app.appspot.com app.calconic.com api.cludo.com bcovlive-a.akamaihd.net s798535241.t.eloqua.com s1343588892.t.eloqua.com manifest.prod.boltdns.net/ house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.brightcove.net metrics.brightcove.com *.brightcove.com se.api4load.com api.instagram.com hooks.zapier.com www.lyyti.fi widget.trustpilot.com s7.addthis.com/ embedv3.upseller.cloud www.varaaheti.fi api.giosg.com data.brreg.no/ wss://widget-mediator.zopim.com *.google.com teamup.com *.visma.no/ *.zendesk.com translate.googleapis.com rekry.saima.fi www.verkkopasseli.fi/ sheets.googleapis.com wss://nexus-websocket-a.intercom.io *.tawk.to *.sharethis.com spreadsheets.google.com service.giosg.com adservice.google.com ekr.zdassets.com service.giosg.com/api api-iam.intercom.io www.facebook.com/ api.beelert.com img.en25.com www.optimalworkshop.com www.teamjumbovisma.com/ www.teamjumbovisma.nl/ *.siteimprove.com *.kindly.ai *.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai docs.google.com stats.g.doubleclick.net *.doubleclick.net ipapi.co/json/ *.juicer.io *.puzzel.com *.hotjar.com:* *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com *.visma.chat www.youtube-nocookie.com www.youtube.com wss://umd.userlike.com umd.userlike.com api.userlike.com www.google-analytics.com *.visma.com *.visma.net; font-src  'self' data: cdn.faceworks.nl themes.googleusercontent.com  cdnjs.cloudflare.com/ajax/libs/font-awesome maxcdn.bootstrapcdn.com/bootstrap  static3.avast.com *.cloudfront.net dq4irj27fs462.cloudfront.net static-v.tawk.to  js.intercomcdn.com d3dc1lgancj6l0.cloudfront.net script.hotjar.com script.hotjar.com *.juicer.io fonts.gstatic.com font.visma.com *.visma.com *.visma.net *.opic.com; frame-src  'self' s798535241.t.eloqua.com s1343588892.t.eloqua.com  e.issuu.com tpc.googlesyndication.com m00-mg-local.idp.funktionstjanster.se s7.addthis.com/ embed.upseller.cloud app.calconic.com www.youtube.be *.soundcloud.com www.googletagmanager.com teamup.com secure.myshopcouponmac.com service.securesrv12.com vismamamut.typeform.com dreambroker.com va.tawk.to meetings.hubspot.com *.clients.giosgusercontent.com gateway.zscloud.net vimeo.com ekrav.vismacollectors.se vimeo.com c.sharethis.mgr.consensu.org sites.legaonline.se c1.adform.net maps.google.no pixel.mathtag.com *.doubleclick.net  www.facebook.com player.vimeo.com online.superoffice.com kursus.bluegarden.dk *.visma.chat *.liveleader.com *.liveleader.eu *.visma.com *.visma.net *.google.com optimize.google.com vars.hotjar.com www.youtube-nocookie.com www.youtube.com  api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.easymapmaker.com/ widget.trustpilot.com widget.trustpilot.com; media-src  'self' blob: bcovlive-a.akamaihd.net *.brightcovecdn.com manifest.prod.boltdns.net *.brightcove.com static.zdassets.com embedv3.upseller.cloud chat.puzzel.com js.intercomcdn.com www.snapengage.com dq4irj27fs462.cloudfront.net d3dc1lgancj6l0.cloudfront.net *.cloudfront.net; object-src  'self' www.snapengage.com; report-uri https://paxil3koxi.execute-api.eu-central-1.amazonaws.com/prod/report; 9
report-uri /report-csp-violation 9
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://latkbu9mql.execute-api.us-east-1.amazonaws.com/default/checkCSP 9
default-src https: data: 'unsafe-inline' 'unsafe-eval' 9
default-src https: 'unsafe-inline' data: 8
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/app 8
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 8
default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 7
frame-ancestors 'self'; report-uri /beacon/csp.php 6
block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly 6
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.com/ajax/csp-violation/action 6
frame-src self *.arcgames.com *.adyen.com www.google.com *.cdn.optimizely.com *.doubleclick.net *.youtube.com www.googletagmanager.com www.facebook.com; report-uri https://www.arcgames.com/en/report/enforce; 6
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://studio.digital.vistaprint.com/csp/report/published 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=anonweb 5
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 5
default-src 'unsafe-inline' 'unsafe-eval' data: https: wss:; report-uri https://shk.betfair.com/csp 5
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_2_8_X 5
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 5
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://9s5nwozqcb.execute-api.eu-north-1.amazonaws.com/prod/sitemailalerts 5
frame-ancestors 'self'; report-uri /stf/reportiframe 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://1yl2eds5mhyzuzjhwlcikwnp.httpschecker.net/report 5
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 5
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 4
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
default-src 'none'; connect-src 'self' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src https://platform.linkedin.com/js/analytics.js https://platform-akam.linkedin.com/js/analytics.js https://platform-ecst.linkedin.com/js/analytics.js https://platform-azur.linkedin.com/js/analytics.js static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; style-src 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; report-uri https://www.linkedin.com/platform-telemetry/csp?f=g 4
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri /error/js; img-src 'self' https: data:; 4
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.intele.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.intele.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se data:;media-src https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.intele.com https://fonts.googleapis.com 4
default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://wcdn.3cx.com https://d20hvw4zeymqbm.cloudfront.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wcdn.3cx.com https://www.googletagmanager.com https://d20hvw4zeymqbm.cloudfront.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com  https://login.3cx.com	 https://www.google-analytics.com https://ct.capterra.com tpc.googlesyndication.com pagead2.googlesyndication.com https://ssl.geoplugin.net https://services.3cx.com https://ajax.googleapis.com https://connect.facebook.net https://maps.googleapis.com www.gstatic.com;object-src 'none';img-src * data: blob:;connect-src 'self' https://wcdn.3cx.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net sipcy.3cx.com www.facebook.com translate.googleapis.com;child-src 'self' https://www.youtube.com; frame-src 'self' https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; block-all-mixed-content; report-uri /csp/; 4
script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 4
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net https://*.usercentrics.eu ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 4
default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl www.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com ads.creative-serving.com www.browsealoud.com static2.creative-serving.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com www.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl www.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.r42tag.com admin.relay42.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com secure.zilverenkruis.nl;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl;manifest-src 'self' ;block-all-mixed-content; 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://platform.twitter.com https://plusone.google.com https://facebook.com https://platform.twitter.com https://apis.google.com https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://use.fontawesome.com https://stats.wp.com https://s0.wp.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://secure.gravatar.com; img-src 'unsafe-inline' 'self' https://pixel.wp.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.fontawesome.com https://fonts.gstatic.com https://wordpress.com data:; frame-src 'self' https://www.google.com; 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com *.abtasty.com ajax.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com; connect-src 'self' *.dynatrace.com *.abtasty.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com; img-src 'self' *.abtasty.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 4
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 3
default-src 'self' data: blob: *.tiktokcdn.com *.akamaized.net *.muscdn.com *.tiktok.com *.musical.ly *.byteoversea.com *.ibytedtos.com;connect-src *.google-analytics.com *.ibytedtos.com *.bytedanceapi.com *.tiktokv.com *.snssdk.com *.tiktok.com *.musical.ly *.byteoversea.com *.tiktokcdn.com *.hypstarcdn.com *.bytedance.net;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.bytedance.com *.byteoversea.com *.ibytedtos.com *.ipstatp.com *.tiktok.com *.tiktokcdn.com *.hypstarcdn.com *.googletagmanager.com *.google-analytics.com *.akamaized.com *.muscdn.com *.googleapis.com *.sgpstatp.com;style-src 'unsafe-inline' *.tiktokcdn.com *.muscdn.com *.akamaized.net *.ibytedtos.com *.tiktok.com *.ibyteimg.com;img-src data: *.muscdn.com *.akamaized.net *.tiktokcdn.com *.ibytedtos.com *.ibyteimg.com *.musical.ly *.tiktok.com *.hypstarcdn.com *.facebook.com *.byted.org *.google-analytics.com;frame-src *.tiktok.com;media-src blob: *.tiktokcdn.com *.akamaized.net *.muscdn.com *.ibytedtos.com *.musical.ly *.byted.org;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=tiktok_web 3
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 3
report-uri /ab/csp/index; report-to csp-endpoint 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 3
report-uri https://wombat.smartsheet.com/www; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.salesforceliveagent.com *.youtube.com *.techtarget.com *.ytimg.com *.optimizely.com *.google.com *.gstatic.com *.cookiebot.com *.driftt.com *.marketo.net *.nr-data.net *.google-analytics.com *.googletagmanager.com *.6sc.co *.facebook.net *.inspectlet.com *.licdn.com *.ads-twitter.com *.tvsquared.com *.demandbase.com *.impactradius-event.com *.adnxs.com *.steelhousemedia.com *.g2crowd.com *.newrelic.com *.min.js *.licdn.com *.twitter.com; connect-src 'self' *.amazonaws.com *.i215020.net *.mktoresp.com *.optimizely.com *.6sc.co *.company-target.com *.inspectlet.com *.6sense.com *.nr-data.net; frame-src 'self' *.youtube.com *.optimizely.com *.cookiebot.com *.driftt.com *.doubleclick.net *.facebook.com; img-src 'self' *.ytimg.com *.techtarget.com *.smartsheet.com *.adsymptotic.com *.google-analytics.com *.doubleclick.net *.google.com *.turn.com *.bttrack.com *.co *.linkedin.com *.tvsquared.com *.bidr.io *.facebook.com *.company-target.com *.intentiq.com *.adsrvr.org *.demdex.net *.driftt.com; style-src 'self' 'unsafe-inline'; prefetch-src 'self' *.optimizely.com; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 3
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 3
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 3
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 3
default-src 'self' 'unsafe-inline' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.drift.com *.driftt.com *.kinstacdn.com api.intellimize.co www.google-analytics.com www.instagram.com www.googleadservices.com *.quoracdn.net www.google.com *.googleapis.com snap.licdn.com googleads.g.doubleclick.net rum-static.pingdom.net *.wistia.com *.wistia.net api.greenhouse.io cdn.segment.com https://cdn.split.io cdn.madkudu.com cdn.bizible.com ga.clearbit.com app-sj27.marketo.com widget.drift.com *.jquery.com https://www.google-analytics.com https://www.googletagmanager.com *.quora.com *.hsforms.com *.hsforms.net munchkin.marketo.net s.adroll.com d.adroll.mgr.consensu.org d.adroll.com *.facebook.net static.ads-twitter.com *.twitter.com twitter.com *.6sc.co *.dca0.com *.twimg.com tpc.googlesyndication.com use.typekit.net drift.referralrock.com gateway.on24.com; img-src 'self' 'unsafe-inline' data: * ; report-uri https://o13824.ingest.sentry.io/api/5269096/security/?sentry_key=e9bb6faf1b4c4ce1927908a451904d1d 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 3
default-src 'self'; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com www.google.com/jsapi *.facebook.net *.facebook.com *.recaptcha.net *.gstatic.com; connect-src 'self' sentry.io 3
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation 3
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 3
default-src 'self'; script-src 'self' 3
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 3
report-uri https://csp.edipresse.pl/report/polki; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset: 3
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 3
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' https://charts3.equitystory.com https://socialcloud.bertelsmann.com https://www.youtube.com https://*.rtl.de; connect-src 'self' wss://*.bertelsmann.de https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net; report-uri https://deniol2415.nionex.net/report-uri.php 3
default-src 'none'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com; img-src data: blob: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; frame-ancestors 'self'; report-uri https://www.linkedin.com/lite/contentsecurity?f=ms 3
default-src 'self' *.thunderhead.com *.facebook.com bam.nr-data.net *.mouseflow.com *.mktorest.com *.mktoresp.com *.consensu.org bid.g.doubleclick.net *.omtrdc.net *.demdex.net *.youtube.com *.marketo.com *.onetrust.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com fast.gehealthcare.demdex.net dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gehealthcare.sc.omtrdc.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com cm.everesttech.net static.cloud.coveo.com *.thunderhead.com google.com googleads.g.doubleclick.net *.evidon.com *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com; img-src * data:; media-src 'self' cdn.cytivalifesciences.com *.youtube.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; report-uri https://www.cytivalifesciences.com/api/csp/report 3
Content-Security-Policy-Report-Only: default-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.google.com/ https://ajax.aspnetcdn.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://www.gstatic.com/ https://www.google-analytics.com/ https://api.flickr.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://connect.facebook.net/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://www.redditstatic.com/ https://ssl.google-analytics.com/ga.js https://ssl.google-analytics.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/; style-src 'self' data: 'unsafe-inline' https://services.postcodeanywhere.co.uk https://fonts.googleapis.com/; img-src * ; upgrade-insecure-requests; report-uri https://3chillies.report-uri.io/r/default/csp/reportonly; 3
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com script.crazyegg.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 3
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.disqus.com *.disquscdn.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.pinterest.com *.youtube.com disqus.com s.ytimg.com stephband.info https://thirdhour.org; connect-src https:; font-src data: https:; form-action https:; frame-src https:; child-src https:; img-src data: https:; manifest-src https:; media-src https:; object-src https:; upgrade-insecure-requests 3
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 3
font-src data: *.klaviyo.com *.gstatic.com *.trustedshops.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.klaviyo.com *.jsctool.com *.stripe.com *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it *.google.com *.maxcluster.net *.payments-amazon.com *.amazon.de *.amazon.com *.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.pinterest.com *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it *.google.com *.google.at *.doubleclick.net *.googletagmanager.com *.trustedshops.com data: blob: *.klaviyo.com *.cloudfront.net *.lgw.io *.amazon.com *.ssl-images-amazon.com *.media-amazon.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.pinimg.com *.googletagmanager.com *.klaviyo.com *.pinterest.com polyfill.io *.a.klaviyo.com *.payments-amazon.com *.ratepay.com *.stripe.com *.google.com *.trustedshops.com *.newrelic.com *.nr-data.net *.facebook.net *.hotjar.com *.doubleclick.net *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klaviyo.com *.googleapis.com *.ratepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.pinterest.com *.klaviyo.com *.amazon.com *.amazon.de *.amazon.fr *.amazon.it *.ratepay.com *.cookie-script.com *.google-analytics.com *.g.doubleclick.net *.trustedshops.com *.etrusted.com *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it *.hotjar.com *.nr-data.net *.facebook.com 'self' 'unsafe-inline'; child-src *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; img-src 'self' https://d300tb5wusuhi2.cloudfront.net https://assets.abenity.com https://a.tiles.mapbox.com https://abenity.s3.amazonaws.com https://abs.twimg.com https://api.mapbox.com https://b.tiles.mapbox.com https://bam.nr-data.net https://chart.apis.google.com https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://i.ytimg.com https://img.youtube.com https://s3.amazonaws.com https://stats.g.doubleclick.net https://syndication.twitter.com https://www.google-analytics.com https://www.gstatic.com; font-src 'self' https://cloud.typography.com https://fast.wistia.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com; object-src 'self' https://embedwistia-a.akamaihd.net; connect-src 'self' 'unsafe-eval' https://d300tb5wusuhi2.cloudfront.net https://a.tiles.mapbox.com https://api.abenity.com https://api.mapbox.com https://bam.nr-data.net https://distillery.wistia.com https://distillery.wistia.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://events.mapbox.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.ontraport.com https://api.mapbox.com https://app.wistia.com https://bam.nr-data.net https://cdn.walkme.com https://distillery.wistia.com https://fast.wistia.com https://js-agent.newrelic.com https://optassets.ontraport.com https://platform.twitter.com https://s3.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.s3.amazonaws.com https://api.mapbox.com https://cloud.typography.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://use.fontawesome.com; media-src 'self'  https://d300tb5wusuhi2.cloudfront.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net blob:; frame-src 'self'  https://abenityinc.freshdesk.com https://docs.google.com https://fast.wistia.com https://fast.wistia.net https://platform.twitter.com https://www.google.com https://www.youtube.com; report-uri https://api.abenity.com/public/csp-logger.json 3
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 3
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com *.vk.com an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.yandex.net data: mail.ru ok.ru strm.yandex.ru vk.com *.vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=02.07.20; 2
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 2
default-src * data: 'unsafe-eval' 'unsafe-inline'; report-uri https://o378271.ingest.sentry.io/api/5201427/security/?sentry_key=b97b30d6fd6244419f1e761e6f6f319a 2
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.digitaltrends.com/collector/nr.php?ctx=csp-violation 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /esaondemand/csp2.php 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2
frame-ancestors https://*.so-net.ne.jp http://*.so-net.ne.jp https://*.sonynetwork.co.jp https://*.sony.com https://*.sony.co.jp https://*.sonymobile.co.jp http://postpet.jp; report-uri /cgi-bin/csp-reports.cgi 2
block-all-mixed-content; frame-ancestors 'self' https://*.rte.ie https://*.rtegroup.ie; report-uri https://rte.report-uri.com/r/t/csp/reportOnly 2
frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://pro2-view.myportfolio.com/v1/errors/csp 2
default-src 'none'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; form-action 'self'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://anthro.amnh.org https://event.yoochoose.net https://p.typekit.net https://ssl.gstatic.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com; media-src 'self' https://media.amnh.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.js http://www.google.com/coop/cse/brand https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js https://anthro.amnh.org/inc_img1.js https://cdn.yoochoose.net/yc.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.11.1/TweenLite.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.11.1/easing/EasePack.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.11.1/plugins/CSSPlugin.min.js https://collector-2328.tvsquared.com/tv2track.js https://connect.facebook.net/en_US/all.js https://connect.facebook.net/en_US/fbevents.js https://fullstory.com/s/fs.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1058843650/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/810443679/ https://nexus.ensighten.com/choozle/6327/Bootstrap.js https://platform.twitter.com/widgets.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPBjLfx/www-widgetapi.js https://secure.quantserve.com/quant.js https://static.ads-twitter.com/uwt.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/element/TE_20190506_00/e/js/element/element_main.js https://translate.googleapis.com/element/TE_20190724_00/e/js/element/element_main.js https://translate.googleapis.com/translate_a/l https://translate.googleapis.com/translate_static/js/element/main.js https://use.typekit.net/uon2mtr.js https://use.typekit.net/wlt2zdx.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' https://cloud.typography.com/6642712/7002572/css/ https://fonts.googleapis.com/ https://translate.googleapis.com/translate_static/css/ 2
default-src *.nic.ir 'unsafe-inline'; img-src *.nic.ir https://webchat.nic.ir:8080; font-src *.nic.ir 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 2
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: www.waterstones.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: subwayblaze.com waterstones.zendesk.com www.google-analytics.com client-analytics.braintreegateway.com ekr.zdassets.com www.paypal.com nikkomsgchannel api.braintreegateway.com static.zdassets.com plugin.ucads.ucweb.com gjtrack.ucweb.com savingsslider-a.akamaihd.net static.waterstones.com bam.nr-data.net stats.g.doubleclick.net payments.braintree-api.com; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: www.waterstones.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: secure7.arcot.com www.securesuite.co.uk pwm-image.trendmicro.com ssl.kaptcha.com secure5.arcot.com secure4.arcot.com www.zenaps.com ott9.wpstn.com www.eventbrite.co.uk www.youtube.com anchor.fm www.google.com www.waterstones.com assets.braintreegateway.com www.paypal.com authentication.cardinalcommerce.com tke9.wpstn.com mozbar.moz.com www.googletagmanager.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: static3.avast.com cdnjs.cloudflare.com fonts.gstatic.com static.waterstones.com www.waterstones.com use.typekit.net cdn.honey.io; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: appslinker.net www.eventbrite.co.uk bam.nr-data.net gohimu.kawebezija.com data1.pictdog.com ucads-cdn.ucweb.com static.zdassets.com fuhupo.lohuwomenu.com kidulefu.kizexiroci.com bvpkrsi.0yrvtrh.com veyupe.kizexiroci.com www.waterstones.com yastatic.net data1.nedmaf.com data1.ratuple.com www.google.com data2.klastaf.com nevinixu.hirizasune.com data2.nedmaf.com wufiruni.lohuwomenu.com www.gstatic.com data1.grepart.com security-za.mimecast.com vadilixi.tipupivejo.com data1.vomesq.com data2.emizol.com data2.vomesq.com data1.biilut.com data1.emizol.com searches091223-a.akamaihd.net www.zenaps.com macunogo.kawebezija.com js.braintreegateway.com maps.googleapis.com vehaku.tipupivejo.com data2.biilut.com data2.grepart.com www.dwin1.com bat.bing.com data1.oitep.com lkysearchex21017-a.akamaihd.net www.paypal.com www.google-analytics.com static.waterstones.com rialto-gms.s3.amazonaws.com www.paypalobjects.com data1.liesking.com js-agent.newrelic.com gateway.zscloud.net lkysearchex91221-a.akamaihd.net lsbvx.z6airr.com data2.pictdog.com data1.myloap.com data1.bmi-result.com nhke1x6.0yrvtrh.com www.googletagmanager.com data2.myloap.com wusote.hirizasune.com data1.klastaf.com siteprerender.com vuduxo.raxanixuru.com cache-check.net data1.arirs.com denypage.nsix.org.uk widget-mediator.zopim.com connect.facebook.net data2.gribul.com fidoapi.com data2.liesking.com data2.arirs.com data1.ablapol.com data2.ablapol.com block.lgfl.org.uk data1.gribul.com www.pagespeed-mod.com 7375mjge0ao-a.akamaihd.net data1.plicifa.com data2.oitep.com data2.bmi-result.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: t.paypal.com log.pinterest.com static.waterstones.com appslinker.net bam.nr-data.net cdn.waterstones.com www.facebook.com www.topcashback.co.uk s3-eu-west-1.amazonaws.com notifier.gobsmackcreative.com bat.bing.com www.googletagmanager.com www.awin1.com www.google-analytics.com www.paypalobjects.com www.zenaps.com canvaspl-a.akamaihd.net denypage.nsix.org.uk www.gstatic.com khms1.googleapis.com stats.g.doubleclick.net s3.amazonaws.com maps.googleapis.com i.ytimg.com khms0.googleapis.com a61a085359000702575d-1091780f292ed74c8a63cc6ff151398e.ssl.cf3.rackcdn.com translate.google.com maps.gstatic.com www.waterstones.com emails.waterstones.com d3dea2c333905a9f99b7-94cf852c68336a8656761bc7ce0b3973.r11.cf3.rackcdn.com www.tailwindapp.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: use.typekit.net static.waterstones.com p.typekit.net translate.googleapis.com fonts.googleapis.com pwm-image.trendmicro.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: static.zdassets.com; report-uri /csp_report 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 2
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 2
default-src 'none'; block-all-mixed-content; script-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.stripe.com *.mxpnl.com cdn.mxpnl.com *.filestackapi.com *.pusher.com *.optimizely.com cdn.optimizely.com *.google.com *.googleapis.com *.google-analytics.com https://www.google-analytics.com *.adroll.com *.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.cloudflare.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.gstatic.com https://boards.greenhouse.io 'unsafe-eval' 'unsafe-inline'; img-src * data: image/svg+xml image/png; style-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.googleapis.com 'unsafe-inline'; connect-src https: wss:; form-action 'self' https:; base-uri 'self'; font-src https://fonts.gstatic.com fh-sites.imgix.net data: 'self'; frame-src *.stripe.com *.filestackapi.com *.googletagmanager.com *.hotjar.com www.google.com airtable.com player.vimeo.com facebook.com https://boards.greenhouse.io fareharbor.com; object-src 'none'; report-uri /csp-report/ 2
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::PROD_FLOATING_v2_4_0_9_wybory 2
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 2
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 2
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport 2
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 2
frame-ancestors 'self'; report-uri https://accounts.humanity.com/reportcsp.php 2
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self' data: https: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' data: https: blob:; img-src 'self' data: https:; font-src 'self' data: https:; worker-src * blob:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; report-uri https://huffintl.report-uri.com/r/d/csp/reportOnly 2
default-src https:; report-uri https://dmzls-dub-mc.safe-installation.com/casino 2
connect-src * data:; font-src * data: chrome-extension:; frame-src 'self' * callto: chrome-error: data: endlessipc: gsa: nsb: mailto: sms: tel: whatsapp:; img-src * data: blob: 'unsafe-inline'; manifest-src 'self'; media-src 'self' https://img.jobs.ch; object-src 'self' https://img.jobs.ch data:; prefetch-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; worker-src 'self'; base-uri 'self' https://img.jobs.ch https://www.jobup.ch resource:; form-action 'self' https://www.jobcloud.ch https://www.facebook.com https://connect.facebook.net; navigate-to *; report-to unity-xp; report-uri https://o76802.ingest.sentry.io/api/166054/security/?sentry_key=0a006695b9724da380146d45dc995cde 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ytimg.com *.vimeo.com www.youtube.com www.google.com www.google.no assets.adobedtm.com sparebank1.d3.sc.omtrdc.net *.cicero.no *.sparebank1.no *.googletagmanager.com cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' *.sparebank1.no www.youtube.com services.cicero.no translate.googleapis.com; img-src 'self' *.ytimg.com secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net cm.everesttech.net www.facebook.com *.sparebank1.no *.boost.ai www.google.no www.google.com dpm.demdex.net resources.mynewsdesk.com www.googletagmanager.com www.gstatic.com data:; connect-src 'self' dpm.demdex.net *.cicero.no *.omtrdc.net *.brreg.no *.sparebank1.no www.mynewsdesk.com publish.ne.cision.com translate.googleapis.com; font-src 'self' *.sparebank1.no resources.mynewsdesk.com services.cicero.no data:; media-src 'none'; frame-ancestors 'self'; frame-src 'self' www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com *.vimeo.com assets.adobedtm.com *.demdex.net sparebank1.demdex.net www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no dbsnn.no www.googletagmanager.com *.doubleclick.net www.ident.nets.eu www.sb1fo.no www.webcruiter.no *.easycruit.com; report-uri /bin/logservlet 2
default-src 'none' ; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com https://*.247-inc.net https://*.adobedtm.com https://*.sc.omtrdc.net https://www.google-analytics.com https://ajax.googleapis.com https://searspartsdirect.btttag.com https://tags.tiqcdn.com https://static.criteo.net https://px.owneriq.net https://*.go-mpulse.net https://resources.xg4ken.com https://bat.bing.com https://*.criteo.com https://connect.facebook.net https://secure.quantserve.com https://www.googleadservices.com https://st1.dialogtech.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.bounceexchange.com https://apps.bazaarvoice.com; style-src https: 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com; font-src 'self' data: https://fonts.gstatic.com; connect-src https: 'self' https://*.ch3.s.com https://*.searspartsdirect.io https://searspartsdirectapis.com https://*.247-inc.net; child-src https: 'self' https://armadillo.xyz https://www.searshomeservices.com https://*.247-inc.net https://youtube.com https://assets.bounceexchange.com https://px.owneriq.net https://d.btttag.com; object-src 'self'; worker-src 'self' blob:; manifest-src 'self'; img-src https: data:; frame-ancestors 'self'; report-uri https://31a2c7fb54d38ca48f49546888bdc42f.report-uri.com/r/d/csp/reportOnly 2
connect-src 'self' logx.optimizely.com *.optimizely.com *.maginfrastructure.com www.google-analytics.com capture.trackjs.com www.facebook.com stats.g.doubleclick.net *.holidayextras.co.uk serve.vdopia.com/adserver/html5/inwapads https://*.hotjar.com:* wss://*.hotjar.com https://*.hotjar.io performance.typekit.net https://ssp.lkqd.net/ad *.springserve.com vid.pubmatic.com adservice.google.com google.com/csi https://evtvpaid.bfmio.com reachms.bfmio.com/getmu ads.contextweb.com/TagPublish/getvideo.aspx s3-eu-west-1.amazonaws.com/live-climate magairportlimited.nanorep.co *.boldchat.com wss://websocket-eu.bold360.com;frame-src 'self' *.optimizely.com *.fls.doubleclick.net vars.hotjar.com www.googletagmanager.com www.facebook.com www.thetrainline.com www.google.com servedby.flashtalking.com airporttransfers.eastmidlandsairport.com ebooker.arrowprivatehire.co.uk www.rentalcars.com airporttransfers.manchesterairport.co.uk travelmoney.travelex.co.uk imasdk.googleapis.com/js/core/bridge3.274.0_en.html vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com *.maginfrastructure.com;img-src 'self' cdn.optimizely.com assets.live.web.maginfrastructure.com live-webadmin-media.s3.amazonaws.com live-mag-web-assets.s3.eu-west-1.amazonaws.com test-webadmin-media.s3.amazonaws.com s3-eu-west-1.amazonaws.com www.google-analytics.com nova.collect.igodigital.com www.facebook.com usage.trackjs.com p.typekit.net mag-retail-media-live.s3.amazonaws.com bat.bing.com pixel.quantserve.com *.g.doubleclick.net t.co www.google.com www.google.co.uk *.cpx.to *.adnxs.com *.avocet.io p.travelsmarter.net image2.pubmatic.com scontent.cdinstagram.com tag.yieldoptimizer.com idsync.rlcdc.com pixel.rubiconproject.com ad.yieldlab.net/m tag.adaraanalytics.com rtb.gumgum.com/usersync ik.imagekit.io i.ytimg.com www.google.ie www.googletagmanager.com about: data: vcc-eu2.8x8.com images-eu.boldchat.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.optimizely.com https://www.googletagmanager.com www.googletagservices.com www.google-analytics.com www.google.com cdn.trackjs.com static.hotjar.com script.hotjar.com 10959453.collect.igodigital.com/collect.js cdn3.optimizely.com connect.facebook.net tag.yieldoptimizer.com use.typekit.net inpref.s3.amazonaws.com securepubads.g.doubleclick.net platform.twitter.com *.cpx.to rules.quantcount.com static.ads-twitter.com analytics.twitter.com www.gstatic.com adservice.google.co.uk adservice.google.com secure.quantserve.com bat.bing.com *.doubleclick.net www.googleadservices.com vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com https://www.youtube.com https://s.ytimg.com *.maginfrastructure.com *.google.ie polyfill.io *.boldchat.com magairportlimited.nanorep.co;style-src 'self' 'unsafe-inline' static.tacdn.com www.surveygizmo.eu fonts.googleapis.com data:; report-uri https://webevo.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im https://www.youtube.com/iframe_api *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im https://www.youtube.com/iframe_api *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com api.amplitude.com *.nr-data.net wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com api.unsplash.com risk.clearbit.com; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat; child-src 'self' * https://www.sutori.com *.stripe.com https://accounts.google.com/o/oauth2/postmessageRelay https://accounts.google.com/o/oauth2/iframe https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com; manifest-src assets.sutori.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_18b63ca15d30d07792e58c1ca8af61ce 2
default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
default-src 'self' https://cdn.worden.com https://fonts.gstatic.com https://stats.g.doubleclick.net data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://cdn.worden.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.worden.com; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://stg.axaxl.com https://cdnjs.cloudflare.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com; report-uri https://stg.axaxl.com/cspviolation; report-to https://stg.axaxl.com/cspviolation 2
default-src https: data: 'unsafe-inline'; report-uri https://3j40yr1pel.execute-api.us-east-1.amazonaws.com/prod/report-only 2
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2
default-src 'self'; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://www.google-analytics.com https://performance.typekit.net https://*.mapbox.com; font-src 'self' https://wp-static.assets.sh https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com/; img-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.be https://www.google.com https://p.typekit.net blob: data:; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh; script-src 'self' 'unsafe-inline' https://polyfill.io https://wp-static.assets.sh https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://www.googletagmanager.com https://www.google-analytics.com https://use.typekit.net https://api.mapbox.com https://stats.g.doubleclick.net https://c52.livecom.net; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://fonts.googleapis.com https://api.mapbox.com https://c52.livecom.net https://p.typekit.net https://use.typekit.net; worker-src 'self' https://wp-static.assets.sh blob:; frame-ancestors 'none'; form-action 'self'; report-uri https://mrhenry.report-uri.com/r/d/csp/reportOnly 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 2
child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2
default-src 'self' https:; child-src 'self' https: https://cdn.ampproject.org; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://www.googletagservices.com https://cdn.doubleverify.com; style-src 'self' https: 'unsafe-inline'; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=76103b58&report_only=true&env=production 2
default-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.op.nl; connect-src 'self' *.ondernemersplein.kvk.nl *.flagship.io ariane.abtasty.com sentry.io vc.hotjar.io in.hotjar.com; img-src 'self' data: *.ondernemersplein.kvk.nl www.rvo.nl opendata.nederlandwereldwijd.nl ariane.abtasty.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com i.ytimg.com; style-src 'self' 'unsafe-inline' *.ondernemersplein.kvk.nl www.gstatic.com fonts.googleapis.com tagmanager.google.com; frame-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl opendata.ondernemersplein.nl www.youtube.com vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ondernemersplein.kvk.nl www.google-analytics.com www.googletagmanager.com www.gstatic.com *.flagship.io ariane.abtasty.com static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com; report-uri https://sentry.io/api/1234272/security/?sentry_key=f23f8584f25343e3baed391826c1e5ba&sentry_environment=productie 2
frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com; report-uri /include/cspreport.asp 2
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://www.google-analytics.com; script-src 'self' https://code.jquery.com https://unpkg.com https://ajax.googleapis.com  https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io; worker-src 'none'; object-src 'none'; child-src 'self' https://*.hotjar.com; frame-ancestors 'none'; require-trusted-types-for 'script'; report-uri https://6b9bd67a5d12e80932d2fa38658ae1fc.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; style-src 'self' 'unsafe-inline' ws1.postescanada-canadapost.ca tpc.googlesyndication.com creator.zmags.com fonts.googleapis.com cdn1.lavieenrose.com cdn1.bikinivillage.com snapwidget.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.zopim.com static.hotjar.com script.hotjar.com *.rfihub.net *.rfihub.com cdn.districtm.ca secure.adnxs.com libs.na.bambora.com *.postescanada-canadapost.ca amik.postaffiliatepro.com snapwidget.com cdn1.lavieenrose.com cdn1.bikinivillage.com s7.addthis.com m.addthisedge.com m.addthis.com maps.googleapis.com creator.zmags.com c.zmags.com www.google-analytics.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com d.impactradius-event.com www.googletagmanager.com pixel.adacado.com js-agent.newrelic.com bam.nr-data.net secure.quantserve.com rules.quantcount.com; font-src data: 'self' *.zopim.com fonts.gstatic.com cdn1.lavieenrose.com cdn1.bikinivillage.com; img-src data: 'self' www.google.nl www.google.fr www.google.com www.google.ca www.google-analytics.com www.gstatic.com gstatic.com maps.gstatic.com www.googltagmanager.com maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net dmx.districtm.ca secure.adnxs.com cdn.na.bambora.com www.addthis.com m.addthis.com *.zopim.com *.zopim.io creator.zmags.com c.zmags.com ws1.postescanada-canadapost.ca *.bikinivillage.com *.lavieenrose.com connect.facebook.net www.facebook.com static.hotjar.com script.hotjar.com vars.hotjar.com insights.hotjar.com pixel.quantserve.com; frame-src 'self' 'unsafe-eval' *.rfihub.com vars.hotjar.com libs.na.bambora.com *.lavieenrose.com gsa://onpageload *.doubleclick.net player.vimeo.com connect.facebook.net snapwidget.com www.facebook.com s7.addthis.com bid.g.doubleclick.net; connect-src 'self' wss://*.zopim.com insights.hotjar.com wss://*.hotjar.com www.google.com www.google.ca *.zopim.com ws1.postescanada-canadapost.ca *.zmags.com stats.g.doubleclick.net s7.addthis.com m.addthis.com www.google-analytics.com; media-src 'self' *.zopim.com; report-uri /csp-report; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' https://*; style-src 'self' 'unsafe-inline' https://*; img-src * 'self' https://*; font-src * 'self' https://*; connect-src https://*; frame-src https://* 2
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://*.googlesyndication.com https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://adservice.google.es https://cdn.ampproject.org http://platform.twitter.com https://*.googlesyndication.com https://cdn.curator.io https://www.googleadservices.com https://www.googletagmanager.com https://survey.g.doubleclick.net https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://lib.selfcampaign.com https://securepubads.g.doubleclick.net https://api.mapbox.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://cdnjs.cloudflare.com https://api.mapbox.com; img-src 'self' https://www.commercialmotor.com https://www.google.com https://www.google.co.uk https://www.google.es https://*.googlesyndication.com data: https://*.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://lib.selfcampaign.com https://c1.adform.net https://match.adsrvr.org https://track2.selfcampaign.com https://track.selfcampaign.com https://syndication.twitter.com; frame-src 'self' https://www.youtube.com https://*.googlesyndication.com/ https://delivery.selfcampaign.com https://platform.twitter.com; connect-src 'self' https://*.g.doubleclick.net https://*.gstatic.com https://*.curator.io https://api.mapbox.com; report-uri https://rtmcommercialmotors.report-uri.com/a/d/g; upgrade-insecure-requests 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 2
default-src 'self' 'unsafe-inline' *.typekit.net *.google.com *.gstatic.com *.marshmma.com *.cloudinary.com *.wistia.net *.cloudflare.com *.jsdelivr.net *.google-analytics.com *.googletagmanager.com 2
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com;  2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
default-src https:; font-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
default-src 'none';script-src 'self' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com https://storage.googleapis.com www.youtube.com *.ytimg.com https://az416426.vo.msecnd.net https://www.snapengage.com *.sleeknote.com 'sha256-/T8ei2agBozQQf3bDP88s4kGQHpPZ895F7C9leXiAuI=' 'sha256-84SdRJ3V5kHdFpCNyPHV65PvbVR7CrU+frk6XrjiJYk=' 'sha256-tlnnbbyW1jYRDa/xbAikIzyAehZr5yVUewyVV0ES5Fo=' 'sha256-YMXr6nR4Y24J/A3BV0rsAejvq8rQNrZPFXrMwPNInMY=' 'sha256-dZB5CgpmP37thT2f4phKMohGYLl6vnHS9aV6jLXI/Ww=' 'sha256-270dzOys3KjArpkwzugCwnTIScNZF0OAftN0dXMjFn0=' 'sha256-YdzAfGxOs9AMecT6I4/YEdEWdLYO3yZER2AJxJle9Wg=' 'sha256-pDSwtKqiYezpPoJIKuKQi7lyp3nPhHS+zVOEt81jLe0=';object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-PLhQ1IguHjjEeFz1rcHAp1G0kdXEviAPtpMGhKEoxLw=' 'sha256-NJ45L53GQHjbanjFYsFzNI6wUt9suktEt2cgKsSVXPI=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=';img-src 'self' https://www.google-analytics.com https://storage.googleapis.com;media-src 'none';frame-src 'self' www.youtube.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;connect-src 'self' https://api.ipgeolocation.io https://dc.services.visualstudio.com;child-src www.youtube.com;form-action 'self' https://az416426.vo.msecnd.net https://www.snapengage.com;worker-src 'self' blob:;report-uri /api/csp-report/log 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
font-src https://stackpath.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.google.com https://assets.braintreegateway.com https://tst.kaptcha.com https://ssl.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://apps.ezprints.com https://maps.gstatic.com https://bat.bing.com https://sca1.listrakbi.com https://s1.listrakbi.com https://fp.listrakbi.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://cdn.listrakbi.com https://s1.listrakbi.com https://at1.listrakbi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://stackpath.bootstrapcdn.com https://cdn.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com https://payments.sandbox.braintree-api.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.braintree-api.com https://client-analytics.braintreegateway.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.authorize.com *.facebook.net *.facebook.com *.driftt.com *.bootstrapcdn.com *.hubspot.com *.authorize.net *.mailchimp.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.iglobalstores.com *.authorize.net *.spreedly.com *.driftt.com *.hubspot.com *.getbread.com *.hotjar.com www.paypal.com paypal.com *.braintree-api.com *.braintreegateway.com *.addthis.com *.youtube.com www.youtube.com *.online-metrix.net *.signifyd.com *.demdex.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.ytimg.com *.s3.amazonaws.com *.amazonaws.com *.driftt.com *.klaviyo.com *.g.doubleclick.net *.hubspot.com *.authorize.net *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.signifyd.com *.e.aa.online-metrix.net *.bbb.org *.facebook.net *.facebook.com *.hotjar.com *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.secure.force.com *.mailchimp.com cm.everesttech.net *.demdex.net amcglobal.sc.omtrdc.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; script-src *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.spreedly.com *.zonos.com *.yotpo.com *.braintreegateway.com *.bootstrapcdn.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.facebook.net *.facebook.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com www.paypal.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com chimpstatic.com *.mailchimp.com mc.us18.list-manage.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.klaviyo.com *.bootstrapcdn.com *.driftt.com *.authorize.net display.ugc.bazaarvoice.com *.signifyd.com *.facebook.net *.facebook.com *.mailchimp.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.zonos.com *.yotpo.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com www.paypal.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com *.braintreegateway.com chimpstatic.com *.mailchimp.com *.demdex.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://csp.rcahms.gov.uk/ncap-live; 2
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; connect-src 'self' blob: https://*.video-cdn.net; font-src 'self' https://*.video-cdn.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://web-static.viega.com https://*.video-cdn.net https://www.youtube.com; img-src 'self' data: https://web-static.viega.com https://viegade01.wt-eu02.net https://viega01.webtrekk.net https://*.video-cdn.net https://maps.gstatic.com https://*.googleapis.com; media-src 'self' https://videocdn-blob-1.akamaized.net https://videocdnvod1-vh.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.video-cdn.net https://www.youtube.com https://s.ytimg.com https://maps.googleapis.com https://e.issuu.com https://responder.wt-safetag.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net; plugin-types application/pdf 2
report-uri /_/csp-reports 2
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://*.idc.com https://*.insideidc.com; script-src about: 'unsafe-inline' 'unsafe-eval' 'self' https://*.idc.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.gstatic.cn https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.youtube.com https://*.ytimg.com https://*.insideidc.com https://d1f8f9xcsvx3ha.cloudfront.net https://platform.twitter.com https://cdn.syndication.twimg.com https://*.hotjar.com https://*.addevent.com https://addthisevent.com https://*.wootric.com https://munchkin.marketo.net https://*.recaptcha.net https://consent.trustarc.com https://consent.truste.com https://api.map.baidu.com https://*.typekit.net; img-src data: blob: https: https://*.google-analytics.com https://stats.g.doubleclick.net; style-src 'unsafe-inline' 'self' https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net https://platform.twitter.com; frame-src https: 'self' https://*.idc.com https://*.insideidc.com https://*.youtube.com https://*.idc-cema.com https://*.googleapis.com https://*.gstatic.com https://*.brainshark.com https://*.vimeo.com https://*.qq.com https://*.knowledgevision.com; font-src https: 'self' data: https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net; connect-src 'self' https://*.idc.com https://*.insideidc.com https://*.onfastspring.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.wootric.com https://wootric-eligibility.herokuapp.com https://081-atc-910.mktoresp.com https://*.typekit.net; report-uri https://idcqa.report-uri.com/r/default/csp/reportOnly; 2
script-src 'self'; style-src 'self' https://use.fontawesome.com; frame-ancestors 'self' 2
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 2
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 2
default-src 'self' static.mazars.com; connect-src 'self' www.google-analytics.com ssl.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net; img-src 'self' data: static.mazars.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com i.ytimg.com i.vimeocdn.com scontent.cdninstagram.com https://googleads.g.doubleclick.net https://www.google.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' static.mazars.com fonts.googleapis.com; media-src 'self' static.mazars.com www.youtube-nocookie.com player.vimeo.com; script-src 'self' 'unsafe-inline' static.mazars.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net; font-src 'self' static.mazars.com fonts.gstatic.com; frame-src www.google.com www.youtube-nocookie.com player.vimeo.com; object-src 'none'; report-uri https://n6jufks9.uriports.com/reports/report 2
block-all-mixed-content; upgrade-insecure-requests; report-uri /_/csp-reports 2
default-src 'none';  script-src 'self';  connect-src 'self';  img-src 'self';  style-src 'self';  font-src; base-uri 'self';  form-action 'self' 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com; report-uri /csp-violation-report-endpoint/ 2
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report 2
default-src 'self' https://themes.googleusercontent.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/; report-uri /report-csp-violation 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.gstatic.com www.verasafe.com *.hsforms.net *.hsforms.com js.hsleadflows.net; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.cloudfront.net *.hsforms.com *.linkedin.com; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com forms.hsforms.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com forms.hubspot.com; report-uri /report-csp-violation 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-UVd1bfzbP7xrxtJSDHp//V/fO0IkNJkciQP0yeBrIPw=' 'sha256-sjHn4TEpK5Mg0DnixdVitXRrBEVkwGriDPnccbpj+Nw='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri / 2
default-src 'self' blob: https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static3.avast.com https://themes.googleusercontent.com https://*.quevi.nl https://stackpath.bootstrapcdn.com https://github.com https://s3-eu-west-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://s3-ap-northeast-1.amazonaws.com https://s3.amazonaws.com https://cdn.faceworks.nl https://abfcdn.azureedge.net; connect-src * data:; style-src-elem 'self' 'unsafe-inline' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.google.com https://www.google.com/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com https://netdna.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://*.buurtmonitor.nl https://*.incijfers.nl https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://platform.twitter.com https://ton.twimg.com https://*.quevi.nl https://hello.myfonts.net https://fonts.typotheque.com https://abfcdn.azureedge.net; script-src-elem 'self' 'unsafe-inline' data: https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.polyfill.io https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://d3js.org/ https://*.fontawesome.com https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google.nl https://www.google.com https://ssl.google-analytics.com https://ajax.microsoft.com https://diyini.junasonuku.com https://data1.khorel.com https://platform.twitter.com https://cdn.syndication.twimg.com https://data1.fedjuh.com https://www.gstatic.com https://nextextlink.com https://d3js.org https://www.google.com/jsapi https://*.quevi.nl https://maps.googleapis.com https://www.ergo-webreporting.com https://ajax.aspnetcdn.com https://siteimproveanalytics.com https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://www.google-analytics.com/analytics.js https://cdn.datatables.net/1.10.16/js/jquery.dataTables.min.js https://www.googletagmanager.com/gtm.js https://abfcdn.azureedge.net; style-src 'self' 'unsafe-inline' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://maxcdn.bootstrapcdn.com https://*.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://*.buurtmonitor.nl https://*.incijfers.nl https://fonts.google.com https://www.google.com https://www.google.nl https://use.typekit.net https://p.typekit.net https://netdna.bootstrapcdn.com https://*.quevi.nl https://hello.myfonts.net https://fonts.typotheque.com https://abfcdn.azureedge.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.polyfill.io https://www.google-analytics.com https://code.jquery.com https://cdn.jsdelivr.net https://*.fontawesome.com https://www.google.com https://ssl.google-analytics.com https://www.google.nl https://stackpath.bootstrapcdn.com https://d3js.org https://www.google.com/jsapi https://ajax.microsoft.com https://*.quevi.nl https://maps.googleapis.com https://www.ergo-webreporting.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://siteimproveanalytics.com https://www.google-analytics.com/analytics.js https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://cdn.datatables.net/1.10.16/js/jquery.dataTables.min.js https://www.googletagmanager.com/gtm.js https://abfcdn.azureedge.net; img-src * data: blob:; frame-src * data:; object-src * data:; report-uri https://api.abf.nl/api/cspreport 2
default-src https: wss: 'self'; script-src https: wss: 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src https: data: 'self'; font-src https: data: 'self'; report-uri /csp-report 2
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://firmsites.report-uri.com/r/t/csp/reportOnly 2
default-src * 'unsafe-eval' 'unsafe-inline'  data:;report-uri //pointman.alibaba.com/csp?app=ae_default 1
script-src 'nonce-vgNGz-CDSGndNnTCC3iRbQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 1
script-src 'nonce-ZRR5TTpMT96j38jM-ARAHA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:;  object-src 'self'; font-src https: data:; script-src 'nonce-08b6a679-d52f-414b-9f38-c2b24c0825b7' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=f719016837d3b7893151985edf24bda5 1
script-src 'nonce-76hCVYbUYnYSI98v5rr3wg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
object-src *.leboncoin.fr; frame-ancestors *.leboncoin.fr; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
default-src 'self' ; img-src * data: ; script-src 'unsafe-eval' 'self' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com data: ; connect-src 'self' www.google-analytics.com ssl.google-analytics.com ; media-src 'self' ; style-src 'self' fonts.googleapis.com tagmanager.google.com ; font-src 'self' fonts.gstatic.com data: ; frame-ancestors 'none' ; report-uri https://csp-report.postgresql.org/ 1
frame-src data: *.yandex.ru yastatic.net awaps.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net api-maps.yandex.ru blob: mc.yandex.ru 'self' media.adrcdn.com rest-api.bannerstorage.yandex.net forms.yandex.ru *.kinopoisk.ru auth.kinopoisk.ru *.mds.yandex.net tickets.widget.kinopoisk.ru widget.tickets.yandex.ru widget.tickets.yandex.kz widget.afisha.yandex.ru widget.afisha.yandex.kz video.yandex.ru player.video.yandex.net; media-src data: *.yandex.net yastatic.net *.adfox.ru *.adfox.yandex.ru *.cdn.yandex.net video.kinopoisk.ru; script-src 'unsafe-eval' ads.adfox.ru an.yandex.ru yastatic.net mc.yandex.ru 'unsafe-inline' api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz 'self' *.adfox.ru *.adfox.yandex.ru forms.yandex.ru auth.kinopoisk.ru sso.kinopoisk.ru sso.passport.yandex.ru https://ott.kinopoisk.ru:3001 tickets.widget.kinopoisk.ru widget.tickets.yandex.ru widget.tickets.yandex.kz widget.afisha.yandex.ru widget.afisha.yandex.kz video.kinopoisk.ru yastat.net; style-src 'unsafe-inline' yastatic.net blob: 'self' auth.kinopoisk.ru yastat.net; img-src 'self' data: an.yandex.ru favicon.yandex.net avatars-fast.yandex.net 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru media.adrcdn.com *.adrcntr.com amc.yandex.ru avatars.mdst.yandex.net avatars.mds.yandex.net awaps.yandex.net awaps.yandex.ru rest-api.bannerstorage.yandex.net ext.captcha.yandex.net *.cdn.yandex.net clck.yandex.ru ad.doubleclick.net kinopoisk-cm.s3.yandex.net mc.kinopoisk.ru st1.kp.yandex.net st2.kp.yandex.net st3.kp.yandex.net st4.kp.yandex.net st5.kp.yandex.net st6.kp.yandex.net st7.kp.yandex.net st8.kp.yandex.net st.kinopoisk.ru st.kp.yandex.net sso.kinopoisk.ru sso.passport.yandex.ru storage.mds.yandex.net ceditor.setka.io https://static-maps.yandex.ru www.tns-counter.ru ar.tns-counter.ru web-metrica.yandex.ru *.weborama.fr files.messenger.yandex.net; connect-src 'self' yastatic.net mc.yandex.ru an.yandex.ru strm.yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru awaps.yandex.net awaps.yandex.ru csp.yandex.net forms.yandex.ru http-check-headers.yandex.ru jstracer.yandex.ru *.kinopoisk.ru ott-widget.yandex.ru api.passport.yandex.ru sentry.iddqd.yandex.net static-mon.yandex.net proxy.video.yandex.net static.video.yandex.net files.messenger.yandex.net yandex.ru; child-src api-maps.yandex.ru blob: mc.yandex.ru; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; default-src 'self'; font-src 'self' *.adfox.ru *.adfox.yandex.ru yastatic.net; form-action 'self' forms.yandex.ru; object-src 'self' *.adfox.ru *.adfox.yandex.ru awaps.yandex.net awaps.yandex.ru rest-api.bannerstorage.yandex.net betastatic.yandex.net storage.mds.yandex.net yastatic.net; manifest-src 'self' yastatic.net; prefetch-src 'self' yastatic.net; report-uri https://csp.yandex.net/csp?from=kinopoisk&project=kinopoisk&yandexuid=392023431592741003; 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::COVID_19_2_8_X_NA_AUTOMATYZACJA 1
script-src 'nonce-Rb7MCF0etiVZCUDvJlrraA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=145-4133812-3413649:rid=Y7FK6YMRGM3G8ECWHTSV:sn=www.audible.com 1
default-src 'self'; base-uri 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-wfJYYyxXe5AIXC9df1AXjg=='; style-src 'self' http: https: 'unsafe-inline'; connect-src 'self' http: https: data:; media-src 'self' http: https: blob: data:; frame-ancestors app.optimizely.com; frame-src 8294363.fls.doubleclick.net 9355701.fls.doubleclick.net/ a5935064.cdn.optimizely.com app.optimizely.com b.company-target.com bid.g.doubleclick.net c1.adform.net www.facebook.com fast.wistia.com fast.wistia.net js.driftt.com platform.twitter.com rollouts-markitecture.herokuapp.com subscriptions.smartrecruiters.com; font-src 'self' data: https: *.amazonaws.com/optimizely-marketing-site-assets-prod du7782fucwe1l.cloudfront.net fonts.gstatic.com js.driftt.com; img-src data: http: https: cdn.optimizely.com maps.gstatic.com; plugin-types application/pdf; object-src 'none'; report-uri https://cspreporter.optimizely.com/report/f2ef3de9-4cc8-4389-9b7c-6347689923e0 1
script-src 'self' 'unsafe-inline' 'nonce-rlbcNhN2zAgmA8FAQjufUSqdNqEIJbO5' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://cdn.botframework.com 'strict-dynamic' nonce-rlbcNhN2zAgmA8FAQjufUSqdNqEIJbO5; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ;  report-uri /csp-report 1
object-src 'none'; base-uri 'self' 'report-sample'; block-all-mixed-content; frame-ancestors 'self'; 1
script-src 'nonce-MR3oNBYKX0uBZVmgYvYCug' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 1
block-all-mixed-content ; report-uri /csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.ads-twitter.com https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://reveal.clearbit.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://search-api.swiftype.com https://s.swiftypecdn.com https://analytics.twitter.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net https://js.driftt.com/* 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-8ea052da8d72987e599ec257b000dc4f' 'sha384-7uqQfGVKWAthYOKjE4CToVZDjNGO+rxLDL5sFo1HUI3u+vwLmAinEM0/LcURoj1h' 'sha256-spTpc4lvj4dOkKjrGokIrHkJgNA0xMS98Pw9N7ir9oI=' 'sha384-4FS9nLDjKOPIgz/SgGvZV4C8RHHRyRP1Fb6ZW/XH/o8PFaviPmgzLc6kOS2GQ87x' 'sha384-3vojR0D/VZNPM9rutbkAQlVZeDVrc50TkyBVfVpqoZzVQpWA65x5mQXOij0vt2Cu' 'sha384-VI5+XuguQ/l3kUhh4knz7Hxptx47wpQbVRDnp8v7Vvuhzwn1PEYb/uvtH6KLxv6d' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src https://doordash.com https://analytics.google.com https://api.amplitude.com https://ct.pinterest.com https://p.tvpixel.com https://api.segment.io https://bat.bing.com https://www.facebook.com https://sentry.io https://bam.nr-data.net https://page-service-qa.doordash.com https://page-service.doordash.com https://cdn.doordash.com https://tn.alphonso.tv https://s3-design-language-system.cdn4dd.com https://logx.optimizely.com https://*.optimizely.com https://www.google-analytics.com https://www.doordash.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.order.online https://preview.trycaviar.com https://staging.trycaviar.com https://qa.trycaviar.com/ https://www.trycaviar.com https://trycaviar.com https://www.google.com; frame-ancestors 'self'; report-uri https://sentry.io/api/5175049/security/?sentry_key=c269bf7b8bc44929b43bbb29e11cece5&sentry_environment=qa; worker-src 'none' 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/wi/prod 1
default-src 'none'; block-all-mixed-content; connect-src https://*.huffingtonpost.co.uk https://*.huffingtonpost.com 'self'; frame-ancestors 'none'; img-src https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; media-src 'none'; script-src 'self' 'nonce-fsb6kL2j5CTIJboShe64No7sU7fgN2ST' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; style-src 'self' 'nonce-fsb6kL2j5CTIJboShe64No7sU7fgN2ST' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://website.amnesty.local:35729/ https://az416426.vo.msecnd.net/ http://dev.visualwebsiteoptimizer.com/ https://connect.facebook.net/ http://script.crazyegg.com/ http://maps.googleapis.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com http://*.civiccomputing.com/ http://*.hotjar.com http://www.google-analytics.com/; img-src * data:; style-src 'self' 'unsafe-inline' http://hello.myfonts.net/count/2c502a; report-uri /umbraco/api/contentsecuritypolicy/report/ 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https: easy-js:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:;report-uri https://collector.schibsted.io/api/v1/csp/aftonbladet/publishing/pro 1
font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tagesspiegel.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' 'unsafe-eval'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.sentry.io https://sentry.io report-sample;  default-src 'self' blob: data: *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.sentry.io https://sentry.io report-sample;  font-src 'self' 'unsafe-eval' data: *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com report-sample;  frame-src 'self'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com report-sample;  img-src 'self' data: blob: 'unsafe-inline' *; media-src 'self' data: blob: 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io report-sample;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io report-sample;  style-src 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com report-sample;  style-src-elem 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com report-sample;  block-all-mixed-content; report-uri https://sentry.io/api/2983595/security/?sentry_key=21fae161c11a42bb965ab8ccf544f1fd 1
block-all-mixed-content; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://cms.fordham.edu https://assets.fordham.edu https://bat.bing.com/bat.js https://us2.siteimprove.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.adhigh.net/p.js https://px.ads.linkedin.com https://scripts.ninjacat.io https://snap.licdn.com https://www.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://px.adhigh.net https://s.ytimg.com https://scripts.mymarketingreports.com https://libraryh3lp.com https://ds-aksb-a.akamaihd.net https://www.linkedin.com https://dc.ads.linkedin.com https://lgapi.libapps.com https://fw.cdn.technolutions.net https://cdn.syndication.twimg.com https://mx.technolutions.net https://synch.optimatic.com https://slate-technolutions-net.cdn.technolutions.net https://secure.adnxs.com https://consent.trustarc.com https://consent.truste.com https://platform.twitter.com https://gradadmissions.fordham.edu https://go.activecalendar.com;  report-uri https://jaduuat.fordham.edu/site/custom_scripts/fordham_csperrors.php 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp-endpoint/index 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.ca/ajax/csp-violation/action 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri https://csp.tmcdn.co.nz/report 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' www.sentry.dev www.googletagmanager.com www.google-analytics.com js.hs-analytics.net js.hs-scripts.com js.driftt.com connect.facebook.net assets.calendly.com js.hsforms.net js.hs-banner.com forms.hsforms.com player.vimeo.com cdn.optimizely.com www.redditstatic.com; connect-src 'self' sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com logx.optimizely.com; img-src 'self' www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net track.hubspot.com assets.calendly.com forms.hsforms.com q.quora.com alb.reddit.com www.facebook.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com a17258894091.cdn.optimizely.com; manifest-src 'self' www.sentry.dev; report-uri https://sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 1
default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 1
script-src 'self' lihkg.com 'unsafe-inline' adv.lih.kg cdn.lihkg.com *.cloudflare.com *.googlesyndication.com *.googletagservices.com www.google-analytics.com *.google.com *.doubleclick.net *.googleadservices.com *.ampproject.org *.gstatic.com www.youtube.com s.ytimg.com connect.facebook.net; frame-src 'self' lihkg.com pb.lihkg.com game.lihkg.com embed.lih.kg *.doubleclick.net *.googlesyndication.com *.google.com www.youtube.com *.facebook.com w.soundcloud.com; connect-src 'self' lihkg.com i.lih.kg adv.lih.kg api.na.cx img.eservice-hk.net www.google-analytics.com *.doubleclick.net *.googlesyndication.com cdn.ampproject.org *.gstatic.com *.googleapis.com *.cloudflare.com; worker-src blob:; report-uri https://report.lih.kg/csp?v=4 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src 'report-sample' 'nonce-dtkgtKdrz67elpuB9lKlXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/geo-discussion-forums-dispatch/ 1
script-src 'nonce-BsTNisLYV6VmSjGtVRteyQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/googleorg; base-uri 'none' 1
default-src * data: blob:;script-src *.workplace.com workplace.com *.fbcdn.net data: blob: 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com;style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com wss://*.workplace.com:* *.fbcdn.net blob: *.mktoresp.com *.workplace.tools;report-uri https://my.workplace.com/csp/reporting/ 1
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=e94f76f7830ce0579765a7c19fbfe6db 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com gfmcharity.wpengine.com *.gofundme.com *.crowdrise.com unpkg.com unpkg.com/react-dom@16.12.0/umd/react-dom.production.min.js unpkg.com/react@16.12.0/umd/react.production.min.js *.hs-growth-metrics.com *.hsadspixel.net *.hubapi.com seal.verisign.com cdn.datatables.net js.hscta.net forms.hsforms.com code.jquery.com *.greenhouse.io *.googletagmanager.com www.google.com www.googletagmanager.com/gtm.js?id=GTM-TDTFTZ ssl.google-analytics.com/ga.js *charity.gofundme.com  *.newrelic.com *.nr-data.net *.swiftype.com *.outbrain.com *.digicert.com *.polyfill.io *.swiftypecdn.com *.typekit.net  *.bootstrapcdn.com *.jsdelivr.net *.hsforms.net *.youtube-nocookie.com *.youtube.com  *.optimizely.com *.mxpnl.com *.cloudflare.com *.hsforms.net *.gstatic.com *.googleapis.com *.amazonaws.com *.mixpanel.com *.hs-scripts.com www.googleadservices.com *.adroll.com *.google.com *.gigya.com *.twitter.com *.ziggeo.com *.hubspot.com *.doubleclick.net *.facebook.com *.facebook.net static.ads-twitter.com bat.bing.com *.hsleadflows.net *.hs-analytics.net *.linkedin.com *.yahoo.com *.google-analytics.com *.alooma.com *.bizographics.com *.crowdrise.com *.licdn.com cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js twitter.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; connect-src 'self' google.com googletagmanager.com bat.bing.com *.crowdrise.com api.amplitude.com *.facebook.com analytics.google.com assets-charity.gofundme.com *.mixpanel.com *.hubapi.com *.hubspot.com *.alooma.com *.nr-data.net *.ziggeo.com *.twitter.com *.optimizely.com *.doubleclick.net *.google-analytics.com *.typekit.net api.amplitude.com *.facebook.com analytics.google.com; img-src 'self' https: data:;  report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp.wrike.com/csp-report?website 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' https://*.ee.co.uk https://ee.co.uk https://ee-outage.s3.amazonaws.com https://everythingeverywhere.tt.omtrdc.net https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.online-metrix.net https://*.lpsnmedia.net https://*.demdex.net https://*.criteo.net https://*.criteo.com https://ee-tagging.s3.amazonaws.com https://*.liveperson.net https://*.tt.omtrdc.net https://a.optmnstr.com https://api.opmnstr.com https://*.tags.tiqcdn.com https://t.co https://*.facebook.com https://*.facebook.net https://bat.bing.com https://ee-dtp-static.s3.amazonaws.com https://*.twitter.com https://*.reevoo.com https://*.ads-twitter.com https://static.queue-it.net https://*.gstatic.com https://*.googleadservices.com https://imp2.nowinteract.com https://decibelinsight.net https://www.googleapis.com https://btbusiness.d1.sc.omtrdc.net https://i.salecycle.com https://www.googletagmanager.com https://translate.googleapis.com https://myaccount.ee.co.uk https://*.akamaihd.net https://cdn.decibelinsight.net https://api.uniqodo.com https://ws.sessioncam.com https://dpm.demdex.net https://ajax.googleapis.com https://btbsecure.business.bt.com https://wmstatic.global.ssl.fastly.net https://skynet.reevoo.com https://code.jquery.com https://ee.15gifts.com wss://cdn.decibelinsight.net;default-src 'self' https://ee.co.uk https://*.ee.co.uk;frame-src 'self' https://*.ee.co.uk https://ee.co.uk https://*.doubleclick.net https://*.lpsnmedia.net https://*.demdex.net https://*.criteo.net https://*.criteo.com https://*.google.com https://*.facebook.com https://*.facebook.net https://plugin.monotote.com https://server.lon.liveperson.net https://saltcdn2.googleapis.com https://ee.real-digital.co.uk https://syndication.twitter.com https://www.youtube.com https://ee.cloud-iq.com https://d16fk4ms6rqz1v.cloudfront.net https://platform.twitter.com https://*.akamaihd.net https://ee-embedded.myunidays.com https://3796688.fls.doubleclick.net https://www.myunidays.com https://lo.tokenizer.liveperson.net https://tpc.googlesyndication.com https://saltcdn2.instagram.com https://social.hotukdeals.com https://gateway.zscalerone.net https://prod-browsext.pricesearcher.com https://app.wizdom.ai https://noop.style https://www.hotukdeals.com https://sitecatalyst.omniture.com https://authorize.omniture.com https://lo.v.liveperson.net;media-src 'self' https:;img-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ee.co.uk https://ee.co.uk https://*.doubleclick.net https://track.uniqodo.com https://*.criteo.net https://*.criteo.com https://a.optmnstr.com https://*.tt.omtrdc.net https://*.facebook.net https://*.liveperson.net https://*.tags.tiqcdn.com https://ee-tagging.s3.amazonaws.com https://ee-dtp-static.s3.amazonaws.com https://*.twitter.com https://bat.bing.com https://*.cloudfront.net https://www.googleadservices.com https://*.google-analytics.com https://static.ads-twitter.com https://static.queue-it.net https://eeuk.queueit.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ee.cloud-iq.com https://tags.tiqcdn.com https://rules.quantcount.com https://www.dwin1.com https://adobedtm.com https://*.adobedtm.com https://ads.avocet.io https://ct.pinterest.com https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://cdn.nowinteract.com https://sc-static.net https://vip.timezonedb.com https://medallia.eu https://track.adform.net https://cm.everesttech.net https://plugin.monotote.com https://www.youtube.com https://snap.licdn.com https://s.ytimg.com https://ee.15gifts.com https://btbusiness.d1.sc.omtrdc.net https://www.googleadservices.com https://gdata.youtube.com https://bat.bing.com https://secure.quantserve.com https://px.ads.linkedin.com https://vimeo.com https://connect.facebook.net https://ee-tagging.s3.amazonaws.com https://www.linkedin.com https://cdn.syndication.twimg.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.zenaps.com https://lptag.liveperson.net https://d2oh4tlt9mrke9.cloudfront.net https://twitter.com https://cdn.decibelinsight.net https://assets.revlifter.io https://*.akamaihd.net https://ee.cloud-iq.com https://platform.twitter.com https://www.googletagmanager.com https://www.dwin1.com https://smetrics.ee.co.uk https://rialto-gms.s3.amazonaws.com https://tpc.googlesyndication.com https://vimeo.com https://beta.mybetterdl.com https://rules.quantcount.com https://ws.sessioncam.com https://decibelinsight.net https://analytics.twitter.com https://cdn.walkme.com https://static.ads-twitter.com https://c.cnzz.com https://*.lpsnmedia.net https://cdnjs.cloudflare.com https://p0.mycdn.co https://mark.reevoo.com https://p294588.clksite.com;object-src 'self' https://ee.co.uk https://*.ee.co.uk;style-src 'self' https: 'unsafe-inline';font-src 'self' https:;  report-uri https://1720a10za5.execute-api.eu-west-1.amazonaws.com/csp 1
default-src 'none'; connect-src https://caligraph.youcanbook.me/ https://in.hotjar.com/ https://realtime.youcanbook.me/ https://www.google-analytics.com wss://realtime.youcanbook.me/ https://stats.g.doubleclick.net 'self'; font-src https://fonts.gstatic.com/ https://static.hotjar.com/ data: 'self'; frame-src https://homepage.youcanbook.me/ https://vars.hotjar.com/ https://www.youtube.com/; img-src https://static.hotjar.com https://www.google-analytics.com/ https://www.gstatic.com/ https://zapier.com/ https://cdn.zapier.com/ data: 'self'; manifest-src 'self' ; script-src https://www.google-analytics.com/ https://*.doubleclick.net/ https://realtime.youcanbook.me/ https://s.ytimg.com/ https://*.hotjar.com/ https://www.youtube.com/ https://zapier.com/ 'unsafe-eval' 'unsafe-inline' 'self'; media-src 'self'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self'; 1
report-uri https://csp.rz.uni-kiel.de/report; report-to csp; 1
script-src 'nonce-lS6iAtetz1Wj0LebcauQCg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://us-central1-shinesumoplus.cloudfunctions.net/report-uri 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.com.au/ajax/csp-violation/action 1
default-src 'none'; report-uri https://csp-report.wwnorton.com; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self'  https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net  https://stats.g.doubleclick.net; 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io wss: wss://*.pusher.com slack.com github.com exist.io accounts.automatic.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: fonts.gstatic.com app.vwo.com; form-action 'self' *.welltory.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com *.visualwebsiteoptimizer.com app.vwo.com; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-MTczMjI0NzM5MSwyODQ3OTk2MjE3'; script-src-elem 'self' 'unsafe-inline' connect.facebook.net; report-uri https://exceptions.hubspot.com/csp/report?version=5; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; report-uri https://csp.yahoo.com/beacon/csp?src=fendr_developer.yahoo.com 1
default-src 'self' https://*.stan.com.au; child-src 'self' https://www.youtube.com; connect-src 'self' blob: https://*.stan.com.au https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://www.paypal.com https://c.paypal.com https://checkoutshopper-live-au.adyen.com https://live-au.adyen.com https://*.akamaihd.net; form-action 'self' https://*.stan.com.au https://www.facebook.com; font-src 'self' data:; frame-src 'self' https://checkoutshopper-live-au.adyen.com https://www.facebook.com https://*.paypal.com https://platform.twitter.com https://*.doubleclick.net; img-src 'self' blob: data: https://*.stan.com.au https://*.akamaihd.net https://www.google-analytics.com https://adservice.google.com https://www.google.com https://www.google.com.au https://www.facebook.com https://*.paypal.com https://*.doubleclick.net https://www.googletagmanager.com https://bat.bing.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stan.com.au https://www.googletagmanager.com https://connect.facebook.net https://*.snplow.net https://www.google-analytics.com https://static.ads-twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://checkoutshopper-live-au.adyen.com https://www.paypalobjects.com https://www.paypal.com https://live-au.adyen.com https://c.paypal.com https://bat.bing.com https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.stan.com.au https://cloud.typography.com; report-uri https://api.stan.com.au/features/v1/collect-csp; 1
frame-ancestors 'self'; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.playwire.com https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' https://cdn.intergi.com https://*.playwire.com https://*.stripe.com https://*.abcya.com https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://cdn.intergi.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://intergi-phoenix.s3.amazonaws.com https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self'; object-src https://*.abcya.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://adservice.google.com https://cdn.ampproject.org https://cdn.intergi.com https://cdn.intergient.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://cdn.intergi.com https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
default-src blob: data: https: 'self' wss:; script-src blob: data: https: 'self' wss: 'unsafe-eval' 'unsafe-inline'; style-src blob: data: https: 'self' wss: 'unsafe-inline'; report-uri https://everlane.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: seal.websecurity.norton.com cdn1-sandbox.affirm.com www.googletagmanager.com *.scarabresearch.com d2oh4tlt9mrke9.cloudfront.net cdn1.affirm.com cardinaldata.net adservice.google.com cdn.pmmapads.com vpaid.springserve.net tracker.departapp.com z.moatads.com ad.lkqd.net svastx.moatads.com cdn-ssl.vidible.tv code.createjs.com static.vertamedia.com www.resellerratings.com 14240048.va.cobrowse.liveperson.net imasdk.googleapis.com va.v.liveperson.net www.google.com c1.rfihub.net mpp.vindicosuite.com www.google-analytics.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net a.rfihub.com apis.google.com analytics.twitter.com tirerack.resultspage.com assets.resultspage.com lptag.liveperson.net seal.verisign.com www.googlecommerce.com bat.bing.com bs.serving-sys.com static.ads-twitter.com secure-ds.serving-sys.com accdn.lpsnmedia.net s.go-mpulse.net ds-aksb-a.akamaihd.net lpcdn.lpsnmedia.net cdn.dashjs.org includes.ccdc02.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.pmqzads.com cdn.pmmapads.com tirerack.resultspage.com util.cardinalcommerce.com; img-src 'self' data: *.akamaihd.net *.akstat.io static.tirerack.com www.googleadservices.com cdn.pmmapads.com trk.vidible.tv promclickapp.biz *.pmqzads.com pixel.moatads.com gallery.tirerack.com *.google.ca cardinaldata.net www.paypalobjects.com cj.dotomi.com www.emjcd.com api.pmmapads.com *.googleapis.com seals.resellerratings.com bat.bing.com tirerack.d1.sc.omtrdc.net www.google.com t.co tags.w55c.net insight.adsrvr.org b.collective-media.net mpp.vindicosuite.com www.google-analytics.com sync.search.spotxchange.com stats.g.doubleclick.net match.sharethrough.com googleads.g.doubleclick.net cache.vindicosuite.com www.facebook.com analytics.twitter.com e.nexac.com x.dlx.addthis.com loadus.exelator.com bh.contextweb.com t.mookie1.com su.addthis.com ad.sxp.smartclip.net contextual.media.net ads.stickyadstv.com match.adsrvr.org sync-tm.everesttech.net ib.adnxs.com ads.scorecardresearch.com seal.websecurity.norton.com www.googletagmanager.com ad.doubleclick.net util.cardinalcommerce.com csi.gstatic.com maps.gstatic.com dpm.demdex.net adservice.google.com cm.everesttech.net track1.aniview.com assets.resultspage.com a.algovid.com px.moatads.com tires.tirerack.com lpcdn.lpsnmedia.net cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' *.akstat.io *.akamaihd.net seal.websecurity.norton.com *.scarabresearch.com *.affirm.com ws.sessioncam.com d2oh4tlt9mrke9.cloudfront.net api.rollbar.com adservice.google.com videos-tirerack.akamaized.net amp.akamaized.net vid-io.springserve.net *.vertamedia.com maps.googleapis.com ads.contextweb.com ad.lkqd.net 14240048.va.cobrowse.liveperson.net tirerack.d1.sc.omtrdc.net includes.ccdc02.com googleads.g.doubleclick.net bat.bing.com www.google.com google-analytics.com static.ads-twitter.com c.go-mpulse.net stats.g.doubleclick.net www.googlecommerce.com ads.adaptv.advertising.com www.googleadservices.com tirerack.tt.omtrdc.net dpm.demdex.net va.v.liveperson.net vid.springserve.com v.lkqd.net tirerack.resultspage.com www.facebook.com assets.resultspage.com ssp.lkqd.net ssp.streamrail.net t.lkqd.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net lptag.liveperson.net googleadservices.com vast.streamrail.net www.google-analytics.com www.googletagmanager.com cdn.dashjs.org ima3vpaid.appspot.com connect.facebook.net svastx.moatads.com apis.google.com googleapis.com seal.verisign.com analytics.twitter.com vidoplay.com; media-src 'self' blob: videos-tirerack.akamaized.net tirerack-vh.akamaihd.net lpcdn.lpsnmedia.net; frame-src 'self' www.affirm.com 0eaf.cardinalcommerce.com api.pmmapads.com www.youtube.com lpcdn.lpsnmedia.net www.google.com 20744577p.rfihub.com accounts.google.com pixel.everesttech.net www.everestjs.net a.rfihub.com bid.g.doubleclick.net thetirerackinc.demdex.net www.facebook.com www.trwholesalesolutions.com secure.paymentech.com ssl.kaptcha.com sales.liveperson.net; report-uri /csp-report-only 1
default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' forum.vivaldi.net *.twitter.com *.twimg.com; img-src 'self' https: data:; font-src 'self' data:; frame-src 'self' www.youtube-nocookie.com *.twitter.com; report-uri /wp-content/themes/vivaldicom-theme/lib/handlecsp.php 1
block-all-mixed-content ; report-uri /csp-reports ; report-to csp-endpoint ; default-src 'self' *.prismic.io https://www.google.com/recaptcha/ ; connect-src 'self' *.prismic.io events.mediarithmics.com ; img-src 'self' data: *.prismic.io www.google-analytics.com ib.adnxs.com o.adhslx.com fonts.gstatic.com https://www.gstatic.com/recaptcha/ events.mediarithmics.com cookie-matching.mediarithmics.com x.bidswitch.net pixel.rubiconproject.com simage2.pubmatic.com ; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prismic.io www.google-analytics.com www.googletagmanager.com www.gstatic.com https://www.google.com/recaptcha/ static.mediarithmics.com cookie-matching.mediarithmics.com ib.adnxs.com cm.g.doubleclick.net ; font-src 'self' *.prismic.io fonts.gstatic.com 1
script-src 'nonce-PBwyDAQ_OtalSL66PO3ASQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1
default-src 'self' https:; base-uri 'none'; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; img-src https://opt-out.ferank.eu https://ssl.google-analytics.com https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; plugin-types video/*; script-src https://opt-out.ferank.eu https://www.google-analytics.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; style-src https://cdn.jsdelivr.net https://opt-out.ferank.eu https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; report-uri /csp/report 1
default-src 'unsafe-inline' 'unsafe-eval' 'self'; font-src 'self' data: https://fonts.gstatic.com:443; img-src 'self' data: https://secure.gravatar.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 report-uri https://mahadiscom.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.chatlio.com https://maxcdn.bootstrapcdn.com https://js.intercomcdn.com data: https://fonts.gstatic.com ; connect-src https://bam.nr-data.net https://fonts.gstatic.com wss://ws.pusherapp.com https://*.chatlio.com wss://*.intercom.io https://*.intercom.io https://*.algolia.com https://insights.algolia.io https://*.algolia.net https://*.algolianet.com https://insights.hotjar.com wss://*.hotjar.com https://*.kissmetrics.com https://vimeo.com https://*.pingdom.net https://api.segment.io https://api.amplitude.com/ https://sentry.io ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.es/ajax/csp-violation/action 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nr-data.net *.paypalobjects.com *.analytics-egain.com *.trustpilot.com *.newrelic.com *.kk-resources.com *.redditstatic.com *.chainreactioncycles.com *.google.com *.criteo.net *.melissadata.net *.mention-me.com *.bazaarvoice.com www.zenaps.com *.scene7.com the.sciencebehindecommerce.com *.adyen.com seal.digicert.com vars.hotjar.com *.hotjar.com *.criteo.com lantern.roeyecdn.com *.cloudfront.net *.bing.com tracker.marinsm.com *.facebook.net *.trustarc.com *.google-analytics.com www.googletagmanager.com *.scene7.com www.dwin1.com www.googleoptimize.com data:; style-src * 'unsafe-inline'; default-src *.melissadata.net *.sciencebehindecommerce.com *.truste.com *.chainreactioncycles.com *.facebook.com *.hotjar.com *.hotjar.io *.gstatic.com *.bing.com *.googleapis.com *.trustarc.com *.google-analytics.com *.cloudfront.net *.googleoptimize.com; img-src * data:; object-src 'none'; connect-src * ; frame-src * data:; script-src-elem 'unsafe-inline' chainreactioncycles.com *.digicert.com, *.criteo.com *.google.com *.kk-resources.com www.redditstatic.com analytics.analytics-egain.com js-agent.newrelic.com widget.trustpilot.com bam.nr-data.net www.paypalobjects.com www.googleoptimize.com lantern.roeyecdn.com www.googleadservices.com media.chainreactioncycles.com tracker.marinsm.com *.adyen.com sslwidget.criteo.com *.bazaarvoice.com *.hotjar.com *.googletagmanager.com bat.bing.com www.zenaps.com *.cloudfront.net static.criteo.net *.google-analytics.com www.dwin1.com *.mention-me.com *.facebook.net *.trustarc.com the.sciencebehindecommerce.com *.scene7.com mpsnare.iesnare.com seal.digicert.com9 data:; style-src-elem * 'unsafe-inline'; font-src * ; media-src * data:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri /csp-report.jsp; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src * data: blob: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval' *.eurostar.com scripts.eurostar.tech analytics.twitter.com bat.bing.com beacon.krxd.net cdn.kommunicate.io cdn.applozic.com cdn.krxd.net connect.facebook.net consumer.krxd.net eus.cdn-v3.conductrics.com googleads.g.doubleclick.net polyfill.io rules.quantcount.com s.yimg.com sc-static.net secure.quantserve.com sp.analytics.yahoo.com static.ads-twitter.com tag.yieldoptimizer.com tags.tiqcdn.com visitor-service-eu-west-1.tealiumiq.com w.usabilla.com widget.kommunicate.io www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.googletagservices.com ad.doubleclick.net www.paypal.com www.googleadservices.com maps.googleapis.com apply.workable.com snap.licdn.com; connect-src 'self' https: *.eurostar.com bat.bing.com collect-eu-west-1.tealiumiq.com c.contentsquare.net www.google-analytics.com cdn.kommunicate.io api.kommunicate.io chat.kommunicate.io www.paypal.com googleads4.g.doubleclick.net api.rollbar.com www.facebook.com r.contentsquare.net bots.applozic.com stats.g.doubleclick.net wss://socket5.applozic.com wss://socket.applozic.com:80 adservice.google.com pagead2.googlesyndication.com jslog.krxd.net t.co beacon.krxd.net www.bing.com pubads.g.doubleclick.net; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV2FbC9Ij83SGE3iTXUOUwHd6irC7dEd3crCFxWV0sz34YKvdRhl7b2Pwk5pss2m6jkp8P_KsP_DDMThVLr-k4csrE-WmpY1fji3919gGLcEhQ== 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
block-all-mixed-content; report-uri https://csp-reports.pravmir.ru/https-mixed-content-logger/csp_report_log.php; 1
script-src 'nonce-PQAJC-9XK_p-Al300_eaRQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:;  object-src 'self'; font-src https: data:; script-src 'nonce-096d02ba-21ec-42ea-a62b-931815c0c37e' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
default-src 'self' https:; object-src 'self'; frame-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://acp.miloo.nl wss://acp.miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com disqus.com; child-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://acp.miloo.nl wss://acp.miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com *.disqus.com; style-src 'self' 'unsafe-inline' *.kvk.nl s3.amazonaws.com tagmanager.google.com translate.googleapis.com *.mopinion.com https://fonts.googleapis.com *.abtasty.com *.disqus.com *.disquscdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.kvk.nl blob: bat.bing.com *.nowinteract.com www.youtube.com s.ytimg.com channel.me cloudstatic.obi4wan.com *.hotjar.com www.google-analytics.com www.googletagmanager.com cdn-assets-prod.s3.amazonaws.com tagmanager.google.com *.mopinion.com https://acp.miloo.nl wss://acp.miloo.nl *.abtasty.com *.disqus.com *.disquscdn.com 'nonce-d3VFuhFMt5jB3JKQ/wsFFcc2Gu9KhZlscfKuSgf0XMU='; img-src 'self' *.kvk.nl blob: data: tr3.onlinesucces.nl www.ondernemersplein.nl bat.bing.com https://www.gstatic.com/images/branding/product/2x/translate_24dp.png www.google-analytics.com www.googletagmanager.com https://acp.miloo.nl wss://acp.miloo.nl *.abtasty.com *.cloudfront.com *.mopinion.com *.disqus.com *.disquscdn.com; font-src 'self' blob: data: *.kvk.nl http://fonts.gstatic.com https://fonts.gstatic.com static.hotjar.com *.mopinion.com *.abtasty.com *.disqus.com; connect-src 'self' *.kvk.nl wss://*.kvk.nl opendata.ondernemersplein.nl *.nowinteract.com translate.googleapis.com bots.obi4wan.com app.obi4wan.ai *.hotjar.com wss://*.hotjar.com www.google-analytics.com script.google.com https://acp.miloo.nl wss://acp.miloo.nl *.mopinion.com col.eum-appdynamics.com *.abtasty.com sentry.io *.disqus.com; frame-ancestors 'self' https://*.kvk.nl; base-uri 'self' *.kvk.nl; report-uri https://acd4a6fc2b303186c154a28c8bda5e62.report-uri.com/r/t/csp/reportOnly; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=147-8914573-7315718:rid=AMD4NM6Q12PAMTX8GT2C:sn=www.audible.com 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=GB&lang=en-GB&device=desktop&yrid=7d70ue9fgm8hn&partner=; 1
base-uri 'none'; default-src 'none'; script-src 'nonce-lBs4/DFI/QnAZhoWjmffKg==' 'unsafe-inline' 'unsafe-eval' 'wasm-eval' 'self' https://ajax.aspnetcdn.com https://*.office365.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net  report-sample; style-src 'unsafe-inline' 'self' https://shell.cdn.office.net https://shellppe.cdn.office.net  report-sample; font-src 'self' data: https://*.akamaihd.net https://static2.sharepointonline.com; img-src 'self' blob: data: https://*.officeppe.com https://*.office.com https://*.msedge.net https://*.office365.com https://outlook.live.com https://*.microsoft.com https://*.vo.msecnd.net https://*.teams.microsoft.com https://*.officeapp.live.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://outlook.office365.com https://shell.cdn.office.net https://shellppe.cdn.office.net; connect-src 'self' blob: https://graph.microsoft.com wss://whiteboard.microsoft.com/sync https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com https://*.office.com https://*.officeppe.com https://*.msedge.net https://outlook.office365.com https://outlook.live.com https://config.edge.skype.net https://config.edge.skype.com https://browser.pipe.aria.microsoft.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net; frame-src 'self' https://login.windows.net/ https://*.officeppe.com https://*.office.com https://*.spoppe.com https://microsoft.sharepoint-df.com https://microsoft.sharepoint.com https://www.yammer.com; frame-ancestors 'self' https://teams.microsoft.com; form-action 'none'; upgrade-insecure-requests; report-uri /cspreport 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //analytics.tool.lu/csp 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri *.roche.com *.roche.net *.gene.com; plugin-types application/pdf; referrer origin-when-cross-origin; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net 'unsafe-inline' 'self'; default-src 'none'; img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'unsafe-inline' https://use.typekit.net; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://use.typekit.net https://themes.googleusercontent.com; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1
connect-src *.litix.io *.pusher.com 729-jty-427.mktoresp.com 729-jty-427.mktoutil.com api.segment.io bat.bing.com bench.co boards-api.greenhouse.io cdn.contentful.com cdn.getambassador.com content.proof-x.com data.cdnbasket.net distillery.wistia.com embed.wistia.com embedwistia-a.akamaihd.net https://*.hotjar.com https://heapanalytics.com ids.cdnwidget.com page.cdnbasket.net pipedream.wistia.com pro.ip-api.com requests.getambassador.com stats.g.doubleclick.net vc.hotjar.io view.cdnbasket.net ws://ws.pusherapp.com wss://*.hotjar.com wss://ws.pusherapp.com www.facebook.com www.google-analytics.com www.google.com; font-src bench-assets.imgix.net data: fonts.gstatic.com https://heapanalytics.com script.hotjar.com; frame-src app-ab17.marketo.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com vars.hotjar.com www.facebook.com www.youtube.com; img-src 'self' * alb.reddit.com app-ab17.marketo.com bat.bing.com bench-assets.imgix.net cx.atdmt.com data: e.cdnwidget.com embed.wistia.com fast.wistia.com hi.hellobar.com https://heapanalytics.com i.ytimg.com images.ctfassets.net s3.amazonaws.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googletagmanager.com; media-src blob: embed.wistia.com embedwistia-a.akamaihd.net; report-uri https://bench.co/api/v1/cspreport.json; script-src 'self' 'unsafe-eval' 'unsafe-inline' app-ab17.marketo.com bat.bing.com boards.greenhouse.io cdn.getambassador.com cdn.proof-x.com cdn.segment.com connect.facebook.net fast.wistia.com googleads.g.doubleclick.net https://cdn.heapanalytics.com https://heapanalytics.com js.driftt.com mbsy.co munchkin.marketo.net my.hellobar.com pixel.cdnwidget.com script.hotjar.com static.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'unsafe-inline' app-ab17.marketo.com bench.co fonts.googleapis.com https://heapanalytics.com; worker-src blob: 1
script-src 'nonce-6LvzAnXybyLHVtWTsmo-Ow' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'none';upgrade-insecure-requests;style-src https: 'unsafe-inline';font-src https: data:;img-src https: data:;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com;frame-src https://login.windows-ppe.net https://login.live.com https://login.live-int.com;worker-src 'self' blob:;child-src 'self' blob:;report-uri /api/csp-report?page=unauth&reportOnly=True;script-src 'nonce-pzZxtXX3nCfJBfi/pt2jmw==' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic'; 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.ie/ajax/csp-violation/action 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.nl/ajax/csp-violation/action 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css; object-src 'none'; report-uri /report-csp-violation 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.sandbox.paypal.com; report-uri https://csp-violations.external.wickes.co.uk 1
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; worker-src blob:; report-uri /csp-report 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss:; font-src https:; media-src 'self' https://media-eu2.digital.nuance.com; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1
frame-ancestors 'self' http://dev.lovdata.intern:* http://xdur:8080 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://jobsv3.wort.lu/api/v1/sites/pt/latina/playlistUpdates; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri https://www.wort.lu/report 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com www.google-analytics.com www.gstatic.com www.google.com 'nonce-MzA4OTE1ODgzOCwzMjg2MzY2MDc1'; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com www.google-analytics.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
default-src   http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com blob:;  style-src 'self' https://checkout.stripe.com 'unsafe-inline' ;  img-src * https://* http://* data:;  font-src 'self' data:;  script-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://js.stripe.com https://checkout.stripe.com https://platform.twitter.com/ https://twitter.com/ blob: 'unsafe-eval' 'unsafe-inline' ;  frame-src 'self'  https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.soundcloud.com/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ https://platform.twitter.com/ https://twitter.com/;  media-src http://*.somafm.com https://*.somafm.com https://w.soundcloud.com https://api.soundcloud.com blob:;  object-src 'self' http://*.somafm.com https://*.somafm.com blob:;  connect-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com https://api.stripe.com ;  report-uri https://c70042f2c71bb9b31e563921ca1357ff.report-uri.com/r/d/csp/reportOnly 1
form-action 'self'; report-uri https://ylilauta.org/csp-report.php 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=90e0c9760121d68d97ae9136057c4a49 1
default-src 'none'; connect-src 'self' https://*.google-analytics.com https://pagead2.googlesyndication.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: https://webfonts.zohostatic.com https://use.typekit.net; form-action https://*.splitwise.com https://accounts.google.com; frame-src 'self' https://js.stripe.com https://www.youtube.com https://www.facebook.com https://platform.twitter.com https://apis.google.com https://accounts.google.com https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://js.stripe.com/; img-src 'self' https://assets.splitwise.com https://s3.amazonaws.com/splitwise/ https://splitwise.s3.amazonaws.com https://chart.googleapis.com https://*.fbsbx.com https://*.fbcdn.net https://graph.facebook.com/ http://widget.uservoice.com https://widget.uservoice.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' https://assets.splitwise.com https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://connect.facebook.net https://www.google.com/m8/feeds/contacts/ https://www.youtube.com https://s.ytimg.com https://widget.uservoice.com https://by2.uservoice.com https://*.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://partner.googleadservices.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://adservice.google.com.co https://adservice.google.com.br https://adservice.google.co.uk https://adservice.google.com.ar https://adservice.google.co.in https://adservice.google.co.ao https://adservice.google.de https://adservice.google.fr https://adservice.google.pl https://apis.google.com https://platform.twitter.com https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://js.stripe.com/; style-src 'unsafe-inline' https://assets.splitwise.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com; report-uri /webhooks/csp_violations 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AJO3FBRUE6J4S:sid=258-8634008-1891117:rid=VWHZP14BE620RR7A1V82:sn=www.audible.in 1
default-src 'self';connect-src 'self' https://www.google-analytics.com https://vc.hotjar.io https://*.hotjar.com:* wss://*.hotjar.com https://app.chatplus.jp https://ekr.zdassets.com wss://*.zopim.com;font-src 'self' data: https://v2.zopim.com https://appimg.chatplus.jp https://fonts.gstatic.com https://static.hotjar.com https://cdnjs.cloudflare.com;frame-src 'self' https://app.chatplus.jp https://optimize.google.com https://vars.hotjar.com https://appimg.chatplus.jp https://platform.twitter.com https://widget.as.criteo.com;img-src 'self' data: https://seal.alphassl.com https://v2.zopim.com https://app.chatplus.jp https://appimg.chatplus.jp https://image.chatplus.jp https://t.co https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.co.jp https://cache.img.gmo.jp https://insights.hotjar.com https://static.hotjar.com https://px.a8.net https://*.yahoo.co.jp https://s.yimg.jp https://pepabo.com https://lolipop.jp https://*.heteml.jp https://goope.jp;manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://seal.alphassl.com https://v2.zopim.com https://app.chatplus.jp https://appimg.chatplus.jp https://polyfill.io https://static.criteo.net https://sslwidget.criteo.com https://analytics.twitter.com https://ads-twitter.com https://platform.twitter.com https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cache.img.gmo.jp https://p01.mul-pay.jp https://pt01.mul-pay.jp https://static.hotjar.com https://script.hotjar.com https://statics.a8.net https://*.yahoo.co.jp https://s.yimg.jp https://s.yjtag.jp https://connect.facebook.net https://static.zdassets.com https://cdnjs.cloudflare.com https://pepabo.com https://*.heteml.jp;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://seal.alphassl.com https://v2.zopim.com https://app.chatplus.jp https://appimg.chatplus.jp https://polyfill.io https://static.criteo.net https://sslwidget.criteo.com https://analytics.twitter.com https://ads-twitter.com https://platform.twitter.com https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cache.img.gmo.jp https://p01.mul-pay.jp https://pt01.mul-pay.jp https://static.hotjar.com https://script.hotjar.com https://statics.a8.net https://*.yahoo.co.jp https://s.yimg.jp https://s.yjtag.jp https://connect.facebook.net https://static.zdassets.com https://cdnjs.cloudflare.com https://pepabo.com https://*.heteml.jp;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.chatplus.jp https://appimg.chatplus.jp https://tagmanager.google.com https://optimize.google.com https://cache.img.gmo.jp https://cdnjs.cloudflare.com https://pepabo.com;media-src 'self' https://appimg.chatplus.jp;report-uri https://muumuu-domain.com/csp/report; 1
policy 1
style-src 'self' 'unsafe-inline' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.googleapis.com www.google.com *.vimeocdn.com; frame-src 'self' data: www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; default-src 'self'; script-src 'self' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-5QaN5EjQPFF5f3mY'; img-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.gstatic.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714; report-uri https://www.sidefx.com/csp_reports/ 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
default-src https: blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://us-central1-pr-environment.cloudfunctions.net/policy-violation 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.com.br/ajax/csp-violation/action 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google-analytics.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com; img-src 'self' 'unsafe-inline' *.google-analytics.com https://syndication.twitter.com https://*.sharethis.com; frame-src 'self' 'unsafe-inline' *.youtube.com https://platform.twitter.com https://player.vimeo.com https://www.facebook.com https://*.sharethis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; report-uri /report-csp-violation 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://ssl.google-analytics.com https://www.google-analytics.com https://google-analytics.com www.google.com www.gstatic.com cdn.paddle.com checkout.paddle.com https://*.zopim.com *.zdassets.com; frame-src www.google.com checkout.paddle.com buy.paddle.com create-checkout.paddle.com; connect-src 'self' d31j93rd8oukbv.cloudfront.net ssl.google-analytics.com analytics.paddle.com browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1
block-all-mixed-content; report-uri https://davincistudio.report-uri.com/r/d/csp/reportOnly; 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.blikk.hu::PROD_0_7_6_AWS 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.themanual.com/collector/nr.php?ctx=csp-violation 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; form-action https:; report-uri https://arlingtonva.report-uri.io/r/default/csp/reportOnly; 1
base-uri 'none'; object-src 'none'; script-src https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://media.blenderartists.org/assets/ https://media.blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://media.blenderartists.org/highlight-js/ https://media.blenderartists.org/javascripts/ https://media.blenderartists.org/plugins/ https://media.blenderartists.org/theme-javascripts/ https://media.blenderartists.org/svg-sprite/ 'report-sample' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' blob:; report-uri https://blenderartists.org/csp_reports 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://api.transparentcdn.com/v1/csp/report/83/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net; style-src *.bellroy.com https: 'unsafe-inline' data:; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp_reports 1
script-src 'nonce-o4VET9wfl2UPA7BEZPQSeQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; report-uri //root 1
default-src 'self' s16-hypstarcdn-com.akamaized.net 'unsafe-inline' *.byteoversea.com *.hypstarcdn.com blob: data:;script-src 'self' s16-hypstarcdn-com.akamaized.net 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.hypstarcdn.com blob: data:;img-src * data:;media-src *;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=vigo_web 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/ta/prod 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.googleapis.com cdn.getfinancing.com *.callrail.com www.googletagmanager.com *.google-analytics.com *.cloudflare.com www.google-analytics.com *.trustpilot.com *.yotpo.com certify-js.alexametrics.com *.bing.com *.hotjar.com js.klevu.com *.listrakbi.com connect.facebook.net app.purechat.com services.listrak.com js-agent.newrelic.com *.nr-data.net prod.purechatcdn.com kenwheeler.github.io core.spreedly.com hosted.subscribepro.com api.resellerratings.com googleads.g.doubleclick.net cdn.aimtell.com www.resellerratings.com player.vimeo.com tpc.googlesyndication.com www.google.com 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com fast.wistia.com fast.wistia.net *.wistia.com *.wistia.com form.jotform.com cdn.jotfor.ms secure.jotformpro.com submit.jotformpro.com;style-src 'self' 'unsafe-inline' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;child-src 'self' https://voicethread.com fast.wistia.com fast.wistia.net *.wistia.com player.vimeo.com;connect-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com wss://prod-mq.voicethread.com sentry.io *.akamaihd.net *.litix.io *.wistia.com *.litix.io;font-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;form-action 'self'  https://voicethread.com;frame-ancestors none ;img-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com *.akamaihd.net fast.wistia.com embed.wistia.com embedwistia-a.akamaihd.net events.jotform.com cdn.jotfor.ms embed-fastly.wistia.com;media-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com embed.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com;object-src 'self' https://prod-cdn.voicethread.com;report-uri /csp_report/; 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1
default-src 'self'; script-src 'self' *.crex24.com *.google-analytics.com https://www.google-analytics.com/analytics.js *.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com ton.twimg.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com wss://crex24.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/; report-uri /api/report-csp1/ 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://vwtjtrxk3sfdp0kvpob5s8gb.httpschecker.net/report 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self'; script-src 'nonce-fMVr6wZX15PSKxdFdlyyPx5029VaC0EACIt6ygdgu9s=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.sg/ajax/csp-violation/action 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: data: blob:; font-src https: data:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/hg/prod 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
script-src 'nonce-W2UxHTen0mkrEBDu7eoi-g' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=130-4083345-8498018:rid=SMBN0SXYYG2VF2BRJSF8:sn=www.audible.com 1
report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 1
child-src 'self'; connect-src https://*.google-analytics.com https://slaask.com http://*.google.com https://*.eyeka.com https://*.pusher.com https://*.cedexis.com data: https://*.g.doubleclick.net https://*.adnxs.com https://*.facebook.com http://*.eyeka.com https://*.kameleoon.com http://*.google-analytics.com 'self' https://*.googleapis.com https://*.google.com; default-src 'self' data:; font-src https://*.gstatic.com https://*.eyeka.com data: https://*.slaask.com http://*.eyeka.com 'self' https://*.embedly.com; frame-src http://*.youtube.com http://*.google.com data: https://*.uservoice.com https://*.kameleoon.eu https://*.g.doubleclick.net https://*.kameleoon.com https://*.facebook.com https://*.youtube.com 'self' https://*.embedly.com https://*.google.com; img-src https://*.cdnetworks.net https://*.gravatar.com https://*.uservoice.com https://*.slaask.com https://*.kameleoon.com https://*.google.ru https://*.google.co.id https://*.youtube.com https://*.google.com https://t.co http://*.google.com https://*.google.pt https://*.ads.linkedin.com https://*.google.com.br https://*.licdn.com https://*.google.com.ua https://*.google.co.uk https://*.adnxs.com http://*.eyeka.com http://*.google-analytics.com https://*.google.com.ng 'self' https://*.googleapis.com https://*.google-analytics.com https://*.eyeka.com https://*.google.com.ph https://*.google.co.in https://*.facebook.com https://*.google.fr https://*.google.com.pk https://*.gstatic.com http://*.youtube.com https://*.google.es data: https://*.g.doubleclick.net https://*.google.com.ar; manifest-src 'self'; media-src https://*.gstatic.com http://*.google.com https://*.eyeka.com https://*.slaask.com http://*.eyeka.com 'self' https://*.google.com; object-src http://*.eyeka.com data: 'self' https://*.eyeka.com; script-src https://*.ads-twitter.com https://*.uservoice.com https://*.linkedin.com https://*.slaask.com https://*.kameleoon.com https://*.googleadservices.com https://*.google.co.id https://*.google.ru https://*.pusher.com https://*.google.com https://*.newrelic.com http://*.google.com https://*.ads.linkedin.com https://*.licdn.com https://*.mouseflow.com 'unsafe-inline' https://*.adnxs.com https://*.mxpnl.com http://*.eyeka.com http://*.google-analytics.com 'self' https://*.googleapis.com https://*.embedly.com https://*.google-analytics.com 'unsafe-eval' https://*.eyeka.com https://*.nr-data.net https://*.google.fr https://*.gstatic.com https://*.facebook.net https://*.cedexis.com data: https://*.g.doubleclick.net https://*.twitter.com; style-src https://*.eyeka.com data: 'unsafe-inline' https://*.slaask.com http://*.eyeka.com 'self' https://*.googleapis.com https://*.embedly.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dwolla.com dtlilztwypawv.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleads.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.adroll.com *.adnxs.com *.googleadservices.com *.yahoo.com *.bidswitch.net *.twitter.com *.rlcdn.com *.connexity.net static.chartbeat.com *.akamai.net *.optimizely.com *.cdngc.net *.iovation.com pi.pardot.com px.ads.linkedin.com snap.licdn.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com js-agent.newrelic.com bam.nr-data.net s0.wp.com s1.wp.com stats.wp.com widget.intercom.io a.quora.com cdnjs.cloudflare.com js.intercomcdn.com siftscience.com www.linkedin.com data:; style-src 'self' 'unsafe-inline' cdn.dwolla.com fonts.googleapis.com safari-extension://* chrome-extension://*; img-src * data:; font-src * data:; frame-src 'self' *.dwolla.com *.facebook.com *.googletagmanager.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com *.chartbeat.com platform.twitter.com; connect-src 'self' *.optimizely.com *.intercom.io status.g.doubleclick.net api.ipify.org; object-src 'self' *.cdngc.net *.iovation.com cdn.dwolla.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://earnest.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https: wss: data: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 1
default-src 'self' 'unsafe-inline' *.gstatic.com static.cloud.coveo.com fonts.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com *.youtube.com *.ytimg.com *.google-analytics.com stats.g.doubleclick.net siteimproveanalytics.com *.siteimproveanalytics.io static.hubbardone.com ajax.googleapis.com *.siteimprove.com 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ca&source%5Bsection%5D=brochure&source%5Buuid%5D=e0da99b1a91d5571e7f7424686ca5829 1
default-src 'none'; connect-src 'self' data: https://titanic.honeybadger.io https://*.convertkit.com/ https://*.profitwell.com https://*.usefathom.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://api.segment.io/v1/ https://*.wistia.com/x https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://rmbutterfly.com/1661691228/ https://embedwistia-a.akamaihd.net/; font-src 'self' data: http://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https://*.profitwell.com https://*.usefathom.com/ https://honeybadger-static.s3.amazonaws.com https://docs-honeybadger.s3.amazonaws.com/ https://www.googletagmanager.com/ https://*.wistia.com/ https://www.gstatic.com https://stats.g.doubleclick.net https://ton.twimg.com https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://d3aei7d2k8qp8j.cloudfront.net https://embedwistia-a.akamaihd.net https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.profitwell.com https://*.usefathom.com/ https://gist.github.com https://www.googletagmanager.com/ https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.segment.com/analytics.js/v1/Vh0hrL9NfiyA8PXfEW4pPCQbrkG2bBAy/analytics.min.js https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com/ https://www.gstatic.com/; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self'; ; connect-src https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:* wss://cdn.ukraine.com.ua:* https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1
script-src 'nonce-yyGq9OteX2rYFh1KWtdW4w' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'sha256-GZIcz60Uwd6wT3vaYke/atSr53TehbYAPepOa3d03Vw=' 'nonce-258e65fb5ddfe0430b94deaf' 'strict-dynamic' 'report-sample' ; worker-src 'self'; report-uri https://tourradar.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests; block-all-mixed-content; report-uri https://diyaudioreport.report-uri.com/r/d/csp/reportonly 1
font-src *.narvar.com *.narvar.qa *.gstatic.com 'self' data: *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.authorize.net *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.oraclecloud.com *.xisecurenet.com https://s.amazon-adsystem.com https://s7.addthis.com https://imgs.signifyd.com https://h.online-metrix.net *.adsrvr.org https://oxo.attn.tv *.hotjar.com  https://cert-xiecomm.paymetric.com assets.pinterest.com https://bid.g.doubleclick.net fcmatch.youtube.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.narvar.com *.narvar.qa 'self' data: fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.curalate.com *.heledigital.com *.doubleclick.net www.oxo.com https://t.acq.io https://imgs.signifyd.com *.online-metrix.net *.bing.com *.loggly.com https://ct.pinterest.com https://tracking.qa.paypal.com https://www.google.com *.attentivemobile.com *.facebook.com *.adroll.com https://www.googletagmanager.com *.adsrvr.org pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com ads.yahoo.com trc.taboola.com eb2.3lift.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.srv.stackadapt.com usersync.videoamp.com srv4j.net ssum.casalemedia.com ads.undertone.com remarketing.acq.io/ pippio.com pixel.prfct.co dps.admission.net cs.choozle.com ml314.com seg.sharethis.com cx.atdmt.com s0.2mdn.net sync.mathtag.com fcmatch.google.com s.amazon-adsystem.com sync-tm.everesttech.net dpm.demdex.net pm.w55c.net usermatch.krxd.net *.pinterest.com *.paypalobjects.com *.signifyd.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.pinterest.com ajax.cloudflare.com *.cobrowse.com *.googletagmanager.com *.googleadservices.com *.paypalobjects.com https://imgs.signifyd.com *.google.com *.bazaarvoice.com *.facebook.net *.curalate.com *.rapidspike.com *.yottaa.com *.amazonaws.com *.mailchimp.com *.addthis.com https://ak.sail-horizon.com https://js.acq.io *.pinimg.com *.bing.com *.yimg.com *.geoplugin.net https://d.impactradius-event.com https://js.adsrvr.org *.hotjar.com https://cdn.attn.tv *.adroll.com *.doubleclick.net https://www.gstatic.com https://z.moatads.com *.yahoo.com *.consensu.org *.adacado.com https://sync.tidaltv.com *.vimeocdn.com *.ytimg.com *.heledigital.com *.online-metrix.net consent.trustarc.com submit-irm.trustarc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.bootstrapcdn.com *.mailchimp.com *.getfirebug.com consent.trustarc.com submit-irm.trustarc.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' data: *.googleadservices.com *.google-analytics.com *.curalate.com *.heledigital.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com oxo.attn.tv *.instagram.com *.facebook.com *.oraclecloud.com https://m.addthis.com *.paypal.com *.paypalobjects.com *.yottaa.net https://edge.curalate.com https://www.oxo.com https://rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com https://api.sail-personalize.com https://imgs.signifyd.com https://s.yimg.com https://ct.pinterest.com *.hotjar.io *.paymetric.com https://in.hotjar.com *.sail-track.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; child-src blob: t.contentsquare.net; font-src 'self' https: data: fonts.gstatic.com; frame-src 'self' https: *.rfihub.com static.hotjar.com c.sharethis.mgr.consensu.org www.facebook.com vars.hotjar.com *.doubleclick.net pixel.mathtag.com *.securetrading.net www.google.com www.zenaps.com www.google.co.uk ct.pinterest.com *.bazaarvoice.com www.googletagmanager.com matalanmoviemoments.co.uk *.arcot.com www.securesuite.co.uk cap.attempts.securecode.com; style-src 'self' 'unsafe-inline' cdn.taggstar.com display.ugc.bazaarvoice.com fonts.googleapis.com; img-src 'self' data: www.google-analytics.com bat.bing.com *.doubleclick.net www.google.com www.google.co.uk www.facebook.com ct.pinterest.com platform-cdn.sharethis.com *.imgix.net l.sharethis.com *.bazaarvoice.com matalan.evergage.com c.contentsquare.net match.adsrvr.org pixel.mathtag.com maps.gstatic.com maps.googleapis.com www.awin1.com www.zenaps.com s.kelkoogroup.net service.maxymiser.net www.googletagmanager.com cx.atdmt.com www.google.com.ua www.google.se rum-collector-2.pingdom.net www.gstatic.com www.google.com.ua www.google.com.vn www.google.ru www.google.ie www.google.com.tw; script-src 'self' 'unsafe-inline' 'unsafe-eval' matalan.evergage.com www.youtube.com service.maxymiser.net cdn.evgnet.com az692189.vo.msecnd.net t.contentsquare.net bat.bing.com static.hotjar.com platform-api.sharethis.com www.googleadservices.com cdn.tagstar.com www.googletagmanager.com www.google-analytics.com connect.facebook.net script.hotjar.com buttons-config.sharethis.com t.sharethis.com s.pinimg.com d16fk4ms6rqz1v.cloudfront.net *.rfihub.net *.rfihub.com cdn.taggstar.com *.doubleclick.net s.ytimg.com *.bazaarvoice.com www.dwin1.com rum-static.pingdom.net pixel.mathtag.com storage.googleapis.com s2.go-mpulse.net secure.adnxs.com adservice.google.com services.postcodeanywhere.co.uk maps.googleapis.com www.google.com www.gstatic.com www.zenaps.com www.google.co.uk s.kk-resources.com webservices.securetrading.net; connect-src 'self' matalan.evergage.com *.bazaarvoice.com api.taggstar.com l.sharethis.com ct.pinterest.com www.google-analytics.com log.taggstar.com bat.bing.com c.contentsquare.net collect.matalan.co.uk rum-collector-2.pingdom.net s.kelkoogroup.net *.doubleclick.net *.hotjar.com www.facebook.com vc.hotjar.io r.contentsquare.net; object-src t.contentsquare.net; worker-src blob:; report-uri https://4b860b6e286762d2f2ab119fe1228216.report-uri.com/r/d/csp/reportOnly 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; report-uri /report-mixed-content 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=0e86c73d7ba1c77936db352352ca715f 1
default-src 'self'; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com bam.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net 'unsafe-inline'; img-src 'self' www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.uk www.googletagmanager.com ml.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  *.prod.acquia-sites.com *.appliedmaterials.com:* data:; frame-src 'self' www.google.com ; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net data:; connect-src 'self' www.google-analytics.com bam.nr-data.net stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
report-uri https://csp.edipresse.pl/report/wizaz; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1
report-uri /api/csp-report/ 1
default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.signaturehardware.com initjs.rfk.signaturehardware.com *.rfksrv.com cdn.pdst.fm cdn.curalate.com tpc.googlesyndication.com c.zmags.com *.affirm.com s.go-mpulse.net *.authorize.net *.bazaarvoice.com *.cloudfront.net *.cloudmaestro.com *.criteo.com *.criteo.net *.listrakbi.com *.pepperjam.com *.pinterest.com *.steelhousemedia.com c.z-analytics.net code.jquery.com widget-mediator.zopim.com bam.nr-data.net bat.bing.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com maps.googleapis.com pinterest.adsymptotic.com pixel.mathtag.com platform.houzz.com s.pinimg.com services.listrak.com static.chartbeat.com static.site24x7rum.com static.zdassets.com tracking.deepsearch.adlucent.com v2.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.signaturehardware.com www.youtube.com pixel.snapsmedia.io boards.greenhouse.io s.ytimg.com edge.curalate.com nexus.ensighten.com mpsnare.iesnare.com cdn.noibu.com getrockerbox.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
script-src 'report-sample' 'nonce-FjQrtfiA/PPdU9wYxQY0Pw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/geo-discussion-forums-dispatch/ 1
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru svc.webspellchecker.net *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com; report-uri /csp-reports 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.sg&source%5Bsection%5D=brochure&source%5Buuid%5D=afcb80391c701a005425b278f83e21d5 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.mx&source%5Bsection%5D=brochure&source%5Buuid%5D=7a4014c9000270e12efad3820fa9ff2e 1
default-src https:; connect-src https: wss:; font-src https: data: mediastream:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; worker-src https: blob:; report-uri https://www.zoner.com/__scripts/cspreport.aspx; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com use.typekit.net www.google-analytics.com ssl.google-analytics.com script.crazyegg.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com unpkg.com localhost:3000; connect-src 'self' *.fontawesome.com performance.typekit.net api.addressy.com cable.us4.list-manage.com admin.cable.co.uk localhost:3000; img-src 'self' data: *.cable.co.uk p.typekit.net www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com fonts.typekit.net use.typekit.net maxcdn.bootstrapcdn.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com googleads.g.doubleclick.net data:; child-src 'self' blob:; report-uri /csp-violation-report/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=b0f52edf8179746b3fdf12bc56895909 1
script-src 'nonce--m0DiJwMQOpm9IwkOAz_0w' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self';                  frame-src 'self' lpcdn.lpsnmedia.net;                  frame-ancestors 'self';                  connect-src 'self' *.australiansuper.com;                  font-src 'self' 'unsafe-inline' data: *.azurewebsites.net *.australiansuper.com fonts.googleapis.com fonts.gstatic.com cloud.typography.com;                  img-src 'self' *.azurewebsites.net *.australiansuper.com www.google-analytics.com *.doubleclick.net www.google.com www.google.com.au;                  media-src 'self' data:;                  object-src 'none';                  script-src 'self' 'unsafe-inline' *.azurewebsites.net *.australiansuper.com www.googletagmanager.com www.google-analytics.com *.liveperson.net *.liveperson.com *.youtube.com s.ytimg.com accdn.lpsnmedia.net;                  style-src 'self' 'unsafe-inline' *.azurewebsites.net *.australiansuper.com fonts.googleapis.com cloud.typography.com; 1
default-src 'none'; script-src 'self'; connect-src 'self' https://*.goguardian.com; img-src 'self' https://*.goguardian.com; style-src 'self'; report-uri https://casper.goguardian.com/csp-report 1
child-src 'self'; connect-src 'self' https://*.amazonaws.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.pusher.com wss://*.pusherapp.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.cloudfront.net https://*.gstatic.com; frame-src 'self' https://*.embedly.com https://*.google.com https://*.instagram.com https://*.s3.amazonaws.com https://*.stripe.com https://*.vimeo.com; img-src 'self' data: http://*.gstatic.com https://*.cloudfront.net https://*.ctfassets.net https://*.google-analytics.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.ytimg.com https://gravatar.com; manifest-src 'self'; media-src 'self' http://*.gstatic.com https://*.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.gstatic.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.pusher.com https://*.stripe.com https://instant.page; style-src 'self' 'unsafe-inline' https://*.cloudfront.net; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c2f690c70bd2203791fa5b65771c7bbb 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/  http://player.polyv.net https://player.polyv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1
frame-ancestors topface.com *.topface.com vk.com *.vk.com http://mail.ru http://*.mail.ru https://mail.ru https://*.mail.ru ok.ru *.ok.ru renren.com *.renren.com apps.facebook.com; report-uri /csp-report/; 1
default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.typekit.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.demandbase.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com  https://aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com *.demandbase.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' https://use.typekit.net data: ; 1
default-src 'none'; connect-src https://cdn-ukwest.onetrust.com https://links.services.disqus.com https://ds-aksb-a.akamaihd.net https://services.postcodeanywhere.co.uk https://colres.sitelabweb.com https://api.247-inc.net https://api.bazaarvoice.com https://api.particularaudience.com https://bam.nr-data.net https://ct.pinterest.com https://d1af033869koo7.cloudfront.net https://in.particularaudience.com https://tie.247-inc.net https://ws.sessioncam.com https://www.facebook.com https://www.google-analytics.com 'self'; font-src data: https://cdn.habitat.co.uk https://fonts.gstatic.com 'self'; form-action https://r1.dmtrk.net https://hps.datacash.com https://syndication.twitter.com https://www.facebook.com 'self'; frame-ancestors 'self'; frame-src 'self' https://disqus.com https://r1.dotdigital-pages.com https://*.fls.doubleclick.net https://d1af033869koo7.cloudfront.net https://platform.twitter.com https://staticxx.facebook.com https://syndication.twitter.com https://wkxppshj-qx.global.ssl.fastly.net https://www.facebook.com https://www.google.com; img-src data: https://az.sitelabweb.com https://c.disquscdn.com https://referrer.disqus.com https://photos-eu.bazaarvoice.com https://www.awin1.com https://display.ugc.bazaarvoice.com https://network-eu.bazaarvoice.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://www.zenaps.com https://khms0.googleapis.com https://khms1.googleapis.com https://abs.twimg.com https://bam.nr-data.net https://cdn.habitat.co.uk https://colrep.sitelabweb.com https://colres.sitelabweb.com https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://i.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://pbs.twimg.com https://platform.twitter.com https://r1.trackedweb.net https://ssl.google-analytics.com https://syndication.twitter.com https://ws.sessioncam.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk 'self' https://www.zenaps.com; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https://az.sitelabweb.com https://cdn-ukwest.onetrust.com https://c.disquscdn.com https://r1.dotdigital-pages.com https://analytics-static.ugc.bazaarvoice.com https://api.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://display.ugc.bazaarvoice.com https://network-eu.bazaarvoice.com https://cdn.480app.com https://colres.sitelabweb.com https://habit11118.pcapredict.com https://sainsburys.ca.assist.247-inc.net https://services.postcodeanywhere.co.uk https://ajax.googleapis.com https://assets.pinterest.com https://bam.nr-data.net https://cdn.habitat.co.uk https://cdn.particularaudience.com https://cdn.syndication.twimg.com https://connect.facebook.net https://d1af033869koo7.cloudfront.net https://d2oh4tlt9mrke9.cloudfront.net https://ds-aksb-a.akamaihd.net https://googleads.g.doubleclick.net https://habitatblog.disqus.com https://js-agent.newrelic.com https://kiybdhzql-g.global.ssl.fastly.net https://log.pinterest.com https://maps.googleapis.com https://platform.twitter.com https://r1-t.trackedlink.net https://s.pinimg.com https://ssl.google-analytics.com https://static.trackedweb.net https://webinsight.s3.amazonaws.com https://widgets.pinterest.com https://wkxppshj-qx.global.ssl.fastly.net https://ws.sessioncam.com https://www.dwin1.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com 'self' https://www.ist-track.com; style-src 'unsafe-inline' 'self' https://plaform.twitter.com https://c.disquscdn.com https://display.ugc.bazaarvoice.com https://fonts.googleapis.com https://services.postcodeanywhere.co.uk https://cdn.habitat.co.uk; worker-src blob:; report-uri https://www.habitat.co.uk/csp-report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A1QAP3MOU4173J:sid=357-8633332-5777553:rid=37760D9AD3GGHKHKY8T2:sn=www.audible.co.jp 1
default-src https: 'unsafe-inline' 'unsafe-eval' https://*.zopim.com wss://*.zopim.com https://*.zopim.io; img-src data: https:; font-src https:; report-uri /csp-report-uri; report-to csp-endpoint 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.hk/ajax/csp-violation/action 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu https://app-script.monsido.com https://tracking.monsido.com https://code.jquery.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu  https://app-script.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://cdn.yoshki.com *.google.com *.gstatic.com; object-src 'self'; img-src 'self' *.usercentrics.eu  *.monsido.com http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.usercentrics.eu;frame-ancestors 'self' *.usercentrics.eu  https://tracking.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://d347b8264a61d229bec175972d08ae24.report-uri.io/r/default/csp/enforce 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=addja4dfglm8q&partner=; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.getolympus.com getolympus.com *.pixlee.com apis.google.com *.pxlecdn.com seal.thawte.com browser.sentry-cdn.com www.google-analytics.com www.googletagmanager.com www.youtube.com *.googleapis.com s.ytimg.com a.optnmnstr.com rum-static.pingdom.net cdn.inpwrd.net connect.facebook.net js.adsrvr.org siteimproveanalytics.com static.criteo.net *.krxd.net www.googleadservices.com *.yimg.com googleads.g.doubleclick.net *.criteo.com *.analytics.yahoo.com *.igodigital.com cdn.socialannex.com *.pubble.io *.signifyd.com api.omappapi.com insight.adsrvr.org *.owneriq.net *.vimeo.com *.socialannex.com *.online-metrix.net app.aspireiq.com flex.msn.com www.emjcd.com tracking.deepsearch.adlucent js.pusher.com cdn.mxpnl.com www.google.com *.olympusamerica.com 1
default-src 'self'; script-src 'self' www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com cdn.jsdelivr.net/npm/vue cdnjs.cloudflare.com/ajax/libs/select2 api3.libcal.com/js 'sha256-8c+PEXDYpnF2n7Jv8vx0beSqRgcOA/XgmPzseHI+FpQ=' 'sha256-P0fnbsmkhdk34CMqQ1NzmPA5Rs7g65ljookuUilxdGs='; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: www.google-analytics.com; frame-src vars.hotjar.com; child-src vars.hotjar.com; font-src 'self' fonts.gstatic.com assets.transparently.com; connect-src 'self' www.google-analytics.com vc.hotjar.io endeca.ohsu.edu; report-uri /report-csp-violation 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.fotbollskanalen.se; report-uri https://csp-report.b17g.net/ 1
default-src https: 'self' 'unsafe-inline';   1
object-src 'self' *.flocabulary.com s3.amazonaws.com; frame-src 'self' www.facebook.com s3.amazonaws.com; img-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com s3.amazonaws.com biggie-the-cat.s3.amazonaws.com www.facebook.com track.hubspot.com events.fivetran.com www.google-analytics.com cx.atdmt.com stats.g.doubleclick.net data:; font-src 'self' *.flocabulary.com use.typekit.net use.typekit.com data:; default-src 'self' *.flocabulary.com; style-src 'self' *.flocabulary.com use.typekit.net use.typekit.com p.typekit.net 'unsafe-inline'; media-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com; script-src 'self' *.flocabulary.com www.googletagmanager.com 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' connect.facebook.net apis.google.com ajax.googleapis.com www.google-analytics.com js.hsleadflows.net js.hs-analytics.net bam.nr-data.net js-agent.newrelic.com d1fc8wv8zag5ca.cloudfront.net 'nonce-7c22G4qX4i3z1YDe'; connect-src 'self' sessions.bugsnag.com forms.hubspot.com biggie-the-cat.s3.amazonaws.com bam.nr-data.net; frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; report-uri https://1790360b11fe0efc9c9d543e4d7dfa4d.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 1
default-src *.pharm24.gr data:; frame-src *.googletagmanager.com *.dco.gr *.disqus.com *.linkwi.se *.adsrvr.org *.google.com *.googlesyndication.com *.agkn.com *.facebook.net *.facebook.com *.youtube.com *.cookiebot.com *.aimtell.com; img-src * data: *.pharm24.gr *.youtube.com *.facebook.com trustmark.gr; script-src 'self' *.pharm24.gr *.googleapis.com *.google.com *.cloudflareinsights.com *.cloudflare.com *.disquscdn.com *.shareaholic.com *.stackpathcdn.com *.cloudfront.net *.adsrvr.org *.instagram.com *.ampproject.org *.googlesyndication.com *.disqus.com *.cookiebot.com trustmark.gr *.agkn.com *.zdassets.com *.trustmark.gr *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.com connect.facebook.net *.facebook.net googleads.g.doubleclick.net *.doubleclick.net *.zopim.com *.linkwi.se s3.amazonaws.com *.amazonaws.com *.aimtell.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.pharm24.gr *.bootstrapcdn.com 'unsafe-inline'; worker-src 'self' *.aimtell.com; font-src 'self' *.stats.pharm24.gr *.pharm24.gr *.gstatic.com *.bootstrapcdn.com *.stackpathcdn.com *.zopim.com data:; connect-src *.trustmark.gr *.ampproject.org *.google.com *.google.gr *.disqus.com *.shareaholic.net backup.pharm24.gr:* *.pharm24.gr *.doubleclick.net *.google-analytics.com *.agkn.com *.zdassets.com  *.amazonaws.com *.facebook.com *.aimtell.com wss://widget-mediator.zopim.com; report-uri https://g0rhndej.uriports.com/reports/report 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.optimizely.com https://static.ads-twitter.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://ssl.google-analytics.com https://www.youtube.com https://v1-tt.ixigua.com https://www.google.com https://*.googleapis.com https://bat.bing.com use.typekit.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://ajax.aspnetcdn.com https://s.ytimg.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com use.typekit.net https://hello.myfonts.net; img-src * data: ; font-src 'self' data: https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja; child-src 'self' http://sdn.sitecore.net https://www.youtube.com https://v1-tt.ixigua.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com ; frame-src 'self' http://sdn.sitecore.net https://www.youtube.com https://v1-tt.ixigua.com; frame-ancestors 'self' ; connect-src 'self' https://rum-collector-2.pingdom.net ; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1
block-all-mixed-content; default-src 'self'; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://*.googleapis.com https://*.novozymes.com https://ssl.google-analytics.com https://*.linkedin.com https://*.pardot.com https://*.cookieinformation.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.sharethis.com https://*.hotjar.com https://*.facebook.net https://*.licdn.com https://*.marketo.com https://*.marketo.net; style-src 'self' 'unsafe-inline' https://*.marketo.com https://fonts.googleapis.com/css https://ws.sharethis.com; img-src 'self' data: https:; child-src 'self' https://*.sharethis.com https://*.hotjar.com https://*.cookieinformation.com; connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.mktoutil.com https://*.sharethis.com https://*.doubleclick.net https://*.cookieinformation.com https://*.mktoresp.com https://*.google-analytics.com; frame-src 'self' https://www.novozymes.tv https://nz.23video.com https://*.sitecore.net https://sitecoreboost.azurewebsites.net https://*.pardot.com bid.g.doubleclick.net *.hotjar.com https://*.cookieinformation.com https://*.vimeo.com https://ws.sharethis.com https://www.youtube.com https://www.facebook.com https://*.marketo.com https://www.googletagmanager.com; report-uri https://novozymes.report-uri.com/r/d/csp/reportOnly 1
default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1
default-src *; img-src *; frame-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; report-uri https://www.tyan.com 1
base-uri 'none';object-src 'unsafe-eval';default-src 'self';child-src 'self' https://ghbtns.com https://marketingwizards.go2cloud.org https://www.google.com https://www.googletagmanager.com https://www.youtube.com;connect-src 'self' https://*.tawk.to https://*.livecall.io https://*.jsdelivr.net https://*.google-analytics.com https://*.itaka.pl https://www.facebook.com https://*.doubleclick.net https://*.sentry.io https://hn.inspectlet.com https://*.hotjar.com https://*.hotjar.io;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://*.tawk.to;frame-src http://*.doubleclick.net https://user-test.projectxyz.eu https://user.itaka.pl https://*.google.com https://creativecdn.com https://widget.eu.criteo.com https://static.criteo.net https://8039447.fls.doubleclick.net https://www.facebook.com https://*.doubleclick.net https://*.criteo.com https://*.hotjar.com;img-src 'self' data: *.gstatic.com https://www.google.pl https://*.facebook.com https://*.googleapis.com www.googletagmanager.com https://ad.mail.ru https://ad.sxp.smartclip.net https://ad.turn.com https://ads.stickyadstv.com https://ads.yahoo.com https://ads.yieldmo.com https://*.tawk.to https://*.livecall.io https://*.jsdelivr.net https://api.seeplaces.com https://*.google.com https://*.google-analytics.com https://*.itaka.pl https://*.doubleclick.net https://*.criteo.com https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://pixel.advertising.com https://i.content4travel.com;media-src 'self' https://*.tawk.to https://*.livecall.io https://*.itaka.pl;script-src 'unsafe-eval' 'strict-dynamic' 'report-sample' https://d.adroll.com https://s.adroll.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.createjs.com https://sslwidget.criteo.com https://static.criteo.net https://connect.facebook.net https://maps.gstatic.com https://www.google.com https://apis.google.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://in.hotjar.com https://vc.hotjar.io https://script.hotjar.com https://static.hotjar.com https://cdn.inspectlet.com https://hn.inspectlet.com https://api.ipify.org https://ssl.p.jwpcdn.com https://*.livecall.io https://geoip.livecall.io https://signalling.livecall.io https://cdn.ravenjs.com https://yandex.st https://mc.yandex.ru https://*.tawk.to https://*.jsdelivr.net https://*.consensu.org https://*.itaka.pl https://*.leadexpert.pl 'nonce-41362f5f7776cbcaab5c2ef888b04ede';style-src 'self' 'unsafe-inline' https://*.itaka.pl https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.livecall.io https://ssl.p.jwpcdn.com https://unpkg.com https://cdn.jsdelivr.net https://ajax.googleapis.com;report-uri https://itatst.report-uri.com/r/d/csp/reportOnly 1
default-src data: https://apps.akbars.ru https://sravni.go2cloud.org https://www.akbars.ru https://fonts.gstatic.com https://mc.yandex.ru https://yandex.ru https://api-maps.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://google-analytics.bi.owox.com https://dadata.ru https://suggestions.dadata.ru 'self'; script-src blob: data: https://apps.akbars.ru https://ajax.aspnetcdn.com https://sitesearch-suggest.yandex.ru https://yandex.ru https://site.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://clck.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://apps.akbars.ru https://fonts.googleapis.com https://yastatic.net 'self' 'unsafe-inline'; img-src blob: data: https://apps.akbars.ru https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastat.net https://yastatic.net https://yandex.st https://yandex.ru https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://www.googletagmanager.com https://www.google-analytics.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com 'self'; frame-src https://api-maps.yandex.ru https://www.facebook.com https://www.youtube.com 'self'; upgrade-insecure-requests; report-uri https://www.akbars.ru/csp_report/ 1
img-src https://pp.vk.me https://special.astrobl.ru https://www.astrobl.ru https://*.yandex.ru https://*.astrakhan.ru stat.sputnik.ru *.rambler.ru; script-src 'unsafe-inline' 'unsafe-eval' https://special.astrobl.ru https://thj.astrakhan.ru https://www.astrobl.ru *.yandex.ru gosmonitor.ru *.rambler.ru stat.sputnik.ru; style-src 'unsafe-inline' https://special.astrobl.ru https://www.astrobl.ru; font-src https://special.astrobl.ru https://www.astrobl.ru; media-src https://www.youtube.com https://vk.com; 1
default-src 'self' *.typekit.net *.google.com *.gstatic.com *.googleapis.com *.vimeo.com http://siteimproveanalytics.com https://vimeo.com *.googletagmanager.com 1
frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self'; ; connect-src https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:3004 wss://cdn.ukraine.com.ua:3004 https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=fb08474af2be4245fe5c620ba7f6eefd 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri /data/csp 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: acsbap.com api.swiftype.com www.googleadservices.com s.dca0.com api.braintreegateway.com www.paypalobjects.com s.pinimg.com static.hotjar.com script.hotjar.com js-agent.newrelic.com *.webscalenetworks.net cdn.attn.tv sn.dca0.com bam.nr-data.net cdn4.forter.com d.adroll.com script.crazyegg.com cdn.listrakbi.com s1.listrakbi.com rum-static.pingdom.net s.swiftypecdn.com amiclubwear.com *.amiclubwear.com use.fontawesome.com apis.google.com *.cloudmaestro.com *.lagrangesystems.net d.adroll.mgr.consensu.org s.adroll.com *.facebook.net *.facebook.com *.cloudfront.net www.googletagmanager.com www.google-analytics.com www.gstatic.com googleads.g.doubleclick.net bat.bing.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net 'unsafe-inline'; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=134-4535417-4522727:rid=7B84132838A6413C8AA6:sn=www.newworld.com 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.fr&source%5Bsection%5D=brochure&source%5Buuid%5D=0f152dcc95cfb28b8bf5316e528422ab 1
default-src 'self'; frame-src https://api-5487f10a.duosecurity.com/; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com/; report-uri /csp-reports.php 1
font-src http://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net http://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com http://www.facebook.com http://vars.hotjar.com http://bid.g.doubleclick.net *.cardknox.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.linksynergy.com http://www.google-analytics.com *.rlcdn.com http://www.facebook.com *.g.doubleclick.net http://www.google.com http://www.google.ca *.klaviyo.com http://maps.gstatic.com http://cdsusa.veinteractive.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com http://connect.facebook.net http://www.google-analytics.com http://www.googletagmanager.com *.hotjar.com *.linksynergy.com *.pingdom.net http://intljs.rmtag.com http://tag.rmp.rakuten.com http://www.rtb123.com http://platform.twitter.com http://d2rp1k1dldbai6.cloudfront.net http://storage.googleapis.com http://files1.cybba.solutions http://app.cybba.solutions *.klaviyo.com http://ajax.cloudflare.com http://maps.googleapis.com http://www.googleadservices.com http://googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com http://maxcdn.bootstrapcdn.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.pingdom.net *.hotjar.com *.hotjar.io *.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report-uri.php; report-to report-endpoint; 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:;  object-src 'self'; font-src https: data:; script-src 'nonce-10d2495c-76e1-4f1a-a5ab-8e2fc176fc2d' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.esu.edu https://*.meritpages.com;default-src  'self';connect-src 'self' https://*.hotjar.com https://*.hotjar.io https://*.libchat.com https://fonts.googleapis.com https://*.fontawesome.com https://www.google.com https://www.google-analytics.com/j/collect https://ems.admin.esu.edu/MasterCalendar/RSSFeeds.aspx https://quantum.esu.edu/ https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com wss://*.hotjar.com;font-src 'self' data: https://*.fontawesome.com https://*.hotjar.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;frame-src https://*.doubleclick.net https://*.facebook.com https://*.youvisit.com https://cse.google.com https://docs.google.com https://e.issuu.com https://esumediasite.passhe.edu https://insight.adsrvr.org https://match.adsrvr.org https://platform.twitter.com https://quantum.esu.edu/ https://syndication.twitter.com https://tpc.googlesyndication.com https://widgets.pacollegetransfer.com https://vars.hotjar.com https://www.google.com/maps/ https://www.googletagmanager.com https://www.youtube.com https://w3.cdn.anvato.net;img-src 'self'  data: *;script-src 'strict-dynamic' 'self'  'nonce-TzdScUMzQlYrZmhQUnI5azB3dFBrUT09' 'sha256-SV0NVxJcDlP/fCfnDBlvuZ4GJIQm7FOBfj2voZ5WFQ4=' 'sha256-01Ye2pawPepoRQi0W3fGog5wluX/sO7LxR/iyLwrSs4=' 'sha256-9M3QWwW8rGylG4Ec/mXguiAxdQqT554rs1MuWBaEPo8=' 'sha256-7RpyAYatoSU+nzCphqsSO8XuGK94NDpPfctuU5nO5B4=' 'sha256-ubSZeVOR9WN7JesrXdbyma0DTjPVebDIzuBPcxLLZRM=' 'sha256-782D6t1Ttvw323BTi7sUAlFjKZjNnufiwQzJSi1NdTA=' https://*.hotjar.com https://api.flickr.com https://cdn.syndication.twimg.com/ https://connect.facebook.net https://fast.wistia.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://kit.fontawesome.com https://platform.twitter.com https://quantum.esu.edu https://siteimproveanalytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://v2.libanswers.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youvisit.com;style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://kit-pro.fontawesome.com/releases/latest/css/pro.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css https://platform.twitter.com/css/ https://quantum.esu.edu/instagram-feed-pro-standalone/instagram-feed/css/sb-instagram-standalone-3.1.min.css https://tagmanager.google.com https://ton.twimg.com https://www.google.com/cse/;report-uri https://w914pa7t.uriports.com/reports/report; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' exeter.edu *.cincopa.com  www.google-analytics.com cdn.ckeditor.com www.google.com cse.google.com www.googleapis.com www.googletagmanager.com support.ebscohost.com ajax.googleapis.com maxcdn.bootstrapcdn.com bam.nr-data.net js-agent.newrelic.com code.jquery.com www.youtube.com s.ytimg.com platform.instagram.com static.tagboard.com platform.twitter.com cdn.syndication.twimg.com calendar.exeter.edu connect.facebook.net  siteimproveanalytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' exeter.edu *.cincopa.com cdn.ckeditor.com www.google.com platform.twitter.com; img-src 'self' data: *.cincopa.com cdn.ckeditor.com www.google.com cse.google.com www.google-analytics.com www.googleapis.com clients1.google.com syndication.twitter.com pbs.twimg.com www.facebook.com stats.g.doubleclick.net *.siteimprove.com; media-src 'self' ; frame-src www.google.com www.youtube.com player.vimeo.com *.exeter.edu cse.google.com www.googletagmanager.com www.instagram.com embeds.tagboard.com platform.twitter.com syndication.twitter.com youtube.com; font-src 'self' data: cincopa.com; connect-src 'self' *.cincopa.com www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' ospreypublishing.com *.googletagmanager.com *.hotjar.com www.google-analytics.com platform.twitter.com cdn.syndication.twimg.com *.facebook.net *.google.com www.gstatic.com *.cloudmaestro.com 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https:; img-src 'self' blob: data: https: http:; media-src 'self' https:; worker-src 'self' https://zenkit.com https://*.zenkit.com; frame-src https: blob:; frame-ancestors https:; connect-src 'self' https: wss:; object-src 'self' https://djtflbt20bdde.cloudfront.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https:; report-uri /csp-report 1
default-src 'self'; frame-src 'self' https://facebook.com *.facebook.com https://*.youcanbook.me https://www.google.com https://www.youtube.com *.vimeo.com https://cdn.digitrust.mgr.consensu.org/ https://optimize.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.digitrust.mgr.consensu.org http://connect.facebook.net https://connect.facebook.net http://hm.baidu.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net; img-src 'self' https://awardwallet.com http://hm.baidu.com https://www.facebook.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://optimize.google.com https://www.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net; media-src 'self' 'unsafe-inline'; connect-src 'self' https://cmp.digitru.st https://vendorlist.consensu.org https://www.google-analytics.com; report-uri /csp-report; 1
default-src data: 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; media-src blob: https:; img-src https: data:; font-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; report-uri /corp_includes/report_only.php 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://h.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com data: https://imgs.signifyd.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.googletagmanager.com maps.googleapis.com developers.google.com https://t.trackedlink.net https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://imgs.signifyd.com https://cdn.searchspring.net https://api-cache.searchspring.io https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.searchspring.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://imgs.signifyd.com https://beacon.searchspring.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; report-uri https://csp.condenet.co.uk/r/cn/prod 1
font-src 'self' fonts.gstatic.com script.hotjar.com; img-src 'self' maps.googleapis.com maps.gstatic.com www.facebook.com data script.hotjar.com ssl.google-analytics.com stats.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' connect.facebook.net dl.episerver.net maps.googleapis.com player.vimeo.com s.ytimg.com www.youtube.com s7.addthis.com az416426.vo.msecnd.net ssl.google-analytics.com static.hotjar.com v1.addthis.com v1.addthisedge.com www.googletagmanager.com px.ads.linkedin.com script.hotjar.com snap.licdn.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com addtocalendar.com; connect-src 'self' s7.addthis.com v1.addthis.com vc.hotjar.io www.facebook.com in.hotjar.com; style-src-attr 'unsafe-inline';report-uri https://6cfee9ad2f0a0f5886b889b97f0c1e3e.report-uri.com/r/d/csp/wizard 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/; media-src 'self' https://projectlombok.org/; script-src 'self' 'sha256-H639OXZXKP0j2o4p/B40Znp/sDbQKrAYH8hMr+jDUEg=' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; report-uri https://projectlombok.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 1
frame-ancestors 'self'; report-uri https://qnhknc5np9.execute-api.us-east-1.amazonaws.com/prod/csp-report 1
default-src 'none'; base-uri 'none'; worker-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'self'; frame-ancestors 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-src 'self' https://captcha.riigiteataja.ee; img-src 'self' https://ssl.google-analytics.com; script-src 'self' https://ssl.google-analytics.com; style-src 'self'; report-uri /csp; 1
object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.simmsfishing.com static.klaviyo.com fast.a.klaviyo.com www.instagram.com salesiq.zoho.com woobox.com js.zohocdn.com js.zohostatic.com h.online-metrix.net v1.addthisedge.com z.moatads.com surveyjs.azureedge.net *.signifyd.com snapwidget.com creator.zmags.com bam.nr-data.net *.lytics.io *.turnto.com code.jquery.com js-agent.newrelic.com simms.locally.com simmsfishing.matomo.cloud *.criteo.net *.criteo.com www.google-analytics.com connect.facebook.net manage.hawksearch.com player.vimeo.com www.googletagmanager.com *.hotjar.com *.avmws.com *.trackedlink.net *.doubleclick.net bat.bing.com s.ytimg.com www.googleadservices.com www.gstatic.com static.trackedweb.net *.cloudfront.net email.simmsfishing.com graph.facebook.com *.addthis.com www.google.com www.youtube.com www.reddit.com widgets.pinterest.com apis.google.com s3.amazonaws.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://s7.addthis.com https://v1.addthisedge.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com cdn.jsdelivr.net; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' http://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com http://graph.facebook.com http://api-public.addthis.com https://cdnjs.cloudflare.com https://api-public.addthis.com https://s.go-mpulse.net https://js-agent.newrelic.com https://bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://use.fontawesome.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; frame-ancestors 'self'; report-uri https://www.insurekidsnow.gov/report-uri/reportOnly 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.addthis.com m.addthisedge.com *.pinterest.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.inspectlet.com *.freshchat.com *.ckeditor.com 'nonce-1wwuoIv/iIpCfdeFof8Ezg=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.googleapis.com *.typekit.net *.freshchat.com *.ckeditor.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com s7.addthis.com assets.pinterest.com www.youtube.com *.freshchat.com player.vimeo.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com checkout.paypal.com *.mmapiws.com widget.trustpilot.com *.typekit.net m.addthis.com *.honeybadger.io www.facebook.com *.inspectlet.com s.yimg.com http://localhost:3035 ws://localhost:3035 wss://ws.inspectlet.com/ d2tic578h94r8u.cloudfront.net strict-dynamic; report-uri /csp_reports 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://464b711251f54c909b7a68dbb569ad3b.myssl-uri.com/api/csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 1
child-src 'self'; connect-src 'self' blob: https://*.alan.com https://*.fullstory.com https://*.intercom.io https://0c49l8yjud.execute-api.eu-central-1.amazonaws.com https://api-iam.intercom.io https://api.rollbar.com https://api.segment.io https://cdn.contentful.com https://places-2.algolianet.com https://vj2f6ryb83-*.algolianet.com https://vj2f6ryb83-dsn.algolia.net wss://*.intercom.io; default-src 'self'; font-src 'self' data: https://js.intercomcdn.com https://static.alan.com; frame-src 'self' blob: https://*.alan.com https://app.hellosign.com https://intercom-sheets.com; img-src 'self' blob: data: https://*.alan.com https://*.fullstory.com https://alan-113f6a4d40f8.intercom-attachments-5.com https://downloads.intercomcdn.com https://js.intercomcdn.com https://static.alan.com https://static.intercomassets.com https://tools.alan.eu; manifest-src 'self'; media-src 'self' https://s3.eu-central-1.amazonaws.com; object-src 'self' blob: https://*.alan.com https://static.alan.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fullstory.com https://*.intercom.io https://cdn.segment.com https://cdnjs.cloudflare.com https://fullstory.com https://js.intercomcdn.com https://maps.googleapis.com https://static.alan.com https://static.cloudflareinsights.com https://widget.intercom.io wss://*.intercom.io; style-src 'self' 'unsafe-inline' https://static.alan.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_8b966152014e1e03304a2307e39e9741 1
default-src 'none'; block-all-mixed-content; connect-src https://*.huffingtonpost.co.uk https://*.huffingtonpost.com 'self'; frame-ancestors 'none'; img-src https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; media-src 'none'; script-src 'self' 'nonce-o9oLtsbEMhebCv5ux2fPA12LgA9OxIki' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; style-src 'self' 'nonce-o9oLtsbEMhebCv5ux2fPA12LgA9OxIki' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.za&source%5Bsection%5D=brochure&source%5Buuid%5D=5f553c08fa9848f528cb9124964b6132 1
default-src https://www.google-analytics.com 'self' https://*.akamaihd.net https://*.wistia.com; media-src https: http: ; script-src https://*.wistia.com https://*.wistia.net https://*.cloudflare.com https://*.twimg.com/ https://*.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com; connect-src https://*.akamaihd.net https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.google-analytics.com https://*.doubleclick.net 'self' wss://bitcoingold.org wss://explorer.bitcoingold.org; img-src 'self' https: http: data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.twitter.com https://*.twimg.com; font-src data: https://*.twitter.com 'self' https://themes.googleusercontent.comi https://*.gstatic.com https://*.googleapis.com https://*.w.org; frame-src https://*.wistia.com https://*.wistia.net https://*.twitter.com https://*.doubleclick.net 'self' https://*.facebook.com; object-src 'self' https://*.bitcoingold.org; report-uri https://bitcoingold.org/csp-report/ 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=ejb29idfglofs&partner=; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.everplans.com js-agent.newrelic.com bam.nr-data.net pi.pardot.com a248.e.akamai.net downloads.mailchimp.com mc.us7.list-manage.com *.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.googleadservices.com *.g.doubleclick.net use.typekit.net *.livechatinc.com *.addthis.com v1.addthisedge.com *.twitter.com connect.facebook.net cdn.embedly.com px.ads.linkedin.com fast.wistia.com onlinedialogue.s3.amazonaws.com snap.licdn.com try.abtasty.com; object-src 'self'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com fonts.googleapis.com netdna.bootstrapcdn.com; img-src 'self' data: *.everplans.com p.typekit.net ping.chartbeat.net secure.livechatinc.com www.google.com www.googletagmanager.com stats.g.doubleclick.net i.imgur.com v1.addthis.com t.co www.facebook.com storage.pardot.com fast.wistia.com embedwistia-a.akamaihd.net; media-src 'self' blob: data: cdn.livechatinc.com embedwistia-a.akamaihd.net; frame-src 'self' *.everplans.com secure.livechatinc.com go.pardot.com *.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; frame-ancestors 'self'; child-src 'self' *.everplans.com s7.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; font-src 'self' data: fonts.gstatic.com use.typekit.net netdna.bootstrapcdn.com; connect-src 'self' data: *.everplans.com stats.g.doubleclick.net v1.addthis.com *.wistia.com embedwistia-a.akamaihd.net *.abtasty.com; report-uri https://everplans.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
base-uri 'none'; script-src 'unsafe-eval' 'unsafe-inline' data: blob: http: https:; object-src 'none'; report-uri https://sentry.itgalaxy.company/api/85/csp-report/?sentry_key=1fbf25e90f114a3d83a19aa4fa432dcf 1
script-src 'self' 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self'; object-src 'self'; report-uri /cspreportonly; 1
default-src https://www.guiabolso.com.br https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://webchat.helpshift.com 1
img-src 'self' blob: img.jobcloud.io pixel.7ltp.com content.scout24.ch *.g.doubleclick.net *.google-analytics.com *.appcast.io *.jobscout24.ch *.gstatic.com *.googletagmanager.com trk.thematopi.com https://pixel.watch *.amazonaws.com; object-src 'self';connect-src 'self' c.jobscout24.ch stats.g.doubleclick.net *.tealiumiq.com *.hotjar.com vc.hotjar.io www.google-analytics.com *.intercom.io wss://*.intercom.io *.jobs.ch wss://*.hotjar.com; frame-src 'self' vars.hotjar.com *.jobs.ch *.google.com landbot.io *.alisearch.ch https://www.youtube.com https://maps.google.de https://www.googletagmanager.com; script-src 'unsafe-inline' 'self' *.tealiumiq.com *.tiqcdn.com static.hotjar.com script.hotjar.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.appcast.io *.google.com *.gstatic.com *.intercom.io *.intercomcdn.com *.landbot.io c.jobscout24.ch; report-uri https://js24.report-uri.com/r/d/csp/reportOnly; report-to csp-endpoint; 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-e561ebb5125fa25cbfaf1883e3b9fcc5' 'sha384-7uqQfGVKWAthYOKjE4CToVZDjNGO+rxLDL5sFo1HUI3u+vwLmAinEM0/LcURoj1h' 'sha256-spTpc4lvj4dOkKjrGokIrHkJgNA0xMS98Pw9N7ir9oI=' 'sha384-4FS9nLDjKOPIgz/SgGvZV4C8RHHRyRP1Fb6ZW/XH/o8PFaviPmgzLc6kOS2GQ87x' 'sha384-3vojR0D/VZNPM9rutbkAQlVZeDVrc50TkyBVfVpqoZzVQpWA65x5mQXOij0vt2Cu' 'sha384-VI5+XuguQ/l3kUhh4knz7Hxptx47wpQbVRDnp8v7Vvuhzwn1PEYb/uvtH6KLxv6d' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src https://doordash.com https://analytics.google.com https://api.amplitude.com https://ct.pinterest.com https://p.tvpixel.com https://api.segment.io https://bat.bing.com https://www.facebook.com https://sentry.io https://bam.nr-data.net https://page-service-qa.doordash.com https://page-service.doordash.com https://cdn.doordash.com https://tn.alphonso.tv https://s3-design-language-system.cdn4dd.com https://logx.optimizely.com https://*.optimizely.com https://www.google-analytics.com https://www.doordash.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.order.online https://preview.trycaviar.com https://staging.trycaviar.com https://qa.trycaviar.com/ https://www.trycaviar.com https://trycaviar.com https://www.google.com; frame-ancestors 'self'; report-uri https://sentry.io/api/5175049/security/?sentry_key=c269bf7b8bc44929b43bbb29e11cece5&sentry_environment=qa; worker-src 'none' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.hk&source%5Bsection%5D=brochure&source%5Buuid%5D=0293d183f539f992120dc4d06725b8e3 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com www.google-analytics.com www.gstatic.com www.google.com 'nonce-MjYxNTkxOTU2MCwxODE4Njc1NDI4'; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com www.google-analytics.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
default-src 'self' *.plugin-alliance.com;    script-src 'self' analytics.twitter.com cdnjs.cloudflare.com connect.facebook.net platform.twitter.com proxy-assets.churnbuster.io s.ytimg.com static.ads-twitter.com/uwt.js trackcmp.net www.google-analytics.com www.youtube.com 'unsafe-inline';    style-src 'self' cdnjs.cloudflare.com proxy-assets.churnbuster.io 'unsafe-inline';    img-src 'self' *.plugin-alliance.com analytics.twitter.com data: d26781mews02ac.cloudfront.net i.ytimg.com img.youtube.com stats.g.doubleclick.net t.co www.facebook.com www.google.de www.google-analytics.com yt3.ggpht.com;    font-src 'self' cdnjs.cloudflare.com;    connect-src 'self' stats.g.doubleclick.net www.google-analytics.com;    frame-src 'self' d271ulnm1ao6ig.cloudfront.net embed.pivotshare.com pages.churnbuster.io staticxx.facebook.com w.soundcloud.com www.facebook.com www.youtube.com;    form-action 'self' plugin-alliance.us3.list-manage.com www.facebook.com/tr/;    block-all-mixed-content;    report-uri https://pluginalliance.report-uri.com/r/d/csp/wizard 1
report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1
child-src 'self'; connect-src 'self' https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com https://*.bitopro.com https://*.onesignal.com https://*.facebook.com https://*.google-analytics.com https://*.rollbar.com wss://*.bitopro.com; default-src 'self' https://*.bitopro.com wss://*.bitopro.com; font-src 'self' data: https://*.bitopro.com https://*.gstatic.com; frame-src 'self' https://*.os.tc/ https://*.onesignal.com/ https://*.hotjar.com/ https://*.facebook.com https://*.google.com https://*.bitopro.com wss://*.bitopro.com; img-src 'self' data: https://stats.g.doubleclick.net https://*.hotjar.com/ http://*.hotjar.io https://*.bitopro.com https://*.google-analytics.com https://*.google.com https://*.google.com.tw http://*.googletagmanager.com https://*.gstatic.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.onesignal.com https://*.hotjar.com/ https://*.hotjar.io https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.bitopro.com https://*.newrelic.com wss://*.bitopro.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bitopro.com wss://*.bitopro.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_262aff7c6ed6c8d196bdc235e017eab1 1
report-uri https://sentry.io/api/221673/security/?sentry_key=3afaff7eee7146358bf291fdd649cba7 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.toolbarn.com services.sheerid.com www.google-analytics.com d.impactradius-event.com www.googletagmanager.com cdn1.pdmntn.com www.googlecommerce.com *.google.com ui.powerreviews.com cdn1.affirm.com *.cloudflare.com *.amazonaws.com *.adroll.com cdn-scripts.signifyd.com imgs.signifyd.com js.braintreegateway.com *.cloudmaestro.com youtube.com www.youtube.com yahoo.com pixel.rubiconproject.com paypal.com stats.paypal.com ssl.kaptcha.com c.paypal.com assets.braintreegateway.com www.affirm.com h.online-metrix.net logs-01.loggly.com *.cloudflare.com *.cloudmaestro.com *.consensu.org www.paypalobjects.com 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.gradeup.co *.grdp.co; img-src 'self' blob: data: *.gradeup.co gradeup.co business.topbuzz.com gradestack.com i.ytimg.com cost.affcost.com platform-lookaside.fbsbx.com gradeup-question-images.s3.amazonaws.com csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org *.clmbtech.com ad.admitad.com track.in.omgpm.com dis.criteo.com trc.taboola.com gs-users-images.s3.amazonaws.com traqkar.com www.googletagmanager.com www.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co *.facebook.com connect.facebook.net q.quora.com ssl.gstatic.com www.google-analytics.com stats.g.doubleclick.net cds.taboola.com *.google.com *.google.co.in googleads.g.doubleclick.net www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com/static.wizrocket.com/js/sw_webpush.js cdn.heapanalytics.com *.gradeup.co s.ytimg.com cdn.ampproject.org www.googletagservices.com tagmanager.google.com  ajax.cloudflare.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com www.youtube.com https://storage.googleapis.com/workbox-cdn/releases/3.6.3/workbox-precaching.prod.js maps.googleapis.com adservice.google.com adservice.google.co.in analytics.tiktok.com www.googleadservices.com *.googlesyndication.com smartlock.google.com *.g.doubleclick.net wzrkt.com d2r1yp2w7bby2u.cloudfront.net cdn.taboola.com connect.facebook.net track.in.omgpm.com www.googletagmanager.com *.hansel.io *.grdp.co grdp.co www.google-analytics.com cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com *.clmbtech.com  trc.taboola.com www.gstatic.com *.wzrkt.com *.criteo.net *.ipstatp.com www.google.com apis.google.com static.cloudflareinsights.com widget.as.criteo.com maxcdn.bootstrapcdn.com ajax.googleapis.com; connect-src 'self' *.gradeup.co goprep.co *.goprep.co gradeup.co json.faqprime.com *.facebook.com firebaseinstallations.googleapis.com cdnjs.cloudflare.com *.hansel.io *.googlesyndication.com *.grdp.co grdp.co o2.mouseflow.com heapanalytics.com www.googletagmanager.com fizz.gradestack.co wss://*.gradeup.co *.taboola.com www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com stats.g.doubleclick.net cdn.ampproject.com; frame-src whatsapp: stats.g.doubleclick.net ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com gradeup.co *.gradeup.co gradestack.com smartlock.google.com bid.g.doubleclick.net static.criteo.net www.googletagmanager.com; style-src 'self' blob: data: *.grdp.co *.gradeup.co 'unsafe-inline' cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com cdn.honey.io; worker-src blob: gradeup.co goprep.co gradestack.com; report-uri https://sentry.gradeup.co/api/34/security/?sentry_key=937a5600fe564dcaa3fccacd6dde8ebc; 1
script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  data: *.tnb.com *.scene7.com abbcloud.blob.core.windows.net *.abb.com *.adobedtm.com *.widencdn.net *.googleapis.com *.gstatic.com *.macromedia.com *.partcommunity.com *.tnb.ca *.vanlien.com *.vanlien.be *.vanlien.nl *.youtube.com *.paypal.com tnblnx3.tnb.com code.jquery.com googleads.g.doubleclick.net *.googleadservices.com 4817075.fls.doubleclick.net *.google.com *.google.nl *.google.be *.google-analytics.com *.api4load.com *.facebook.net *.facebook.com *.fedex.com *.ups.com *.rlcarriers.com *.cl3ver.com 199.120.203.191; report-uri https://www-public.tnb.com/cspr/ 1
default-src https: data: webviewprogressproxy: gsa: 'unsafe-inline'; report-uri https://6lt9e3u0nd.execute-api.ap-northeast-1.amazonaws.com/prod/cspToSlack 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://allbookstores.report-uri.com/r/d/csp/wizard 1
default-src 'self' *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.cloudflare.com *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self'; frame-src 'self' *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; img-src 'self' *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.addthis.com *.addthisedge.com; report-uri; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; img-src 'self' stats.g.doubleclick.net www.google.com www.google.com.au www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'self'; report-uri /csp-violations-report-endpoint; report-to null; 1
default-src 'self'  https://www.google.com/ https://www.google-analytics.com/  https://cm.everesttech.net/ https://s3.amazonaws.com/; connect-src 'self' https://c.go-mpulse.net/ https://captcha.gecirtnotification.com/ https://www.google-analytics.com/ https://*.clicktale.net https://api.addsearch.com/ https://ds-aksb-a.akamaihd.net/RRT https://api.company-target.com/ https://rs.fullstory.com/ https://secure-ds.serving-sys.com/ https://vendorlist.consensu.org/vendorlist.json https://gepowerandwater.tt.omtrdc.net/ https://gepowerandwater.d2.sc.omtrdc.net/ https://dpm.demdex.net/ https://232-dkg-508.mktoresp.com/; font-src 'self' data:; frame-src https://app-abm.marketo.com/ https://www.linkedin.com/ https://captcha.gecirtnotification.com/ https://content.gepower.com/ https://www.slideshare.net/ https://anchor.fm/ https://tribl.io/ https://citia.com/ https://www.thinglink.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://gepowerwater.demdex.net/ https://app-ab10.marketo.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://fssfedpitc.ge.com/    https://www.google.com https://www.youtube.com; img-src  'self' data: https://www.google.com.sg/ https://cdn.thinglink.me/ https://captcha.gecirtnotification.com/ https://gepoweradnwater.d2.sc.omtrdc.net/ https://www.gepower.com/ https://www.googletagmanager.com/ https://clients1.google.com/ https://www.googleapis.com/ https://app-abm.marketo.com/ https://*.clicktale.net https://match.prod.bidr.io/ https://i.ytimg.com/ https://app-ab10.marketo.com/ https://segments.company-target.com/ https://www.genewsroom.com/ https://cm.everesttech.net/ https://ds-aksb-a.akamaihd.net/ https://c.evidon.com/ https://dpm.demdex.net/ https://syndication.twitter.com/  https://platform.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://img.youtube.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://stats.g.doubleclick.net/ https://gepowerandwater.d2.sc.omtrdc.net/ https://p.adsymptotic.com/ https://c.evidon.com/pub/icong1.png https://www.google.com/ https://p.adsymptotic.com/ https://l.betrad.com/ https://www.facebook.com/  https://www.google.co.in/ https://www.ge.com/   https://tribl.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tracking.skyword.com/ https://tracking.skyword.com/ https://www.gstatic.com/ https://www.thinglink.com/ https://api.company-target.com/ https://gateway.zscalertwo.net/ https://share.yandex.ru/ https://opensharecount.com/ https://cdn.thinglink.me/ https://code.jquery.com/  https://graph.facebook.com/  https://upgrademyengine.gepower.com/p/modal.js https://captcha.gecirtnotification.com/ https://www.linkedin.com/ https://s.go-mpulse.net/ http://tracking.skyword.com/ https://s.ytimg.com/ https://iabmap.evidon.com/ https://fullstory.com/ https://www.googleadservices.com/ https://cse.google.com/ https://www.google.com/ https://bs.serving-sys.com/ https://scripts.demandbase.com/ https://app-ab10.marketo.com/ https://www.google.com/ https://cse.google.com/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://cdnssl.clicktale.net/ https://secure-ds.serving-sys.com/ https://app-sjg.marketo.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://app-abm.marketo.com/ https://app-abm.marketo.com/ https://tribl.io/ https://cdn.syndication.twimg.com/ https://munchkin.marketo.net/ https://platform.twitter.com/ https://assets.adobedtm.com/ https://www.youtube.com/ https://assets.adobedtm.com/ https://iabmap.evidon.com/ https://evidon.mgr.consensu.org/iab/getcookie https://munchkin.marketo.net/157/munchkin.js https://www.google-analytics.com/ https://app-abm.marketo.com/ https://www.googleadservices.com/pagead/conversion_async.js   https://connect.facebook.net/ https://c.evidon.com/ https://www.googletagmanager.com/gtag/ https://assets.adobedtm.com/bc9497247b8f/38f2d572529a/591c6385ea20/RC6dd8c3871a654d11b5f975f0da26fef7-source.min.js https://www.googletagmanager.com/gtag/ https://googleads.g.doubleclick.net/ https://sjs.bizographics.com/insight.min.js https://www.ge.com/  https://*.clicktale.net https://*.demandbase.com/;style-src 'self' 'unsafe-inline' https://cdn.thinglink.me/ https://scripts.demandbase.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/  https://app-abm.marketo.com/ https://www.google.com/ https://tribl.io/ https://app-ab10.marketo.com/ https://platform.twitter.com/ https://ton.twimg.com/ ;frame-ancestors 'self'; base-uri 'self';report-uri /power/csp_log 1
connect-src https://www.facebook.com/ https://use.typekit.net/ https://google-analytics.bi.owox.com/ 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://in.hotjar.com/ https://app.marketplan.io/ https://www.google.com/ https://gesa.locatorsearch.com/ data:; object-src  'none'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self' https://*.typekit.net/ https://code.jquery.com/ https://www.timevaluecalculators.com/; frame-ancestors https://www.inspiruscu.org/ https://www.gesabusinessbanking.com/ https://www.gesainvestments.com/ https://www.gesahomeloans.com/; form-action https://gesa.locatorsearch.com/ 'self' https://www.facebook.com/; img-src 'self' blob: data: https:; media-src 'self' https://assets.interface.ai/; script-src https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://e2eg.co.uk/ 'self' https://*.google-analytics.com/ https://tpc.googlesyndication.com/ https://*.google.com/ https://app.marketplan.io/ blob: https://widget-gesa.interface.ai/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://code.jquery.com/ https://www.gstatic.com/ https://f.vimeocdn.com/ https://js.hs-scripts.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://*.hotjar.com/ https://js.hs-banner.com/ 'unsafe-eval' https://www.timevaluecalculators.com/ 'unsafe-inline'; base-uri  'self'; font-src https://cdnjs.cloudflare.com/ https://script.hotjar.com/ https://fonts.gstatic.com/ https://use.typekit.net/ 'self' http://fonts.gstatic.com/ data:; report-uri https://csp.tsrs.cloud/r/6e16938fce4214f180b230c6570d6b3b2bfd5268; block-all-mixed-content;worker-src  blob:; frame-src 'self' https://tpc.googlesyndication.com/ https://widget-gesa.interface.ai/ https://player.vimeo.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.gesainvestments.com/ https://bid.g.doubleclick.net/ https://www.gesahomeloans.com/ https://www.googletagmanager.com/ https://www.google.com/ https://gesa.locatorsearch.com/ https://www.inspiruscu.org/ https://www.gesabusinessbanking.com/; 1
default-src 'self' https://www.epay.bg https://online.epay.bg 'unsafe-inline' ; img-src 'self' data: https://www.epay.bg https://online.epay.bg ; frame-src https: ; report-uri https://www.epay.bg/csp 1
default-src 'self';font-src 'self' data:;style-src 'self' 'unsafe-inline';img-src vontobel-cloudbased-streaming.s3.amazonaws.com 'self' data:;script-src 'self' tags.tiqcdn.com 'nonce-Y5zCtpJtrA9vRhDR2Yq029TcbqA=';frame-ancestors 'self';frame-src 'self';media-src vontobel-cloudbased-streaming.s3.amazonaws.com;report-uri /Csp/Report/; 1
default-src 'self' 'unsafe-inline' *.arpansa.gov.au *.sunsmart.com.au uv-makeup.azurewebsites.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.doubleclick.net data:;; report-uri /report-csp-violation 1
base-uri 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-79416613-193'; object-src 'self'; img-src 'self' *.regenwald.org data:; connect-src 'self'; block-all-mixed-content; report-uri /csp-violation-report/79416613-193 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=6a9a94442d9d703181d902a6af010044 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
report-uri https://www.childcare.co.uk/app/csp-reports; default-src blob: data: https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.ampproject.org https://cdnjs.cloudflare.com https://code.jquery.com https://js.recurly.com https://www.gstatic.com https://ajax.googleapis.com https://oss.maxcdn.com https://connect.facebook.net https://d1l6p2sc9645hc.cloudfront.net https://*.gosquared.com https://*.childcare.co.uk https://*.trustpilot.com https://*.doubleclick.net https://cdn.ckeditor.com https://appleid.cdn-apple.com https://*.totum.com https://bat.bing.com https://www.google.com 1
report-uri https://www.tre.se/logger/csp-report; script-src https://hi3gscriptbucket.blob.core.windows.net https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com/ https://www.googleadservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://bat.bing.com https://static.ads-twitter.com https://connect.facebook.net https://secure.quantserve.com https://adtr.io https://www.youtube.com https://rules.quantcount.com https://analytics.twitter.com https://s.ytimg.com https://w.usabilla.com https://cdn.tre.se 'unsafe-inline' 'self' 1
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://98dba6326789eae01552e92f7b3e68d5.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; script-src 'unsafe-inline' https: http: 'unsafe-eval' https://www.gstatic.com ; report-uri /csp-violation/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https:; report-uri /csp-report 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com/tr/ https://connect.facebook.net/log/error; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://dpm.demdex.net https://the.sciencebehindecommerce.com https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de; script-src 'strict-dynamic' 'nonce-fc240736e9cbb3706820254b831f0c6c' 'nonce-5c1d05e21d9d934c7680bea08b5ba15b' 'nonce-56ce034000216c8d0fd8b29af17fef82' 'nonce-e441b571bfd52bd93db2659d34c6f024' 'nonce-e87c6b1e08c480b5dfddcd4d551f1d68' 'nonce-8e95ee6b38bf78183adab04ac8824a6a' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports 1
default-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://*.siteimprove.net https://translate.googleapis.com https://translate.google.com https://*.readspeaker.com https://www.googletagmanager.com https://*.zopim.com https://siteimproveanalytics.com https://www.google-analytics.com https://static.zdassets.com https://cdn.jsdelivr.net/gh/ractoon/jQuery-Text-Counter@0.9.0/textcounter.min.js; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://*.readspeaker.com; img-src 'self' data: https://translate.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.zopim.io https://*.zopim.com https://*.siteimproveanalytics.io; font-src 'self' data: https://*.zopim.com https://*.readspeaker.com https://fonts.gstatic.com; connect-src 'self' https://*.siteimprove.com https://translate.googleapis.com wss://*.zopim.com https://ekr.zdassets.com https://www.google-analytics.com; media-src 'self' https://*.zopim.com; frame-src *; report-uri /csp-report 1
script-src 'self' https://apis.google.com https://pagead2.googlesyndication.com https://platform.twitter.com; frame-src https://plusone.google.com https://facebook.com https://platform.twitter.com http://rcm.amazon.com; object-src 'self' 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0fp7jj9fglcer&partner=; 1
default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/private/csp-report 1
default-src https: 'unsafe-inline' 1
default-src https: 'self'; base-uri 'self'; child-src 'self' cdn.nakedapartments.com *.twitter.com *.facebook.com www.youtube.com player.vimeo.com *.google.com tpc.googlesyndication.com; connect-src 'self' wss: www.google-analytics.com www.google.com securepubads.g.doubleclick.net cdn.nakedapartments.com bam.nr-data.net; font-src 'self' data: fonts.gstatic.com cdn.nakedapartments.com; form-action 'self' github.com; frame-ancestors 'none'; img-src 'self' 'unsafe-inline' data: cdn.nakedapartments.com react.nakedapartments.com *.streeteasy.com *.yelpcdn.com *.ggpht.com cbks0.googleapis.com 1520522.r.msn.com 1520522.r.bat.bing.com www.facebook.com www.google-analytics.com web.facebook.com www.appelsiini.net www.googleadservices.com tpc.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net s3.amazonaws.com csi.gstatic.com pagead2.googlesyndication.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com *.google.com *.realtymx.com; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.nakedapartments.com react.nakedapartments.com platform.twitter.com *.google.com ssl.google-analytics.com flex.msn.com js.pusher.com stats.pusher.com maps.googleapis.com pagead2.googlesyndication.com s3.amazonaws.com www.googletagmanager.com connect.facebook.net www.google-analytics.com www.googletagservices.com www.googleadservices.com securepubads.g.doubleclick.net bam.nr-data.net; style-src 'self' 'unsafe-inline' cdn.nakedapartments.com *.google.com *.googleapis.com; report-uri https://1627f29bce741ebdc46108ecd8ebba3c.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/13/security/?sentry_key=65de3269eb0548dd97bc2c45929349f4 1
default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.de&source%5Bsection%5D=brochure&source%5Buuid%5D=0f0c50765d66b5bb03e6fcfe8ca140b6 1
script-src 'nonce-sAK7tesQw10h0aEIvqfAZA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri https://ramsalt.report-uri.io/r/default/csp/reportOnly 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.lagrangesystems.net unpkg.com js.braintreegateway.com tpc.googlesyndication.com ws.sharethis.com *.pinterest.com magnetic.t.domdex.com www.googletagmanager.com *.bronto.com player.vimeo.com www.google-analytics.com *.olark.com f.vimeocdn.com www.tag4arm.com secure.quantserve.com intljs.rmtag.com www.googleadservices.com connect.facebook.net cdn.pbbl.co *.steelhousemedia.com s.pinimg.com ut.ra.linksynergy.com rules.quantcount.com googleads.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com rum-static.pingdom.net www.gstatic.com p.bm23.com s.yimg.com *.cloudfront.net *.googleapis.com sp.analytics.yahoo.com script.crazyegg.com *.lagrangesystems.net bat.bing.com edge.quantserve.com 193.238.46.57 1
style-src-elem 'unsafe-inline' 'self'; connect-src 'self' api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io; font-src 'self' data fonts.gstatic.com script.hotjar.com; frame-src www.youtube.com s7.addthis.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: q.quora.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com data heapanalytics.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com web.uploads.tide.co local.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1
connect-src 'self' https://www.google-analytics.com *.doubleclick.net https://bam.nr-data.net https://www.facebook.com https://locationservice.posti.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net; img-src 'self' data: *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net https://www.google-analytics.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com images.contentful.com images.ctfassets.net https://maps.googleapis.com https://bat.bing.com https://www.facebook.com https://img.youtube.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net https://giosg-chat-public-eu.s3.amazonaws.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.ytimg.com *.videoly.co; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' data:; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be https://utm.keskoanalytics.com/ https://plussa.com/ https://www.plussa.com https://www.prkk.fi https://www.kromo.eu *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.kesko.fi http://krauta-fi.stage.rautakesko.episerverhosting.com *.stage.rautakesko.episerverhosting.com *.prod.rautakesko.episerverhosting.com *.thinglink.com; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.giosg.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://connect.facebook.net *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net 'unsafe-eval' *.videoly.co; default-src 'none'; media-src videos.contentful.com videos.ctfassets.net; report-uri https://www.k-rauta.fi/csp-report; 1
report-uri default-src 'self' 'unsafe-inline' *.typekit.net *.googletagmanager.com *.cloudflare.com *.siteimprove.com *.debevoise.com *.vimeo.com *.google-analytics.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://7ee2a4f517b54c13812e54076aefcb7d.myssl-uri.com/api/csp-report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 1
default-src https://www.thebusinessplanshop.com; base-uri 'self'; img-src 'self' data: https: https://www.thebusinessplanshop.com https://ad962edbae8ba7b03b7f-d10007df79b5b7a4e475a291e50a08cf.ssl.cf3.rackcdn.com https://f729fc5309edb4d2a809-42905546d373f150b1b6e131d3710cf2.r18.cf3.rackcdn.com http://f729fc5309edb4d2a809-42905546d373f150b1b6e131d3710cf2.r18.cf3.rackcdn.com https://platform-cdn.sharethis.com https://www.gstatic.com https://www.google.com https://www.google.co.uk https://bat.bing.com https://www.facebook.com https://track.customer.io https://seal.godaddy.com; script-src 'self'  'unsafe-inline'  'unsafe-eval' https://www.thebusinessplanshop.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://bat.bing.com https://connect.facebook.net https://graph.facebook.com https://www.googleadservices.com https://seal.godaddy.com https://api.amplitude.com https://cdn.amplitude.com https://assets.customer.io https://track.customer.io https://ad962edbae8ba7b03b7f-d10007df79b5b7a4e475a291e50a08cf.ssl.cf3.rackcdn.com https://2aa35c1eb48b4915c034-da4fb5e7c7bf63accb453cc1066a0e48.ssl.cf3.rackcdn.com https://fc9434489ece23a5e488-15c34f135294ae707e3c719a6f238f0b.ssl.cf3.rackcdn.com https://cdn.firstpromoter.com https://www.gstatic.com https://assets.pinterest.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://cdn.syndication.twimg.com https://platform.twitter.com; style-src 'self' https://www.thebusinessplanshop.com 'unsafe-inline'  https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://ton.twimg.com https://www.slideshare.net; connect-src 'self' wss://www.thebusinessplanshop.com https://www.thebusinessplanshop.com https://api.amplitude.com https://bat.bing.com https://connect.facebook.net https://vendorlist.consensu.org/vendorlist.json https://t.firstpromoter.com https://track.customer.io https://www.googleadservices.com https://www.google-analytics.com  https://www.paypal.com https://www.facebook.com https://*.g.doubleclick.net; child-src 'self' https://www.thebusinessplanshop.com https://www.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://app.hubspot.com/ https://*.youtube.com https://www.slideshare.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://*.amazon-adsystem.com https://platform.twitter.com; frame-src 'self' https://www.thebusinessplanshop.com https://www.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://app.hubspot.com/ https://*.youtube.com https://www.slideshare.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://*.amazon-adsystem.com https://platform.twitter.com; font-src 'self'  https://themes.googleusercontent.com https://fonts.gstatic.com https://www.gstatic.com; form-action 'self' ; frame-ancestors 'self' https://www.thebusinessplanshop.com; object-src 'none' ; report-uri https://www.thebusinessplanshop.com/app/csp-report; 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com http://r.mradx.net https://rs.mail.ru https://hb.bizmrg.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://*.yandex.ru https://*.yandex.net; connect-src https://*.worki.ru wss://*.worki.ru https://suggestions.dadata.ru https://clickstream.worki.ru https://*.mail.ru https://*.yandex.ru https://recommender.scarabresearch.com; font-src https://r.mradx.net; script-src *.mail.ru https://www.google-analytics.com http://cdn.scarabresearch.com *.yandex.ru *.yandex.net yastatic.net https://www.googletagmanager.com https://connect.facebook.net 'unsafe-inline' 'report-sample'; report-uri https://sentry.iconjob.co/api/23/security/?sentry_key=9c4b42adca9e4df2b1c097aec815e0c1&sentry_environment=production; 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.pt/ajax/csp-violation/action 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=mafra&d=2020-07-12 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://netdna.bootstrapcdn.com https://optimize.google.com https://static.syukatsulabo.jp; img-src * blob: data: https://www.google-analytics.com https://optimize.google.com; font-src 'self' https://fonts.gstatic.com https://static.syukatsulabo.jp https://use.fontawesome.com https://netdna.bootstrapcdn.com https://s3-ap-northeast-1.amazonaws.com data: https://cdnjs.cloudflare.com; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://www.googletagmanager.com https://web.facebook.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.dmm.com/ https://optimize.google.com; connect-src 'self' https://log.syukatsulabo.jp https://www.google-analytics.com https://stats.g.doubleclick.net https://api.ipify.org https://s3-ap-northeast-1.amazonaws.com https://static.syukatsulabo.jp tag-api.dmm.com/v1.0 stg-tag-api.dmm.com/v1.0 https://trac.i3.dmm.com/ https://stg-trac-i3.dmm.com/ https://stg-trac.i3.syukatsulabo.jp; script-src 'report-sample' 'nonce-g9vN70BROGn/qCMHxPhjVYI/4jI=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; report-uri https://syukatsunet.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.brightcove.com *.brightcove.net *.zencdn.net *.boltdns.net *.brightcovecdn.com *.googletagmanager.com *.google-analytics.com *.msecnd.net  *.visualstudio.com *.bizographics.com *.licdn.com *.ads-twitter.com *.twitter.com *.twimg.com *.addthis.com *.pardot.com *.linkedin.com *.addthisedge.com *.issuu.com *.cincopa.com *.google.com *.gstatic.com *.ceros.com;img-src 'self' data: about: t.co *.twitter.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twimg.com *.googletagmanager.com *.cincopa.com *.linkedin.com *.google.com *.doubleclick.net;style-src 'self' 'unsafe-inline' *.twitter.com *.cincopa.com;media-src 'self' blob:;font-src 'self' data: *.zencdn.net;object-src 'self';connect-src 'self' *.addthis.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.cincopa.com *.visualstudio.com;frame-src 'self' *.addthis.com *.twitter.com *.issuu.com *.google.com *.pardot.com *.ceros.com *.guggenheimpartners.com *.knightlab.com; frame-ancestors 'self';base-uri 'self';form-action 'self' *.twitter.com *.pardot.com *.guggenheimpartners.com; report-uri https://www.guggenheiminvestments.com/cspreport 1
default-src 'self' 'unsafe-inline' *.voxcinemas.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleapis.com *.jquery.com *.facebook.net *.facebook.com fburl.com *.crazyegg.com *.ads-twitter.com *.twitter.com t.co *.doubleclick.net *.criteo.net *.criteo.com *.sc-static.net *.snapchat.com *.youtube.com *.ytimg.com *.instagram.com *.cdninstagram.com *.gstatic.com *.placeholder.com xid.alzahia.ae xid.carrefournow.com xid.carrefouruae.com xid.citycentredeira.com xid.citycentremirdif.com xid.maffinance.com xid.majidalfuttaim.com xid.malloftheemirates.com xid.tilalalghaf.com xid.najm.ae xid.waterfrontcity.com *.voxcinemas.com; report-uri /security/csp 1
script-src 'self' *.grabone.co.nz 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com cdn.optimizely.com static.chartbeat.com js-agent.newrelic.com bam.nr-data.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tags.crwdcntrl.net static.criteo.net *.criteo.com *.appboycdn.com *.braze.com storage.googleapis.com cdn.polyfill.io browser-update.org www.googletagservices.com adservice.google.co.nz adservice.google.com nzme-ads.co.nz securepubads.g.doubleclick.net cdn.ampproject.org *.imrworldwide.com tpc.googlesyndication.com; style-src 'self' blob: *.grabone.co.nz 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.fontawesome.com storage.googleapis.com *.fontawesome.com; default-src *.googlesyndication.com *.criteo.com static.criteo.net *.appboycdn.com bid.g.doubleclick.net blob: storage.googleapis.com popup.laybuy.com *.braze.com *.imrworldwide.com *.grabone.co.nz www.googletagservices.com data.apn.co.nz *.creativecdn.com 'self' data: www.youtube.com bcp.crwdcntrl.net; img-src 'self' data: *.grabone.co.nz *.cdn.grabone.com maps.googleapis.com ping.chartbeat.net www.google-analytics.com www.googletagmanager.com *.gstatic.com *.doubleclick.net www.google.com www.google.co.nz www.google.com.au www.google.co.uk bcp.crwdcntrl.net www.facebook.com static.criteo.net *.criteo.com android-webview-video-poster: android-webview: storage.googleapis.com c.cfjump.com *.imrworldwide.com pagead2.googlesyndication.com *.cloudfunctions.net *.googleusercontent.com; media-src 'self' *.grabone.co.nz data: storage.googleapis.com c.cfjump.com; child-src 'self' *.grabone.co.nz data: data.apn.co.nz www.youtube.com blob: bcp.crwdcntrl.net *.criteo.com static.criteo.net bid.g.doubleclick.net *.creativecdn.com *.appboycdn.com *.braze.com storage.googleapis.com www.googletagservices.com *.googlesyndication.com popup.laybuy.com *.imrworldwide.com; connect-src 'self' *.grabone.co.nz 2149140224.log.optimizely.com rum.optimizely.com www.grabonebottle.co.nz *.appboycdn.com *.braze.com *.googleapis.com *.googleadservices.com *.newrelic.com *.google-analytics.com *.chartbeat.com *.googletagmanager.com *.gstatic.com browser-update.org api.commissionfactory.com c.cfjump.com securepubads.g.doubleclick.net cdn.ampproject.org *.doubleclick.net tags.crwdcntrl.net nzme-ads.co.nz *.googletagservices.com *.google.co.nz *.google.com *.fontawesome.com *.imrworldwide.com pagead2.googlesyndication.com bam.nr-data.net *.cloudfunctions.net; font-src 'self' *.grabone.co.nz fonts.gstatic.com *.fontawesome.com data: storage.googleapis.com *.fontawesome.com; report-uri https://csp-report.digital.nzme.co.nz/log/new-grabone-co-nz 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src 'self'; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1
script-src 'nonce-D0y9LLcJ4B817wXYXeZMAg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/diversity_google; base-uri 'none' 1
block-all-mixed-content; report-uri https://gesoten.report-uri.com/r/t/csp/reportOnly 1
frame-ancestors https://adfs.bentley.com https://fim.emc.com https://share.ptc.com https://ssov3.adpcorp.com https://ssso.autodesk.com https://bentley.sharepoint.com https://rasfa.crm.dynamics.com https://pppwiki.oce.net https://partnercentral.equinix.com https://partner.veracode.com http://nw-domino.networld.co.jp http://out.accessify.com http://out.easycounter.com http://sur.ly https://www.brainshark.com https://*.force.com 'self' https://*.salesforce.com https://*.gosavo.com https://*.visualforce.com https://*.savoinspire.com; report-uri https://savoapi.com/csp; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-f8DNdXkmMbcDERBCRvIFPse02A'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' oekom.de www.oekom.de *.newsletter2go.com *.saferpay.com captcha.wirth-horn.de matomo.oekomlamp.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://fonts.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
default-src https://*.rtr.at ; img-src https://*.rtr.at https://maps.wien.gv.at data: ; style-src https://*.rtr.at 'unsafe-inline' ; script-src https://*.rtr.at https://app.23degrees.io blob: 'unsafe-inline' 'unsafe-eval' ; font-src https://*.rtr.at data: ; frame-src https://*.rtr.at https://app.23degrees.io https://www.youtube-nocookie.com https://www.a-trust.at 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' * *.dropboxusercontent.com *.google-analytics.com *.facebook.net *.facebook.com *.twitter.com *.hatena.ne.jp *.st-hatena.com *.google.com *.slidesharecdn.com *.slideshare.net *.wufoo.com *.mathjax.org *.wistia.com *.wistia.net *.mailchimp.com speakerd.herokuapp.com speakerdeck.com; font-src 'self' https: data: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; report-uri https://idobata.io/hook/custom/81016439-cd32-48b3-9d3b-990beb56a868 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com.au ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com.au *.spreadshirt.com.au ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com.au ; font-src 'self' https: data: *.spreadshirt.com.au ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com.au ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com.au ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/muralsyourway.com; 1
connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com https://*.datatrans.com; img-src 'self' https://* * data:; script-src 'self' https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://*.google-analytics.com *.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://*.datatrans.com https://cdn.jsdelivr.net/npm/canvas-confetti@0.5.0/ https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com acsbap.com 'self' data: *.bigmarker.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.attn.tv *.livechatinc.com *.youtube.com *.doubleclick.net *.signifyd.com *.online-metrix.net *.borderfree.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.searchspring.net *.borderfree.com *.bazaarvoice.com *.attentivemobile.com *.livechatinc.com acsbap.com *.attn.tv *.bing.com *.doubleclick.net *.curalate.com *.signifyd.com *.online-metrix.net *.google.com *.trackedlink.net *.googleusercontent.com *.bigmarker.com *.gravatar.com *.cloudfront.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: *.gstatic.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.searchspring.net *.borderfree.com *.bazaarvoice.com *.bing.com *.livechatinc.com *.doubleclick.net acsbap.com *.trackedlink.net *.attn.tv *.curalate.com *.signifyd.com *.googleapis.com *.google.com *.bigmarker.com connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.fonts.net *.bootstrapcdn.com *.searchspring.net *.borderfree.com *.bazaarvoice.com *.bigmarker.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.cardinalcommerce.com *.bing.com acsbap.com *.curalate.com *.google-analytics.com *.bazaarvoice.com *.borderfree.com *.signifyd.com *.authorize.net *.attn.tv *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://d492fa440c9db5c4abd4ccfcfb8e4f4c.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
frame-ancestors 'self' *.salesforce.com; report-uri https://sentry.io/api/2704353/security/?sentry_key=81bd7f20e40c44acba15bc87de66fecf 1
connect-src 'self' https://gatehub.net https://*.gatehub.net wss://*.gatehub.net wss://*.ripple.com https://id.ripple.com https://history.ripple.com:7443 https://api.ripplecharts.com https://data.ripple.com https://*.zendesk.com https://ekr.zdassets.com https://www.google-analytics.com https://googletagmanager.com https://api.gastracker.io https://api.blockcypher.com https://api.etherscan.io https://sentry.io wss://widget-mediator.zopim.com; default-src 'self' https://gatehub.net; font-src 'self' https://gatehub.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://gatehub.net https://*.gatehub.net https://www.google.com https://client-api.arkoselabs.com; img-src 'self' https://gatehub.net https://*.gatehub.net https://*.amazonaws.com https://www.google-analytics.com https://chart.googleapis.com https://stats.g.doubleclick.net https://ssl.gstatic.com blob: data:; media-src 'self' https://gatehub.net https://*.gatehub.net https://static.zdassets.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://apis.google.com https://www.gstatic.com https://code.highcharts.com https://*.zendesk.com https://static.zdassets.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://client-api.arkoselabs.com; style-src 'self' 'unsafe-inline' https://gatehub.net https://*.gatehub.net https://fonts.googleapis.com; report-uri https://4b8a7cbd265b9bbaf7ac032766445bed.report-uri.com/r/d/csp/reportOnly; 1
connect-src 'self' https://*.spendesk.com https://*.spendesk.dev https://api.segment.io https://preview.contentful.com https://api-js.mixpanel.com https://api-iam.intercom.io https://sessions.bugsnag.com/ https://d3r43gyd9zmfep.cloudfront.net wss://nexus-websocket-a.intercom.io https://rs.fullstory.com 'report-sample'; script-src 'self' https://*.spendesk.com https://*.spendesk.dev https://js.intercomcdn.com https://www.google-analytics.com https://cdn.wootric.com https://fast.trychameleon.com https://widget.intercom.io https://cdn.mxpnl.com https://cdn.segment.com https://tracking.g2crowd.com https://scout-cdn.salesloft.com https://serve.albacross.com https://js.hsforms.net https://d3r43gyd9zmfep.cloudfront.net https://cdn-3.convertexperiments.com https://www.googleoptimize.com https://apis.google.com https://edge.fullstory.com 'report-sample'; worker-src 'self' https://*.spendesk.com https://*.spendesk.dev blob:; report-uri http://www.spendesk.com/security/report/csp; block-all-mixed-content; 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=sports&region=US&lang=en-US&device=desktop&yrid=fj5o325fgkvk4&partner=; 1
report-uri /es/Error/ReportCPS; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ng&source%5Bsection%5D=brochure&source%5Buuid%5D=42ba6c4b227272ec734d383531e9d72a 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; font-src 'self' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; img-src 'self' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com https://googleadservices.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://aakashhealthcare.com/report-uri/reportOnly 1
script-src awaps.yandex.ru yastatic.net yandex.ru 'nonce-Af47X2928ZjrqGq1vCS8Gg==' mc.yandex.ru an.yandex.ru;style-src yastatic.net 'unsafe-inline';child-src yastatic.net st.yandexadexchange.net mc.yandex.ru yandexadexchange.net mc.yandex.md;img-src avatars.mds.yandex.net awaps.yandex.net favicon.yandex.net 'self' yandex.ru yastatic.net mc.admetrica.ru *.verify.yandex.ru data: an.yandex.ru mc.yandex.ru;default-src 'none';report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1594546597.76373.95185.525190&h=stable-morda-any-man-yp-5&csp=new&date=20200712&yandexuid=78845111594546598;connect-src an.yandex.ru mc.yandex.ru yandex.ru mc.admetrica.ru 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' rum-static.pingdom.net *.cloudmaestro.com www.googletagmanager.com *.id.amgdgt.com tr.guardian.com.my guardian.com.my bridzia.scinable.net api.ematicsolutions.com cdn-akamai.mookie1.com tags.tiqcdn.com *.google.com *.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net *.facebook.net bridzia.scinable.net *.addthis.com z.moatads.com *.addthisedge.com sg1-api.ematicsolutions.com *.googleapis.com 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=542977b36d40a9e0a503f525ea675200 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.worlddancesport.org www.google-analytics.com staticxx.facebook.com; font-src 'self' data: cdnw.worlddancesport.org fonts.gstatic.com; connect-src 'self' clients6.google.com dc.services.visualstudio.com *.addthis.com www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' *.worlddancesport.org www.google.com browser-update.org; img-src data: *.worlddancesport.org *.ytimg.com *.facebook.com *.google.com *.calameoassets.com *.vimeocdn.com *.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googleapis.com browser-update.org; script-src 'self' 'unsafe-inline' cdnw.worlddancesport.org az416426.vo.msecnd.net *.facebook.com *.facebook.net *.twitter.com *.addthis.com *.addthisedge.com *.google.com www.googleapis.com www.google-analytics.com browser-update.org; child-src 'self' cdnb.worlddancesport.org *.facebook.com *.twitter.com *.addthis.com *.google.com www.youtube.com player.vimeo.com www.saferpay.com; upgrade-insecure-requests; report-uri https://7ab93b867c81f64df54af5d5e2cd45ea.report-uri.com/r/d/csp/reportOnly 1
child-src 'self'; connect-src 'self' data: https://*.cloudflare.com https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://bit4coin.net wss://*.hotjar.com; default-src 'self' *.ravenjs.com; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com https://unpkg.com; frame-src 'self' data: http://*.google.com https://*.cloudfront.net https://*.google.com https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.google.com https://*.bitbond.com https://*.cloudfront.net https://*.eu-central-1.amazonaws.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.webflow.com; manifest-src 'self'; media-src 'self' data:; object-src 'self' https://*.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.hotjar.com https://*.newrelic.com https://*.nr-data.net https://unpkg.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://unpkg.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_e1d179bd309a456abc36313a51dfc009 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://n5mcn64l2tp5piztj1c2b0wj.httpschecker.net/report 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gaiadesign.com.mx *.cloudflare.com static.criteo.net *.richrelevance.com *.googleadservices.com *.s3.amazonaws.com s3.amazonaws.com *.criteo.com *.scarabresearch.com *.googletagmanager.com *.google-analytics.com www.google.com staticw2.yotpo.com gnogmedia.g2afse.com  static.zdassets.com *.facebook.net secure.comodo.com widgets.pinterest.com snap.licdn.com bat.bing.com *.taboola.com pixel.mathtag.com cdn.noibu.com js.hs-scripts.com v2.zopim.com js.hscollectedforms.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.usemessages.com *.g.doubleclick.net *.hotjar.com cdn.mndtrk.com *.kk-resources.com static.hsappstatic.net js-agent.newrelic.com bam.nr-data.net clk.solocpm.com widget-mediator.zopim.com www.paypalobjects.com www.paypal.com *.bayonet.io live.adyen.com *.cloudfront.net *.siftscience.com *.cloudmaestro.com api.openpay.mx ajax.googleapis.com pixel.cdnwidget.com platform.twitter.com apis.google.com assets.pinterest.com secure.comodo.net embed.typeform.com tm.tradetracker.net tpc.googlesyndication.com 1
default-src 'self' https: ; img-src 'self' https://dl.episerver.net/ https://www.googletagmanager.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://cm.g.doubleclick.net/ https://bat.bing.com/ https://bppmdmxgsg.execute-api.eu-west-1.amazonaws.com/prod/ data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/  https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://bat.bing.com/ https://*.responsetap.com/ https://dl.episerver.net/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://dl.episerver.net/ ; font-src 'self' https://fonts.gstatic.com/ data: ; 1
default-src 'none';   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com     https://script.hotjar.com https://connect.facebook.net https://static.hotjar.com     https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js     https://www.googletagmanager.com https://www.google-analytics.com *.hotjar.com     http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js;   connect-src 'self' https://vc.hotjar.io https://in.hotjar.com https://insights.hotjar.com     https://www.google-analytics.com https://stats.g.doubleclick.net;   font-src 'self' data:;   worker-src 'self' blob: data:;   img-src 'self' data: https://www.linkedin.com https://www.facebook.com https://p.adsymptotic.com     https://www.google.com http://t.co https://px.ads.linkedin.com https://t.co https://www.google-analytics.com     https://stats.g.doubleclick.net/r/collect;   style-src 'self' 'unsafe-inline' data: https://seesparkbox.com http://afeld.github.io/emoji-css/emoji.css     https://cloud.typography.com/655912/6152352/css/fonts.css;   frame-src 'self' https://vars.hotjar.com;   media-src data:;   report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 1
default-src * gap://ready file: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src * 'self'; img-src * 'self' data: blob:; script-src * file: gap: 'unsafe-inline' 'unsafe-eval'; report-uri /csp/report/ 1
block-all-mixed-content; default-src 'self'; style-src * 'unsafe-inline'; font-src * data: fonts.gstatic.com; img-src * data: blob: android-webview-video-poster:; object-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: js.stripe.com cdn.segment.com connect.facebook.net static.zdassets.com cdn.amplitude.com www.google-analytics.com cdn.inspectlet.com *.zopim.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.appboycdn.com www.google.com; frame-src js.stripe.com staticxx.facebook.com blob: docs.google.com www.facebook.com bid.g.doubleclick.net tpc.googlesyndication.com connect.facebook.net gsa://onpageload https://onpageload; connect-src 'self' ekr.zdassets.com api.segment.io api.amplitude.com www.facebook.com graph.facebook.com hn.inspectlet.com wss://*.zopim.com wss://ws.inspectlet.com www.google-analytics.com api.rollbar.com iziwork-backend-prod.herokuapp.com *.contentful.com *.braze.eu cdn.segment.com *.albacross.com; report-uri https://iziwork-backend-prod.herokuapp.com/report-violation; media-src *.ctfassets.net 1
default-src 'self' https://cdn.consentmanager.mgr.consensu.org; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com; img-src 'self' data: https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com; report-uri https://jenoptik.report-uri.io/r/default/csp/reportOnly 1
report-uri https://29977f31d1f0eee3894a742ddae91cae.report-uri.com/r/d/csp/reportOnly; child-src https://*.pocruises.com.au http://*.pocruises.com.au https://*.fls.doubleclick.net https://www.youtube-nocookie.com https://tags.tiqcdn.com https://sdn.sitecore.net https://*.adsymptotic.com; frame-src https://*.pocruises.com.au http://*.pocruises.com.au http://sdn.sitecore.net https://bid.g.doubleclick.net https://widget.stackla.com https://goconnect.stackla.com https://*.fls.doubleclick.net https://www.youtube.com https://tags.tiqcdn.com https://www.youtube-nocookie.com https://www.paypal.com https://checkout.paypal.com https://www.facebook.com https://*.adsymptotic.com https://*.mastercard.com 1
default-src 'self' *.ccavenue.com *.razorpay.com *.fonepaisa.com view.officeapps.live.com www.google.com use.fontawesome.com www.youtube-nocookie.com www.youtube.com; connect-src 'self' *.elitmus.com *.elitmus.net bam.nr-data.net sentry.elitmusmail.com *.google-analytics.com api.mixpanel.com wss:; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.fontawesome.com https: data:; img-src 'self' cdn0.elitmus.net *.amazonaws.com data: https: www.google.com *.google-analytics.com api.mixpanel.com; object-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' *.newrelic.com bam.nr-data.net cdn0.elitmus.net google-analytics.com api.mixpanel.com cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js cdn.jsdelivr.net/momentjs/latest/moment.min.js cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' cdn0.elitmus.net use.fontawesome.com/releases/v5.0.6/css/all.css cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https:; report-uri /csp_reports 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ph&source%5Bsection%5D=brochure&source%5Buuid%5D=a306457044725957ff3f49bd6d9a0aba 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.siteimprove.com *.google-analytics.com *.googleapis.com *.typography.com *.gstatic.com;script-src 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline' 1
default-src https:; connect-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
connect-src wss://*.tawk.to *.tawk.to; default-src 'unsafe-inline' wss://*.tawk.to data www.google-analytics.com; style-src 'unsafe-eval' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; script-src-elem data 'unsafe-inline'; style-src-attr 'unsafe-inline'; script-src-attr 'unsafe-inline'; font-src data; img-src data; style-src-elem 'unsafe-inline' report-uri https://spryservers.report-uri.com/r/d/csp/wizard 1
default-src 'none'; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com data: *.nlm.nih.gov; connect-src google-analytics.com siteintercept.qualtrics.com stats.g.doubleclick.net *.nlm.nih.gov; frame-src platform.twitter.com www.google.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net co1.qualtrics.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' *.nlm.nih.gov ajax.googleapis.com siteintercept.qualtrics.com www.google-analytics.com dap.digitalgov.gov www.googletagmanager.com code.jquery.com *.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com *.nlm.nih.gov code.jquery.com cdn.datatables.net; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
report-uri https://csp.edipresse.pl/report/party; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' bat.bing.com www.gstatic.com s.adroll.com d.adroll.com connect.facebook.net googleapis.com www.google-analytics.com www.googletagmanager.com; report-uri https://csp.withgoogle.com/csp/webpass/20191113_experiment 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: ; report-uri https://csp.scran.ac.uk/scran-live; 1
font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://includes.ccdc02.com/cardinalcruise/ https://js.braintreegateway.com https://songbird.cardinalcommerce.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.cardinalcommerce.com https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.licdn.com *.ads-twitter.com *.twitter.com *.linkedin.com *.brightcove.net *.zencdn.net blob: *.twimg.com *.addthis.com *.addthisedge.com *.msecnd.net *.issuu.com *.pardot.com; style-src 'self' 'unsafe-inline' *.twitter.com *.datatables.net; img-src 'self' *.googletagmanager.com *.google-analytics.com t.co *.doubleclick.net *.google.com *.brightcove.com *.boltdns.net data: *.twitter.com *.twimg.com *.linkedin.com; media-src 'self' blob: *.boltdns.net; font-src 'self' data: *.zencdn.net; object-src 'self'; connect-src 'self' *.brightcove.com *.boltdns.net *.brightcovecdn.com *.addthis.com *.visualstudio.com *.google-analytics.com *.doubleclick.net; frame-src 'self' *.twitter.com *.addthis.com *.brightcove.net *.issuu.com; report-uri /cspreport 1
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
child-src 'self'; connect-src 'self' http://addepar.com https://*.g.doubleclick.net https://*.google-analytics.com; default-src 'self'; font-src 'self' data: http://*.zohostatic.com https://*.gstatic.com; frame-src 'self' http://*.marketo.com https://*.marketo.com https://*.vimeo.com https://vimeo.com; img-src 'self' data: http://*.googletagmanager.com http://addepar.com http://img. https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googletagmanager.com https://*.gravatar.com https://*.gstatic.com https://img.; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.googletagmanager.com http://*.marketo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.marketo.com; style-src 'self' 'unsafe-inline' http://*.marketo.com https://*.marketo.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c3e9deacddac13ffd11cac27c794e035 1
style-src 'unsafe-inline' yastatic.net;script-src an.yandex.ru yandex.ru mc.yandex.ru yastatic.net 'nonce-vcaRv4NuUte4R4AcHYneaw==' awaps.yandex.ru;child-src st.yandexadexchange.net mc.yandex.ru yastatic.net mc.yandex.md yandexadexchange.net;connect-src yandex.ru mc.admetrica.ru mc.yandex.ru an.yandex.ru;default-src 'none';img-src an.yandex.ru mc.yandex.ru awaps.yandex.net mc.admetrica.ru data: *.verify.yandex.ru favicon.yandex.net yandex.ru yastatic.net avatars.mds.yandex.net 'self';report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1594523357.99623.95800.494213&h=stable-morda-any-sas-yp-9&csp=new&date=20200712&yandexuid=6188222241594523357 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.anglingdirect.co.uk anglingdirect.co.uk cdncache-a.akamaihd.net translate.googleapis.com www.google.com www.gstatic.com s.ytimg.com www.youtube.com register.feefo.com api.feefo.com pcls1.craftyclicks.co.uk translate.google.com translate.googleapis.com maps.googleapis.com ffljdddodmkedhkcjhpmdajhjdbkogke tpc.googlesyndication.com *.mention-me.com js.stripe.com static-eu.payments-amazon.com js-agent.newrelic.com scripts.sirv.com bam.eu01.nr-data.net www.googletagmanager.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net assets.zendesk.com static.zdassets.com platform.twitter.com www.googleadservices.com *.cloudmaestro.com widget-mediator.zopim.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src 'self' https:; font-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https: data:; img-src 'self' https://usercontent.gooddog.com https://d3requdwnyz98t.cloudfront.net https://dosjk7j8ofru3.cloudfront.net https: data: blob:; script-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https:; style-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https:; manifest-src 'self' data:; connect-src 'self' wss://www.gooddog.com/action_cable https://vc.hotjar.io https://in.hotjar.com https://*.bugsnag.com https://dog-park-labs-user-content-production.s3.amazonaws.com https://bam.nr-data.net https://gooddog.gladly.com https://cdn.gladly.com; report-uri /csp_violation 1
child-src https://www.google.com https://www.facebook.com https://facebook.com https://platform.twitter.com https://www.youtube.com; connect-src 'self' https://scout.salesloft.com https://www.facebook.com https://sample-api-v2.crazyegg.com https://*.currencycloud.com https://www.google.com https://www.google-analytics.com https://6c5lkmk3mbdm.statuspage.io; font-src 'self' https://cdn2.hubspot.net https://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com data:; script-src https://www.google.com https://www.gstatic.com https://go.currencycloud.com https://analytics.twitter.com https://pi.pardot.com 'unsafe-eval' 'self' https://apis.google.com https://platform.twitter.com https://fonts.googleapis.com https://*.cloudflare.com 'unsafe-inline' https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.statuspage.io https://sjs.bizographics.com https://www.googleadservices.com https://www.google-analytics.com https://script.crazyegg.com https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://static.ads-twitter.com https://googleads.g.doubleclick.net; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline' https://*.cloudflare.com; img-src 'self' https://www.linkedin.com https://p.adsymptotic.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://t.co https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://assets.currencycloud.com https://*.currencycloud.com https://cdn2.hubspot.com https://cdn2.hubspot.net data: https://scout.us1.salesloft.com; default-src 'none'; report-uri https://58bb3f083a81706efa5a3ef869f8bba2.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google-analytics.com https://www.googletagmanager.com https://siteimproveanalytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://www.google-analytics.com https://www.googletagmanager.com https://siteimproveanalytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.provincie-utrecht.nl/report-uri/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.nz&source%5Bsection%5D=brochure&source%5Buuid%5D=bfc29426f5be49f59f3b7b73d0b546b4 1
default-src 'self' https://cdn.performanceplustire.com https://www.performanceplustire.com; connect-src *.performanceplustire.com https://*.affirm.com https://d38nbbai6u794i.cloudfront.net https://e1.fanplayr.com https://js.callrail.com https://stats.g.doubleclick.net https://tracker.affirm.com https://w1.fanplayr.com https://www.facebook.com https://www.google-analytics.com https://www.iconfigurators.com; font-src *.performanceplustire.com data: https://assets.resultspage.com https://cdn1.affirm.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://sxt.cdn.skype.com; frame-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; child-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; img-src *.performanceplustire.com cdn.performanceplustire.com data: https://*.cloudfront.net https://aa.agkn.com https://adadvisor.net https://ads.betweendigital.com https://ads.yahoo.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://beacon.krxd.net http://cf.kampyle.com https://cm.g.doubleclick.net https://cw.addthis.com https://d.agkn.com https://d38nbbai6u794i.cloudfront.net https://dmp.truoptik.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://dyn.yelpcdn.com http://farm4.static.flickr.com https://i.ytimg.com https://ib.adnxs.com https://iconfigurators.com https://images.iconfigurators.com https://insight.adsrvr.org https://match.adsrvr.org https://match.sharethrough.com https://nsg.symantec.com https://odr.mookie1.com https://p.adsymptotic.com https://pixel.advertising.com https://pixel.personagraph.com https://pixel.rubiconproject.com https://pixel.tapad.com https://s.thebrighttag.com https://s.w.org http://s3.amazonaws.com https://s3.amazonaws.com https://secure.gravatar.com https://simage2.pubmatic.com https://sp.adbrn.com https://stats.g.doubleclick.net https://su.addthis.com https://sync.adap.tv https://sync.adaptv.advertising.com https://test.kampyle.com https://upload.wikimedia.org https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.iconfigurators.com https://www.insureship.com https://x.bidswitch.net; script-src 'unsafe-eval' 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://api-cf.affirm.com https://assets.pinterest.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://cdn.callrail.com https://cdn.performanceplustire.com https://cdn1.affirm.com https://connect.facebook.net https://d1q7pknmpq2wkm.cloudfront.net https://d38nbbai6u794i.cloudfront.net https://dyn.yelpcdn.com https://e1.fanplayr.com https://js.callrail.com https://log.pinterest.com https://maps.googleapis.com https://my.fanplayr.com https://nsg.symantec.com https://performanceplustire.resultspage.com https://s.btstatic.com https://s.thebrighttag.com https://savingsslider-a.akamaihd.net https://script.crazyegg.com https://w1.fanplayr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.iconfigurators.com https://www.insureship.com https://www.yelp.com https://yelp.com; style-src 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://assets.resultspage.com https://cdn1.affirm.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://performanceplustire.resultspage.com https://www.iconfigurators.com 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src pagead2.googlesyndication.com stats.g.doubleclick.net kraken.rambler.ru counter.yadro.ru mc.yandex.ru stats.g.doubleclick.net ssl.google-analytics.com favicon.yandex.net yastatic.net  avatars-fast.yandex.net avatars.mds.yandex.net an.yandex.ru vk.com hron-prostatit.ru data: blob:; font-src fonts.gstatic.com https: data:; report-uri /csp-report 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://acceleracsp.report-uri.com/r/d/csp/wizard 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-LVx4lLYvYMuRLdWNcbzd-Q' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'self' https://cdn.datatables.net; script-src-attr 'self'; style-src 'self' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1
default-src 'self' syndication.twitter.com; script-src js.suedtirolerland.it 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.suedtirolerland.it css.suedtirolerland.it www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.suedtirolerland.it js.suedtirolerland.it; font-src css.suedtirolerland.it; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src 'self' https://www.viewpointmag.com; require-sri-for script 1
script-src 'unsafe-eval' 'unsafe-inline' *.dca0.com https://script.crazyegg.com maps.google.com bam.nr-data.net *.cloudmaestro.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.youtube.com s.ytimg.com d.adroll.mgr.consensu.org www.google.com www.gstatic.com connect.facebook.net display.ugc.bazaarvoice.com maps.googleapis.com *.adroll.com *.bazaarvoice.com wileyx.com *.wileyx.com js-agent.newrelic.com cdn.mouseflow.com downloads.mailchimp.com staticw2.yotpo.com mc.us14.list-manage.com ; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.db.no/csp 1
base-uri 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-35b8bbe4-193'; object-src 'self'; img-src 'self' *.regenwald.org data:; connect-src 'self'; block-all-mixed-content; report-uri /csp-violation-report/35b8bbe4-193 1
form-action 'none'; frame-ancestors 'none'; report-uri https://devbridgesecurityteam.report-uri.com/r/d/csp/reportOnly 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/ https://api.mixpanel.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://connect.facebook.net/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://src.litix.io/ https://cdnjs.cloudflare.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.krxd.net/ https://*.doubleclick.net/ https://www.redditstatic.com/ https://alb.reddit.com/ ; connect-src https://*.epix.com/ https://api.mixpanel.com/ https://sentry.io/ https://*.akamaihd.net/ https://www.facebook.com/ https://1pecbqtlcsq1ilmoio8v0jt7q.litix.io/ https://in.hotjar.com/ https://vc.hotjar.io/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ ; img-src 'self' https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.ae/ https://www.google.com.ar/ https://www.google.com.co/ https://www.google.ro/ https://sync.search.spotxchange.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://simage2.pubmatic.com/ https://dpm.demdex.net/ https://t.co/ https://www.facebook.com/ https://rtd-tm.everesttech.net https://dsum-sec.casalemedia.com https://sync-tm.everesttech.net/ https://cm.g.doubleclick.net/ ib.adnxs.com https://jslog.krxd.net/ https://beacon.krxd.net https://www.redditstatic.com/ https://alb.reddit.com/ ; style-src 'self' 'unsafe-inline' ; frame-src 'self' https://vars.hotjar.com/ https://*.doubleclick.net/ https://*.krxd.net/ ; media-src blob: https://epixwebapp-vh.akamaihd.net/ ; worker-src blob: ; report-uri https://sentry.io/api/170149/security/?sentry_key=94662fb71ba340bd91fb23bbfb099024&sentry_environment=prod 1
default-src 'self' *.rocketbank.ru *.rocket-cdn.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rocket-cdn.ru *.googleadservices.com googleads.g.doubleclick.net bam.nr-data.net static.criteo.net pixel.betweenx.com www.googletagmanager.com api-maps.yandex.ru yandex.st connect.facebook.net enterprise.api-maps.yandex.ru mc.yandex.ru stats.g.doubleclick.net top-fwz1.mail.ru vk.com www.google-analytics.com www.google.com cdn.jsdelivr.net js-agent.newrelic.com maps.googleapis.com; connect-src 'self' https: wss: rocketbank.ru report.rocket-cdn.ru tetsuo.rocketbank.ru stats.g.doubleclick.net dadata.ru suggestions.dadata.ru top-fwz1.mail.ru mc.yandex.ru www.facebook.com www.google-analytics.com; frame-src 'self' *.fls.doubleclick.net *.googleadservices.com stats.g.doubleclick.net mc.yandex.ru www.google-analytics.com www.google.com www.facebook.com gum.criteo.com; media-src 'self' blob: ; img-src 'self' data: blob: *.rocket-cdn.ru maps.googleapis.com maps.gstatic.com api-maps.yandex.ru top-fwz1.mail.ru enterprise.api-maps.yandex.ru mc.yandex.ru *.maps.yandex.net vk.com www.facebook.com www.google-analytics.com www.google.ru www.google.com stats.g.doubleclick.net s3.amazonaws.com login.vk.com; style-src 'self' 'unsafe-inline' blob: *.rocket-cdn.ru cdn.jsdelivr.net; font-src 'self' data: https:; frame-ancestors 'self' *.rocketbank.ru webvisor.com *.yandex.net http://awards.ratingruneta.ru; report-uri https://report.rocket-cdn.ru/api/4/security/?sentry_key=0cc52e6197f842eeadf0de5d2c3cf600 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src 'self' https://stream.klgd.ru rtmp://stream.klgd.ru; report-uri /csp-report 1
connect-src 'self' https://createsend.com; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.twitter.com; img-src 'self' data: https://*.twimg.com https://*.twitter.com platform.twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /report-csp-violation; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ieep.createsend.com https://www.google-analytics.com/analytics.js https://*.twitter.com https://*.twimg.com https://js.createsend1.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com platform.twitter.com https://*.twimg.com; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor default-src 'self' 'unsafe-inline' www.shelterlogic.com stage.shelterlogic.com *.cloudmaestro.com h.online-metrix.net bat.bing.com ajax.googleapis.com api.hubapi.com cdn.cookielaw.org bid.g.doubleclick.net connect.facebook.net d.adroll.com s.adroll.com fonts.googleapis.com fonts.gstatic.com forms.hsforms.com geolocation.onetrust.com js-hs.analytics.com js.hsadspixel.net js.hsforms.net js.hscollectedforms.net seal-ct.bbb.org secure.quantserve.com track.hubspot.com www.facebook.com 1
report-uri https://cchome.adobe.io/csp/v1/collect?api_key=CCHomeWeb1; connect-src * data:; img-src * data: blob:; frame-src *; media-src *; default-src https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.adobeccstatic.com *.adobe.com *.clicktale.com about: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.adobelogin.com *.newrelic.com *.nr-data.net *.adobeccstatic.com *.typekit.com *.adobe.com adobe.com *.uservoice.com *.typekit.net *.evidon.com *.demandbase.com *.ccmui.adobe.com *.clicktale.net *.clicktale.com *.everestjs.net *.everesttech.net tags.srv.stackadapt.com *.onetrust.com *.cookielaw.org about: blob:; font-src data: *.typekit.net; frame-ancestors 'self' *.instructure.com *.blackboard.com 1
script-src 'nonce-BCIZVdOCQI1DrK3BKCDZ8w' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=144-6195448-2210005:rid=AJQZP92HGW8EJP074HY7:sn=www.audible.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.slachtofferhulp.nl apps.mypurecloud.com dhqbrvplips7x.cloudfront.net *.gstatic.com fonts.googleapis.com vimeo.com *.vimeo.com *.typekit.net *.hotjar.com wss://*.hotjar.com dc.services.visualstudio.com *.vo.msecnd.net www.googletagmanager.com *.google.com *.google.nl googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com; report-uri https://slachtofferhulp.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.com/ https://pagead2.googlesyndication.com/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.com https://apis.google.com https://accounts.google.com; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.com/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.com http://vk.com https://accounts.google.com/ 1
frame-ancestors 'self'; report-uri /csp/report/; 1
script-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com/tr/ https://connect.facebook.net/log/error https://chat.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://dpm.demdex.net https://the.sciencebehindecommerce.com https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de; script-src 'strict-dynamic' 'nonce-0ebecb84bde3b25fb8e99f6cc9392235' 'nonce-8e57713a2e92b21ed5ddbda9d48ca94f' 'nonce-4b2c53420ed5805361209d1d7e484f14' 'nonce-3a7f2f4791ebf07ad0e51b1bea511f51' 'nonce-65708334bab0fbace0ad6adf37879140' 'nonce-16edb5fb7786d0e3dd062157af54361f' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports 1
frame-ancestors 'none'; report-uri /csp_logger/; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com stg.api.bazaarvoice.com api.bazaarvoice.com display.ugc.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com display.ugc.bazaarvoice.com amcglobal.sc.omtrdc.net data: cm.everesttech.net dpm.demdex.net www.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com apps.bazaarvoice.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com display.ugc.bazaarvoice.com stg.api.bazaarvoice.com api.bazaarvoice.com analytics-static.ugc.bazaarvoice.com apps-stg.nexus.bazaarvoice.com apps.nexus.bazaarvoice.com www.googletagmanager.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src stg.api.bazaarvoice.com api.bazaarvoice.com in.hotjar.com www.paypal.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://trlhvadgdetff1t0lc6gw4oo.httpschecker.net/report 1
default-src 'self'; base-uri 'none'; connect-src 'self' https://translate.googleapis.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://translate.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com; object-src 'none'; script-src 'self' 'nonce-TDEa4hLWRB+uqiyldQtk0A==' 'unsafe-inline' https://translate.googleapis.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com; report-to default; report-uri https://mariusschulz.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-vqM6qzGHfBnwunNeneqg' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src * 'unsafe-inline' data: blob: ;frame-ancestors 'self'; report-uri https://16f5f5ea60e86cd63289a2976fd4845c.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' carjam.co.nz *.carjam.co.nz; connect-src 'self' carjam.co.nz *.carjam.co.nz www.google-analytics.com stats.g.doubleclick.net www.facebook.com; font-src 'self' carjam.co.nz *.carjam.co.nz data: d1oe1cut6yqpb4.cloudfront.net fonts.gstatic.com; frame-src 'self' carjam.co.nz *.carjam.co.nz staticxx.facebook.com www.facebook.com connect.facebook.net web.facebook.com www.youtube.com www.googletagmanager.com; img-src *; media-src 'self' carjam.co.nz *.carjam.co.nz www.youtube.com; object-src 'self' carjam.co.nz *.carjam.co.nz; script-src 'self' 'unsafe-inline' https: 'nonce-4eac0e4a71' 'strict-dynamic'; style-src 'self' carjam.co.nz *.carjam.co.nz d1oe1cut6yqpb4.cloudfront.net staticxx.facebook.com www.youtube.com 'unsafe-inline'; report-uri https://www.nzpro.com/csp-prod.php; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://blogscanada.ca/z-log.php 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ch ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ch *.spreadshirt.ch ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.ch ; font-src 'self' https: data: *.spreadshirt.ch ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ch ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ch ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=7ef77b2115881015a720a62fcd84f3c5 1
default-src 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com https://static-v.tawk.to;object-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://*.intellimize.co https://*.google.com https://ajax.googleapis.com https://*.cloudfront.net https://*.tawk.to https://*.hotjar.com https://*.shopperapproved.com https://www.google-analytics.com https://*.facebook.net https://secure.trust-provider.com https://iprecon.iglobalstores.com https://bat.bing.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.sessioncam.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://platform.twitter.com https://maps.googleapis.com https://*.googlesyndication.com https://cdn.cardknox.com https://apis.google.com https://acsbap.com; script-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://connect.facebook.net https://secure.trust-provider.com https://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://*.shopperapproved.com https://apis.google.com https://iprecon.iglobalstores.com https://*.hotjar.com https://*.tawk.to https://*.cloudfront.net https://ajax.googleapis.com https://maps.googleapis.com https://*.intellimize.co https://www.googleadservices.com https://*.sessioncam.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://platform.twitter.com https://cdn.cardknox.com https://tpc.googlesyndication.com https://acsbap.com; style-src 'unsafe-inline' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://use.fontawesome.com https://ajax.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com https://ajax.googleapis.com; connect-src 'self' https://*.tigerchef.com https://bat.bing.com https://*.tawk.to wss://*.tawk.to https://*.intellimize.co https://*.hotjar.com https://*.hotjar.io https://*.sessioncam.com https://*.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://*.google.com https://ajax.googleapis.com https://acsbap.com ; img-src 'self' data: https: ;  font-src 'self' data: https: ; frame-src 'self' https://*.hotjar.com https://*.google.com https://secure.trust-provider.com https://www.youtube.com https://*.facebook.com https://www.googletagmanager.com https://*.g.doubleclick.net https://*.tawk.to https://platform.twitter.com https://www.googleadservices.com https://api.intellimize.co https://*.googlesyndication.com https://cdn.cardknox.com; report-uri /csp_reporting.php?type=report 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.it ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.it *.spreadshirt.it ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.it ; font-src 'self' https: data: *.spreadshirt.it ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.it ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.it ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' 'unsafe-inline'; report-uri /report-uri; script-src https://js.usemessages.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.11.0/highlight.min.js https://api.usemessages.com https://js.hsleadflows.net https://js.hs-scripts.com https://www.gstatic.com https://www.google.com http://www.googletagmanager.com http://www.google-analytics.com/analytics.js http://js.hs-analytics.net 'unsafe-inline' 'self'; font-src https://www.google-analytics.com/ data: 'unsafe-inline' 'self'; style-src https://cloud.typography.com/6200656/6066812/css/fonts.css http://hello.myfonts.net https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/dracula.min.css 'unsafe-inline' 'self'; img-src https://i.giphy.com/ https://www.google-analytics.com/ https://onenorth.blob.core.windows.net https://onenorthpr.blob.core.windows.net https://tempmigration.blob.core.windows.net https://onenorthtest.blob.core.windows.net 'self' http://track.hubspot.com; media-src http://track.hubspot.com data:; frame-src https://www.google.com https://www.youtube.com/; connect-src https://api.hubspot.com https://forms.hubspot.com 'self' 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.facebook.com *.facebook.net *.googleapis.com *.geotrust.com *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.freshchat.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.userway.org *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.fontawesome.com *.geotrust.com *.google.com *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.freshchat.com *.bootstrapcdn.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.userway.org *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.fontawesome.com *.geotrust.com *.google.com *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.freshchat.com *.bootstrapcdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.paypal.com *.facebook.com *.twitter.com *.facebook.net *.ytimg.com *.geotrust.com *.cdninstagram.com 'self' data: *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.freshchat.com *.bootstrapcdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.userway.org *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.fontawesome.com *.geotrust.com *.google.com *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.freshchat.com *.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.google.com *.fontawesome.com *.cdninstagram.com *.geotrust.com *.facebook.net *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.freshchat.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.facebook.com *.google.com *.paypal.com *.facebook.net *.cdninstagram.com *.geotrust.com *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.freshchat.com *.bootstrapcdn.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://sentry.io/api/285406/security/?sentry_key=4838404aafea4aa3a71968579571e131; default-src 'self' data: https://static.zdassets.com https://ekr.zdassets.com https://truework-contact.zendesk.com wss://truework-contact.zendesk.com wss://*.zopim.com https://*.truework.com https://checkout.stripe.com https://d27dymkl0d7xsb.cloudfront.net/ https://dgoidxrjgsomp.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://hooks.slack.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://munchkin.marketo.net https://code.jquery.com https://cdnjs.cloudflare.com https://static.zdassets.com https://ekr.zdassets.com https://truework-contact.zendesk.com wss://truework-contact.zendesk.com wss://*.zopim.com https://*.truework.com https://d27dymkl0d7xsb.cloudfront.net https://dgoidxrjgsomp.cloudfront.net https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://hire.withgoogle.com/ https://checkout.stripe.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googleadservices.com https://snap.licdn.com/ https://px.ads.linkedin.com https://connect.facebook.net https://www.linkedin.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/ https://cdn.segment.com http://l.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://cdn.lr-ingest.io https://tpc.googlesyndication.com https://www.google.com https://cdn.logrocket.io https://tagmanager.google.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://d27dymkl0d7xsb.cloudfront.net/ https://dgoidxrjgsomp.cloudfront.net https://fonts.googleapis.com/ https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com http://m.facebook.com/ https://tagmanager.google.com https://fonts.googleapis.com; img-src * 'self' data: blob: https://v2assets.zopim.io https://static.zdassets.com https://workcred-requester-forms-2017-01-25.s3.amazonaws.com https://truework-company-data.s3.amazonaws.com https://truework-marketing.s3.amazonaws.com https://truework-app-assets.s3.amazonaws.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net; font-src 'self' data: https://d27dymkl0d7xsb.cloudfront.net/ https://dgoidxrjgsomp.cloudfront.net https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com; connect-src 'self' https://040-dvj-409.mktoresp.com https://040-dvj-409.mktoutil.com https://static.zdassets.com https://ekr.zdassets.com https://truework-contact.zendesk.com wss://truework-contact.zendesk.com wss://*.zopim.com https://bat.bing.com https://*.facebook.com https://*.truework.com https://api.stripe.com https://checkout.stripe.com https://d27dymkl0d7xsb.cloudfront.net https://dgoidxrjgsomp.cloudfront.net https://hire.withgoogle.com/ https://s3.us-east-2.amazonaws.com/workcred-requester-forms-2017-01-25 https://s3.us-east-2.amazonaws.com/truework-company-data https://sentry.io https://stats.g.doubleclick.net https://www.google-analytics.com https://web.delighted.com/ https://api.segment.io https://hooks.slack.com https://*.lr-ingest.io https://*.logrocket.io https://workcred-requester-forms-2017-01-25.s3.amazonaws.com https://truework-company-data.s3.amazonaws.com https://truework-marketing.s3.amazonaws.com https://truework-app-assets.s3.amazonaws.com; child-src 'self' blob:; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hire.withgoogle.com/ https://www.google.com https://connect.facebook.net https://www.facebook.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net; worker-src 'self' blob: 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /i/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mtmo.wordops.eu/mtmo.js; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://img.shields.io https://netdata.wordops.eu https://mtmo.wordops.eu https://www.gstatic.com; font-src 'self' data:; media-src 'self'; object-src 'none'; prefetch-src 'self' wordops.net ga.vtbox.net; child-src 'none'; frame-src 'self'; worker-src 'self'; frame-ancestors 'self'; report-uri https://virtubox.report-uri.com/r/d/csp/reportOnly 1
object-src 'none'; block-all-mixed-content; default-src 'self'; img-src 'self' data: https://biblionix.com/ https://demonstration.biblionix.com https://secure.gravatar.com/; style-src 'self' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://cdn.walkme.com/; font-src 'self' https://fonts.gstatic.com/ data:; report-uri https://www.biblionix.com/report/?block=0 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=134-2452632-0674220:rid=HPYRAWCCDE7X3BBT8W7F:sn=www.audible.com 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://www.gstatic.com https://connect.facebook.net https://*.ekomi.com https://googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://ssl.google-analytics.com https://i.ytimg.com https://i.imgur.com https://www.googletagmanager.com https://www.google.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://www.google.com https://www.youtube.com https://*.facebook.com; object-src 'none'; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net http://*.google-analytics.com; report-uri /cors; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.com.imgeng.in *.cloudfront.net apps.bazaarvoice.com s.ytimg.com *.avmws.com *.google.com *.auryc.com *.bazaarvoice.com *.listrakbi.com services.listrak.com cdn.expertvoice.com secure.rock5rice.com pixel.mathtag.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com dmp.truoptik.com xdymhcopnh.execute-api.us-east-1.amazonaws.com www-propper.com.imgeng.in www.googlecommerce.com *.googleadservices.com script.crazyegg.com *.channeladvisor.com *.facebook.net *.ubembed.com *.b1js.com *.callrail.com bat.bing.com googleads.g.doubleclick.net b1img.com *.youtube.com static.doubleclick.net pixel.adacado.com *.googleapis.com www.propper.com s7.addthis.com m.addthis.com 1
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com;   style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com;   img-src 'self' https: ;   font-src 'self' https: ;   connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com;   media-src 'self';   object-src 'self';   worker-src 'self' blob:;   child-src 'self' blob:;  frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com;   frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk;   report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=8i506rpfgkv8i&partner=; 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com assets.braintreegateway.com tst.kaptcha.com ssl.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.g.doubleclick.net *.gstatic.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.googletagmanager.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' data: *.csbs.org *.googleapis.com *.gstatic.com *.googleusercontent.com *.google.com *.addtoany.com *.twitter.com *.twimg.com *.dayforcehcm.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.youtube.com *.cld.bz *.tableau.com  *.powerbi.com *.soundcloud.com soundcloud.com govmatters.tv youtu.be *.hotjar.com; report-uri /report-csp-violation 1
default-src https: wss: 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com/tr/ https://connect.facebook.net/log/error https://chat.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://dpm.demdex.net https://the.sciencebehindecommerce.com https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de; script-src 'strict-dynamic' 'nonce-6290e45e8854b3d0ea4e61a6eee6afd3' 'nonce-0d4b65545b1570889d89c5418fed86f3' 'nonce-30f9ac541562913e7f599181a3c98193' 'nonce-3f165031c0189d9c5e9497649b73d010' 'nonce-bc95eba38a198c77faa0f8a1f698f108' 'nonce-96551a3bbd9d1f39817db3e119ef7f40' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.kxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'self'; frame-ancestors 'self'  1
script-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://s7.addthis.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://a2d70482b6b14416890eea253921c63b.myssl-uri.com/api/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' widget.bugyard.io *.twitter.com *.bamboohr.com *.ampproject.org *.cloudflare.com agorbatchev.typepad.com  *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.marketo.com *.marketo.net munchkin.marketo.net *.drift.com *.driftt.com *.swiftypecdn.com *.addtoany.com *.googleadservices.com *.doubleclick.net *.disqus.com *.disquscdn.com; frame-src 'self' *.youtube.com disqus.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.driftt.com *.addtoany.com *.marketo.com *.marketo.net *.doubleclick.net *.twitter.com www.youtube-nocookie.com ; object-src 'self'; report-uri https://gridgain.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' *.lotto-niedersachsen.de bat.bing.com keno-tv.s3.eu-central-1.amazonaws.com lotto-niedersachsen.containers.piwik.pro; font-src 'self' data: *.lotto-niedersachsen.de fonts.gstatic.com; frame-src 'self' lotto-niedersachsen.containers.piwik.pro secure.trust-provider.com www.trustlogo.com www.youtube-nocookie.com www.youtube.com; img-src 'self' data: *.lotto-niedersachsen.de lotto-niedersachsen.piwik.pro secure.trust-provider.com bat.bing.com www.trustlogo.com www.google.com www.google.de googleads.g.doubleclick.net maps.googleapis.com www.googletagmanager.com maps.gstatic.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.lotto-niedersachsen.de lotto-niedersachsen.containers.piwik.pro lotto-niedersachsen.piwik.pro www.trustlogo.com bat.bing.com secure.trust-provider.com www.googletagmanager.com www.googleadservices.com www.google.com maps.googleapis.com googleads.g.doubleclick.net www.youtube.com; style-src 'self' 'unsafe-inline' data: *.lotto-niedersachsen.de www.trustlogo.com fonts.googleapis.com; report-uri https://sentry.sumcumo.net/api/120/security/?sentry_key=3f5ff4fd8b4748cb923ca71b3c70b9e0 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' ; img-src 'self' ; font-src 'self' https://fonts.gstatic.com ; object-src 'self' ; media-src 'self' ; frame-src 'self' https://connect.euronext.com/trader/quoteline https://connect2.euronext.com/trader/quoteline; connect-src 'self'; report-uri https://besi.proudreports.nl/report.php ; 1
block-all-mixed-content; report-uri https://www.autojournal.fr/csp?sr=396d734abb329b4ca426db19c143d666646d762d 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://5b0dfxfhuka0vuk5ju0see3i.httpschecker.net/report 1
default-src https: ws:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://*.aol.com;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://*.aol.com https://www.aol.co.uk https://www.aol.de;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com;media-src https://*.ah.yahoo.com;report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://pr.comet.yahoo.com 'nonce-HzxJeshkSBwupcWckD/+MSEjCD8Nw2X3AgQ5Ng5cvdPPeBsW' ;style-src * 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bpoint.com.au/webapi/v2/txns/processiframetxn/ https://www.bpoint.com.au; frame-src 'self' 'unsafe-inline' https://www.bpoint.com.au/ https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/; img-src 'self' https://www.google-analytics.com/ https://6178240.global.siteimproveanalytics.io https://stats.g.doubleclick.net/r/collect; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://siteimproveanalytics.com/js/siteanalyze_6178240.js https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; report-uri https://www.nhvr.gov.au/report-uri/reportOnly 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'self' https:; style-src 'self' https:; img-src https: data: 'self'; object-src https: 'self'; font-src https: 'self'; connect-src https: 'self'; frame-ancestors 'self'; worker-src blob: https: 'self' 1
img-src https://gpush.cogocast.net/ https://*.krxd.net/ https://beacon.walmart.com/ https://secure-gl.imrworldwide.com/ https://p.rfihub.com/ https://d3e54v103j8qbb.cloudfront.net/ 'self' https://pippio.com/ https://sync-tm.everesttech.net/ https://p.adsymptotic.com/ https://dsum-sec.casalemedia.com/ https://www.google-analytics.com/ https://idsync.rlcdn.com/ https://pixel.rubiconproject.com/ https://lrpush.apxlv.com/ https://x.dlx.addthis.com/ https://d.turn.com/ https://simage2.pubmatic.com/ https://us-u.openx.net/ https://www.googletagmanager.com/ https://*.agkn.com/ https://cc.swiftype.com/ https://x.bidswitch.net/ https://loadm.exelator.com/ https://bcp.crwdcntrl.net/ https://pixel.advertising.com/ https://eb2.3lift.com/ https://*.twitter.com/ https://d.adroll.com/ https://*.doubleclick.net/ https://adadvisor.net/ https://www.facebook.com/ https://secure.insightexpressai.com/ https://sync.outbrain.com/ https://match.rundsp.com/ https://trc.taboola.com/ https://www.google.com/ https://ads.scorecardresearch.com/ https://*.yahoo.com/ data: https://ib.adnxs.com/; block-all-mixed-content;style-src https://fonts.googleapis.com/ https://s.swiftypecdn.com/ https://cdnjs.cloudflare.com/ 'unsafe-inline' 'self'; worker-src  'none'; frame-src https://cdn.embedly.com/ https://secuwav1.locatorsearch.com/ https://platform.twitter.com/ https://bid.g.doubleclick.net/ https://www2.iraservicecenter.com/ https://*.google.com/ https://calcubot.com/ https://www.youtube.com/ https://player.vimeo.com/; media-src  'none'; connect-src https://www.google-analytics.com/ https://s.swiftypecdn.com/ 'self' https://stats.g.doubleclick.net/; report-uri https://csp.tsrs.cloud/r/5addae2e0daa120176527f3eba481a7ec224acd0; base-uri  'none'; font-src data: https://fonts.gstatic.com/; form-action  'self'; object-src  'none'; script-src https://s.ytimg.com/ https://cdnjs.cloudflare.com/ 'nonce-QxmRwTtVt82D3JQBruo73LbSZRg' https://cdn.jsdelivr.net/ 'self' https://www2.iraservicecenter.com/ https://*.cloudfront.net/ https://calcubot.com/ https://bam.nr-data.net/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://*.gstatic.com/ https://f.vimeocdn.com/ https://www.googleadservices.com/ https://d.adroll.mgr.consensu.org/ https://www.googletagmanager.com/ https://www.youtube.com/ https://connect.facebook.net/ https://s.swiftypecdn.com/ https://*.getdrip.com/ https://secuwav1.locatorsearch.com/ https://platform.twitter.com/ https://*.google.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.adroll.com/ https://stackpath.bootstrapcdn.com/ https://cdn.syndication.twimg.com/ 'report-sample' 'unsafe-eval';  1
report-uri /csp-report-endpoint.php 1
default-src https:; form-action https:; script-src 'self' 'unsafe-inline' chat.isac.org livechat.isac.org ajax.googleapis.com ssl.google-analytics.com code.highcharts.com cdn.datatables.net connect.facebook.net c0cre132.caspio.com secure.wufoo.com www.wufoo.com www.gstatic.com w.sharethis.com/button/buttons.js static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js public.tableau.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css c0cre132.caspio.com; img-src 'self' www.collegechangeseverything.org edfinancial.com ssl.google-analytics.com stats.g.doubleclick.net www.facebook.com chat.isac.org livechat.isac.org c0cre132.caspio.com; script-src-elem www.google.com/recaptcha/api.js; report-uri https://7e62cb02868e6169a2cec70f696ffb38.report-uri.com/r/d/csp/reportOnly 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://d1dpob6jfpke0c.cloudfront.net https://formsmarts.s3.amazonaws.com https://ajax.googleapis.com https://*.bootstrapcdn.com https://oss.maxcdn.com https://ssl.google-analytics.com https://*.google.com https://cdnjs.cloudflare.com https://feeds.feedburner.com;object-src 'none';frame-ancestors 'self';base-uri 'none';report-uri https://syronex.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net  pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 's' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net  *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com  fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbfweb.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:;     script-src 'self' https://*.google.com https://*.google.ca https://*.google.co.uk https://*.google.com.ua https://*.google.co.in https://*.google.fr https://*.google.com.au https://*.google.ae https://*.google.be https://*.google.cn https://*.google.de https://*.google.es https://*.google.it https://*.google.co.jp https://*.google.com.mx https://*.google.ru https://*.google.com.tr https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://vimeo.com https://*.cookiebot.com https://*.hotjar.com https://code.jquery.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://h8i8e3t9.stackpathcdn.com http://*.pardot.com http://static.ads-twitter.com https://snap.licdn.com https://a.quora.com https://*.twitter.com https://statuspage-production.s3.amazonaws.com 'unsafe-inline' 'unsafe-eval';     style-src 'unsafe-inline' 'self' https://h8i8e3t9.stackpathcdn.com;     img-src 'self' https: data: http://t.co;     font-src 'self' https: data:;     connect-src wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://*.statuspage.io https://*.g.doubleclick.net 'self';     frame-src https://*.cookiebot.com https://vars.hotjar.com https://*.g.doubleclick.net https://success.lexalytics.com https://www.youtube.com https://*.vimeo.com 'self';     media-src https://*.vimeocdn.com https://www.youtube.com 'self';     report-uri https://www.lexalytics.com/cms/csp-report-collector;     report-to https://www.lexalytics.com/cms/csp-report-collector 1
object-src 'none';base-uri 'self';script-src 'nonce-vEc+QSn/10JM3tbPnLB5' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
report-uri https://csp.edipresse.pl/report/viva; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src 'self' *.donately.com;child-src blob:;connect-src 'self' data: wss://nexus-websocket-a.intercom.io api.donately.com api.hubapi.com *.px-cloud.net  *.intercom.io *.segment.io stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com www.google-analytics.com *.dca0.com heatmap-events-collector.instapage.com *.px-cdn.net *.pxchk.net www.google.com api.segment.io *.ucweb.com; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com; form-action www.facebook.com;frame-src www.facebook.com www.google.com bid.g.doubleclick.net *.dca0.com;img-src * data:;manifest-src 'self';worker-src blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com cdn.heapanalytics.com cdn.trackjs.com connect.facebook.net dev.visualwebsiteoptimizer.com js.hs-scripts.com tracking.g2crowd.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com js.intercomcdn.com *.adroll.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net d.adroll.mgr.consensu.org googleads.g.doubleclick.net widget.intercom.io *.dca0.com cdn.segment.com *.ucweb.com;script-src-elem 'self' data: 'unsafe-inline' ajax.googleapis.com cdn.donately.com cdn.heapanalytics.com cdn.trackjs.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org dev.visualwebsiteoptimizer.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.intercomcdn.com s.adroll.com tracking.g2crowd.com widget.intercom.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com *.segment.com g.fastcdn.co *.dca0.com tcp.googlesyndication.com;style-src-attr 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.segment.com;style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; report-uri https://donately.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content 1
default-src 'self' 2l9u8tyqi4-flywheel.netdna-ssl.com; script-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com google-analytics.com www.google-analytics.com google.com www.google.com www.gstatic.com gstatic.com static.addtoany.com *.wistia.net *.wistia.com; style-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com stats.g.doubleclick.net google-analytics.com www.google-analytics.com embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; font-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' pipedream.wistia.com fg8vvsvnieiv3ej16jby.litix.io distillery.wistia.com; media-src * 'self' https://www.essvote.com; frame-src 'self' www.google.com google.com fast.wistia.net; 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com scotland.shinyapps.io; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.std-soft.com https://appscdn.joomla.org/ https://extensionscdn.joomla.org https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; report-uri https://www.std-soft.com/violation-report-endpoint.php;report-to gpg-0x9fa761c21f0c0107@std-service.com; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' web-in21.mxradon.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net cdnjs.cloudflare.com js.zohostatic.com salesiq.zoho.com maxcdn.bootstrapcdn.com googleads.g.doubleclick.net px.ads.linkedin.com api.tiles.mapbox.com; style-src 'self' 'unsafe-inline' css.zohostatic.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: blob: img.zohostatic.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.com www.google.co.in; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' api.locus.sh wss://vts.zohopublic.com api.mapbox.com *.tiles.mapbox.com; media-src 'self' ; frame-src salesiq.zohopublic.com; worker-src 'self' blob: ; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report; 1
default-src 'self'; script-src https://static.groklearning-cdn.com 'nonce-ExsyQuJV5PVWubJfUHumRZJb' https://groklearning.com https://mathjax.groklearning-cdn.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net connect.facebook.net https://www.google-analytics.com; style-src https://static.groklearning-cdn.com 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://djtflbt20bdde.cloudfront.net https://mathjax.groklearning-cdn.com; img-src 'self' data: https://groklearning-cdn.com https://static.groklearning-cdn.com https://web.comp.gl www.facebook.com web.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://d33v4339jhl8k0.cloudfront.net https://beacon-v2.helpscout.net https://www.gravatar.com; connect-src 'self' https://groklearning-cdn.com https://static.groklearning-cdn.com wss://realtime.groklearning.com wss://terminals.groklearning.com wss://sandbox.comp.gl wss://*.sandbox.comp.gl https://*.sandbox.comp.gl https://preview.comp.gl https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.groklearning.io https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com sentry.io https://docs.groklearning.io; font-src https://static.groklearning-cdn.com https://mathjax.groklearning-cdn.com data: https://fonts.gstatic.com; object-src https://beacon-v2.helpscout.net; media-src https://static.groklearning-cdn.com https://groklearning-cdn.com https://beacon-v2.helpscout.net; frame-src 'self' https://static.groklearning-cdn.com https://web.comp.gl cybersecurity.comp.gl pxtmicrobit.comp.gl scratch.comp.gl https://beacon-v2.helpscout.net staticxx.facebook.com *.sandbox.comp.gl preview.comp.gl *.preview.comp.gl; child-src 'self' https://web.comp.gl cybersecurity.comp.gl pxtmicrobit.comp.gl scratch.comp.gl *.facebook.com; form-action 'self' https://www.paypal.com; base-uri https://docs.helpscout.com; report-uri /csp/report-violation/ 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:;  object-src 'self'; font-src https: data:; script-src 'nonce-d974702a-8241-4d2d-aaf6-e4230b91c746' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.es ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.es *.spreadshirt.es ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.es ; font-src 'self' https: data: *.spreadshirt.es ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.es ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.es ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; script-src 'self' 'sha256-E1CX85wHvWF/y6s82yeROOKvv7fg4U4BvTUmJJfi1A0=' 'sha256-dCgNNQbz7M56gjHacv0oyAA8QnEVO4bf0ryRNA7zO0E=' 'sha256-IZEZH7e/zlP3IUYvwXhRUYhd0fVH6D/aL6RZP2VYIv8=' 'sha256-ad/ucyxjjVdQMlQYYnGcLVbrOD19/jHD/inyecFiz9I=' 'sha256-UuBlltmn7Djcq4b1tw5To9AJk4IndFxmzUs2+YHpcSo=' 'sha256-EPMv0D/5R2ttb97miDjAzOyGo3tbbaTJIWqf5Ido02U=' 'sha256-KoZvlNi6WIlva5SMPsgkZKuz3pwSCUhpugmi7saPqak=' 'sha256-WE8Bzn8LS+cG0zAPMZrSrmKfpDOl/hXnmXethBQckXQ=' 'nonce-y0qr59jviq' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/ https://player.vimeo.com/; style-src 'unsafe-inline' 'self' https://fonts.google.com/ https://netdna.bootstrapcdn.com/ https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/ https://netdna.bootstrapcdn.com/; img-src 'self' https://www.google-analytics.com/ https://secure.gravatar.com/; connect-src https://api.greenhouse.io/; frame-src https://boards.greenhouse.io/ https://player.vimeo.com/ 1
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz  static.compari.ro; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' https://www.dnc.org.nz 'unsafe-eval' https://www.dnc.org.nz; object-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google.com/jsapi https://www.googletagmanager.com/gtag/js https://ssl.google-analytics.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn.jsdelivr.net/webshim/ https://www.youtube.com/iframe_api https://s.ytimg.com https://eqr.berenberg.de/js/vue.js; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/ https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.de https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com http://kendo.cdn.telerik.com https://pbs.twimg.com; media-src 'self' https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/; frame-src 'self' data: https://berenberg-staging.factsheetslive.com https://berenberg.factsheetslive.com https://www.berenberg.de/my_templates/ https://www.youtube.com; child-src 'self' https://www.youtube.com; connect-src 'self' https://karriere.berenberg.de https://research.berenberg.com; report-uri https://bego.report-uri.io/r/default/csp/reportOnly 1
script-src 'nonce-cgz6W7ktNf98_zLsgPg6ig' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://consent.cookiebot.com/uc.js https://consent.cookiebot.com/97d3b191-ad18-48f5-80ae-d62b3aea1449/cc.js https://consentcdn.cookiebot.com/consentconfig/97d3b191-ad18-48f5-80ae-d62b3aea1449/state.js https://consent.cookiebot.com/b5074936-b18e-4414-88f2-8de62ed0b7c9/cc.js https://consentcdn.cookiebot.com/consentconfig/b5074936-b18e-4414-88f2-8de62ed0b7c9/state.js https://consent.cookiebot.com/6354fd3d-924e-434a-955c-43d3db73e62d/cc.js https://consentcdn.cookiebot.com/consentconfig/6354fd3d-924e-434a-955c-43d3db73e62d/state.js http://w.usabilla.com/8f9054bf779b.js http://w.usabilla.com/cbf59fb24a0a.js http://w.usabilla.com/6feb7f1df1ac.js http://w.usabilla.com/99158a893ac6.js https://chat.vanlanschot.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://sjs.bizographics.com https://bat.bing.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.linkedin.com/px https://px.ads.linkedin.com https://www.googleadservices.com https://maps.googleapis.com https://deploy.mopinion.com/js/pastease.js https://collect.mopinion.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://chat.vanlanschot.nl;img-src 'self' https://www.google-analytics.com https://insights.hotjar.com https://static.hotjar.com http://static.hotjar.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://stats.g.doubleclick.net https://pixel.mathtag.com/event/ https://cx.atdmt.com https://www.facebook.com/tr https://bat.bing.com https://pixel.rubiconproject.com https://beleggingsinformatie.vanlanschot.nl https://*.cloudfront.net data: https://www.google.com https://www.google.nl https://www.google.be https://www.google.ch https://login.vanlanschot.com https://acc-login.vanlanschot.com;frame-src 'self' https://chat.vanlanschot.nl https://player.vimeo.com https://vars.hotjar.com https://www.google.com https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/' https://consentcdn.cookiebot.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com https://static.hotjar.com http://static.hotjar.com;connect-src 'self' https://chat.vanlanschot.nl http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://deploy.mopinion.com https://cacheorcheck.mopinion.com/survey/public/emoji;child-src 'self' https://vars.hotjar.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/api2 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: ; report-uri https://csp.rcahms.gov.uk/bfa-live; 1
default-src https:; img-src 'self'; require-sri-for script style 1
default-src 'self' https:; child-src 'self' vimeo.com player.vimeo.com boards.greenhouse.io www.google.com; connect-src wss://* 'self' *.intercom.io *.intercomcdn.com s3.amazonaws.com js.leadin.com js.hs-scripts.com forms.hubspot.com; font-src data: *; frame-src 'self' boards.greenhouse.io; img-src data: 'unsafe-inline' *; object-src 'none'; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; upgrade-insecure-requests; report-uri https://cobalt.report-uri.io/r/default/csp/enforce 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://utdrvvtzkqpmtlszwunimosi.httpschecker.net/report 1
child-src 'self'; connect-src 'self' http://*.google-analytics.com https://*.amplitude.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.nr-data.net https://*.pusher.com https://*.stream-io-api.com wss://*.intercom.io wss://*.pusher.com wss://*.pusher.com:443 wss://*.stream-io-api.com; default-src 'self'; font-src 'self' https://*.cloudflare.com https://*.fontawesome.com https://*.gstatic.com https://*.intercomcdn.com; frame-src 'self' https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.snapchat.com https://*.youtube.com https://slimfaq.com; img-src 'self' http://*.google-analytics.com http://t.co https://*.facebook.com https://*.fbsbx.com https://*.fprg2-1.fna.fbcdn.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ca https://*.google.ch https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.gh https://*.google.com.gi https://*.google.com.uy https://*.google.cz https://*.google.ie https://*.google.it https://*.google.nl https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.nr-data.net https://*.paypalobjects.com https://*.playerslounge.co https://*.slimfaq.com https://t.co; manifest-src 'self'; media-src 'self' https://*.intercomcdn.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.ads-twitter.com http://*.facebook.net http://*.google-analytics.com http://*.googleadservices.com https://*.ads-twitter.com https://*.amplitude.com https://*.berbix.com https://*.cloudflare.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://*.ravepay.co https://*.slimfaq.com https://*.tiktok.com https://*.twitter.com https://sc-static.net wss://*.intercom.io wss://*.pusher.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.cloudflare.com https://*.fontawesome.com https://*.googleapis.com https://*.slimfaq.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_24bafb4d41412e492b326a58c4bdb066 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=en.shopify.no&source%5Bsection%5D=brochure&source%5Buuid%5D=3a87890a03dada09397a422a862a022a 1
media-src 'none'; img-src 'none'; object-src 'none'; worker-src 'none'; script-src 'none'; manifest-src 'none'; style-src 'none'; font-src 'none'; child-src https://us.browser.tcell.insight.rapid7.com/; frame-src https://us.browser.tcell.insight.rapid7.com/; connect-src https://portal.equityadvisorsolutions.com https://athena.equityadvisorsolutions.com https://us.agent.tcell.insight.rapid7.com http://www.myequity.com https://myequity.com http://myequity.com https://us.browser.tcell.insight.rapid7.com/ https://equitynews.trustetc.com; report-uri https://us.browser.tcell.insight.rapid7.com/csp/7ef290d62d2278344d513a767c47ef56f455fe6e7a9faac8e7b7d2c0426326bd?rid=381678237 1
; report-uri 1
default-src 'self' *.oktacdn.com spotify.okta.com; connect-src 'self' *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com spotify.okta.com spotify-admin.okta.com spotify.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.oktacdn.com; style-src 'unsafe-inline' 'self' *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' login.okta.com spotify.okta.com spotify-admin.okta.com api-0f3c7c4d.duosecurity.com; img-src 'self' *.oktacdn.com spotify.okta.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data: blob:; font-src data: 'self' *.oktacdn.com fonts.gstatic.com; report-uri https://okta.report-uri.com/r/d/csp/reportOnly; report-to csp-report 1
default-src 'self' 'unsafe-inline'  'unsafe-eval' *.torfx.com *.doubleclick.net *.hotjar.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://bid.g.doubleclick.net *.bootstrapcdn.com  widget.trustpilot.com fonts.googleapis.com https://www.google-analytics.com bat.bing.com https://bat.bing.com ;                script-src  'self' 'unsafe-inline'  'unsafe-eval' *.torfx.com *.ucweb.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io getbootstrap.com unpkg.com *.pardot.com  *.bootstrapcdn.com connect.facebook.net *.googleapis.com bat.bing.com https://bat.bing.com http://www.googleadservices.com widget.trustpilot.com http://ajax.googleapis.com https://tagmanager.google.com  https://www.googletagmanager.com https://widget.trustpilot.com  https://www.google-analytics.com https://ssl.google-analytics.com  https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net;                img-src  data: 'self' 'unsafe-inline' * www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;                connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.ucweb.com/ https://gjtrack.ucweb.com *.torfx.com *.google-analytics.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io  bat.bing.com https://bat.bing.com *.doubleclick.net *.hotjar.io https://vc.hotjar.io https://bat.bing.com/bat.js;                frame-ancestors https://www.torfx.com http://www.torfx.com 'self' *.torfx.com;                font-src 'self' data: mediastream: blob: filesystem: https://www.google-analytics.com *.torfx.com https://www.torfx.com fonts.googleapis.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.bootstrapcdn.com https://*.bootstrapcdn.com/ *.bootstrapcdn.com https://netdna.bootstrapcdn.com  https://maxcdn.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com;                report-uri /tfx-csp-violation-report-endpoint.php; 1
font-src data: 'self' https://*.intuit.com https://*.intuitcdn.net:*; object-src 'self' https://*.intuitcdn.net https://*.intuit.com; connect-src https://api.segment.io 'self' https://*.intuit.com https://*.intuit.com:* https://*.intuitcdn.net:* https://hosted-shell-assets-us-west-2.s3.us-west-2.amazonaws.com wss://plugin-localhost.intuitcdn.net:* wss://plugin.intuitcdn.net:* https://*.intuit.net https://www.youtube.com https://vimeo.com https://*.algolia.net https://*.algolianet.com https://analytics.algolia.com https://*.algolia.io https://www.youtube.com/iframe_api https://www.googleapis.com/youtube/ https://s.ytimg.com/yts/jsbin/ https://cdn.decibelinsight.net/; frame-src https://*.intuitcdn.net https://*.intuit.com https://www.youtube.com https://*.youtube.com https://player.vimeo.com https://www.google-analytics.com/; script-src https://cdn.segment.io https://cdn.segment.com 'self' 'unsafe-eval' 'unsafe-inline' https://*.intuit.com https://*.intuitcdn.net:* 'nonce-GSNA6z4euyRldWKP8gXUug==' https://www.youtube.com/iframe_api https://www.googleapis.com/youtube/ https://s.ytimg.com/yts/jsbin/ https://*.algolia.net https://*.algolianet.com https://analytics.algolia.com https://*.algolia.io https://cdn.decibelinsight.net/ https://www.google-analytics.com/; img-src data: 'self' https://*.intuit.com https://*.intuitcdn.net:* https://img.youtube.com https://www.youtube.com/embed/ https://i.vimeocdn.com https://player.vimeo.com/video/ https://vimeo.com/api/v2/video/ https://www.google-analytics.com/ https://vimeo.com/ https://i.ytimg.com/ https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/; worker-src 'self' blob:; default-src 'self' https://*.intuit.com https://*.intuitcdn.net:*; style-src 'self' https://*.intuitcdn.net:* https://*.intuit.com 'unsafe-eval' 'unsafe-inline'; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://b665164c4fb2875cf6d57e97c5ceb8d2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://js-agent.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://static.addtoany.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com https://*.google.com https://*.webspellchecker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com r.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://i.ytimg.com https://*.ytimg.com https://*.googleapis.com; media-src 'self' data: http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://stats.g.doubleclick.net; frame-src https://*.webspellchecker.net https://static.addtoany.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://maps.google.com https://player.vimeo.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://stats.addtoany.com https://stats.g.doubleclick.net https://www.google-analytics.com; report-uri /report-csp-violation 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' *.yandex.ru; style-src https: 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src https: data: fonts.googleapis.com; frame-src https: www.youtube.com; report-uri /csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://kidsacademy.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; object-src 'self' blob:; font-src https: data:; report-uri /csp-report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *; report-uri https://www.czarymary.pl/kh/csp_report.php 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=metroh&d=2020-07-12 1
script-src 'nonce-tJnXDhwP-FWSpxbtYBcVfg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.youtube.com video.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline' blob:; report-uri /csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' assets.adobedtm.com bam.nr-data.net cdn.auth0.com d3js.org js-agent.newrelic.com login.developer.nvidia.com platform.twitter.com s.adroll.com smetrics.nvidia.com themes.googleusercontent.com blob: c.contentsquare.net cdnjs.cloudflare.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org t.contentsquare.net www.facebook.com www.youtube.com c1.rfihub.net googleads.g.doubleclick.net static.addtoany.com www.google.com www.google.com.br l.contentsquare.net use.fontawesome.com www.googleadservices.com 20805672p.rfihub.com 20805915p.rfihub.com 20805696p.rfihub.com developer.download.nvidia.com eb2.3lift.com fcmatch.youtube.com pixel.rubiconproject.com ads.yahoo.com cm.g.doubleclick.net dsum-sec.casalemedia.com fcmatch.google.com ib.adnxs.com idsync.rlcdn.com pixel.advertising.com simage2.pubmatic.com sync.outbrain.com trc.taboola.com ups.analytics.yahoo.com us-u.openx.net www.google.co.uk www.googletagmanager.com x.bidswitch.net 20762408p.rfihub.com 20805903p.rfihub.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' assets.adobedtm.com bam.nr-data.net cdn.auth0.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org d3js.org js-agent.newrelic.com s.adroll.com t.contentsquare.net 'unsafe-inline' static.addtoany.com analytics.twitter.com forums.developer.nvidia.com googleads.g.doubleclick.net platform.twitter.com s.dca0.com sn.dca0.com static.ads-twitter.com vjs.zencdn.net www.googleadservices.com ucads-cdn.ucweb.com www.googletagmanager.com a.rfihub.com c1.rfihub.net cdn.syndication.twimg.com s.ytimg.com snap.licdn.com www.youtube.com cdnjs.cloudflare.com cdn.rawgit.com www.google.com assetscdn.stackla.com 10.30.25.159:9384 10.56.27.51:8080 translate.google.com translate.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com platform.twitter.com ton.twimg.com cdn.jsdelivr.net assetscdn.stackla.com fonts.googleapis.com vjs.zencdn.net translate.googleapis.com; img-src 'self' ads.yahoo.com c.contentsquare.net d.adroll.com data: dsum-sec.casalemedia.com eb2.3lift.com ib.adnxs.com idsync.rlcdn.com pixel.advertising.com pixel.rubiconproject.com s.amazon-adsystem.com simage2.pubmatic.com smetrics.nvidia.com sync.outbrain.com tags.bluekai.com trc.taboola.com ups.analytics.yahoo.com us-u.openx.net www.facebook.com www.gstatic.com x.bidswitch.net cm.g.doubleclick.net developer.download.nvidia.com fcmatch.google.com fcmatch.youtube.com www.google.com www.google.com.au developer.qa.nvidia.com l.contentsquare.net platform.twitter.com sync.mathtag.com syndication.twitter.com www.google.it www.google.nl www.nvidia.com p.adsymptotic.com pippio.com rc.rlcdn.com t.co www.quora.com px.ads.linkedin.com subscription.omnithrottle.com www.google.co.kr www.linkedin.com aa.agkn.com docs.nvidia.com gpush.cogocast.net loadm.exelator.com match.rundsp.com pm.w55c.net secure.insightexpressai.com sync-tm.everesttech.net tag.apxlv.com tag.cogocast.net usermatch.krxd.net www.google.co.il 20805672p.rfihu; media-src developer.download.nvidia.com 'self' developer.download.nvidia.cn; frame-src login.developer.nvidia.com bid.g.doubleclick.net platform.twitter.com static.addtoany.com 20762408p.rfihub.com www.youtube.com widget.stackla.com www.facebook.com 20776763p.rfihub.com 20776764p.rfihub.com 20786532p.rfihub.com a.rfihub.com ucads-cdn.ucweb.com 20776762p.rfihub.com forums.developer.nvidia.com nvidia.demdex.net syndication.twitter.com 'self' 20786063p.rfihub.com nlsdt.com webportalapp.com www.youtube-nocookie.com chrome-error ms-appx-web:// ms-appx-web://microsoft.microsoftedge pwm-image.trendmicro.com s.dca0.com utp.ucweb.com; frame-ancestors 'self' nvidia.lookbookhq.com nvidia.pathfactory.com resources.nvidia.com; child-src blob: login.developer.nvidia.com forums.developer.nvidia.com www.youtube.com 20762408p.rfihub.com a.rfihub.com platform.twitter.com s.dca0.com bid.g.doubleclick.net nvidia.demdex.net syndication.twitter.com static.addtoany.com webportalapp.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data: use.fontawesome.com assetscdn.stackla.com cdnjs.cloudflare.com use.typekit.net developer.nvidia.com cdn.honey.io about vjs.zencdn.net at.alicdn.com chrome-extension webfonts.zohostatic.com; connect-src 'self' bam.nr-data.net c.contentsquare.net smetrics.nvidia.com l0.dca0.com l10.dca0.com l12.dca0.com l13.dca0.com l14.dca0.com l15.dca0.com l17.dca0.com l18.dca0.com l2.dca0.com l3.dca0.com l5.dca0.com l6.dca0.com l1.dca0.com l11.dca0.com l16.dca0.com l4.dca0.com l7.dca0.com l8.dca0.com l9.dca0.com sn.dca0.com sn36.dca0.com api.cognitive.microsofttranslator.com www.facebook.com gjtrack.ucweb.com plugin.ucads.ucweb.com r.contentsquare.net dpm.demdex.net subwayblaze.com developer.download.nvidia.cn optout.dca0.com vk.com az.nmgplatform.com login.developer.nvidia.com track.uc.cn translate.googleapis.com uc.gre; report-uri https://nvidia.report-uri.com/r/d/csp/wizard 1
default-src https:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';img-src https: data: blob:;font-src https: data:;connect-src 'self' https: blob:;report-uri /csp-report 1
default-src 'none'; img-src 'self' data: https://q.quora.com https://www.google.com/ads https://www.google.co.uk/ads https://static.localcoinswap.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://insights.hotjar.com https://static.hotjar.com; font-src 'self' data: https://static.localcoinswap.com https://fonts.gstatic.com https://static.hotjar.com; media-src 'self' https://static.localcoinswap.com; script-src 'self' https://localcoinswap.com https://static.localcoinswap.com https://maps.googleapis.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.onesignal.com https://onesignal.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.localcoinswap.com https://fonts.googleapis.com https://tagmanager.google.com; connect-src 'self' https://vc.hotjar.io https://api.ipify.org wss://localcoinswap.com https://sentry.localcoinswap.com https://www.facebook.com/tr/ https://maps.google.com https://www.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://www.google.com https://vars.hotjar.com https://onesignal.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; manifest-src 'self' https://static.localcoinswap.com; report-uri https://localcoinswap.com/report-csp-violation/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.tw&source%5Bsection%5D=brochure&source%5Buuid%5D=01e0fbb03356657a0bc672334b47719e 1
default-src 'self' duncker-humblot.de www.duncker-humblot.de captcha.wirth-horn.de cookiemanager.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
default-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk www.youtube-nocookie.com; script-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk cdn.ravenjs.com ssl.google-analytics.com www.google-analytics.com static.addtoany.com dfsrovckda8bt.cloudfront.net hitcounter.servmetric.com www.google.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com translate.googleapis.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com babm.texthelp.com plus.browsealoud.com *.tawk.to cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ websurveys2.servmetric.com websurveys2.govmetric.com hitcounter.govmetric.com content.govdelivery.com cdn.mxpnl.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.charnwood.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.google.com maps.google.co.uk *.googleapis.com plus.browsealoud.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com websurveys2.govmetric.com websurveys2.servmetric.com 'unsafe-inline'; img-src 'self' data: www.charnwood.gov.uk secure.cuttlefish.com static.cuttlefish.com ssl.google-analytics.com www.google-analytics.com dfsrovckda8bt.cloudfront.net www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com translate.google.com maps-api-ssl.google.com babm.texthelp.com plus.browsealoud.com syndication.twitter.com platform.twitter.com stats.g.doubleclick.net cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com abs.twimg.com https://*.ggpht.com static-v.tawk.to websurveys2.govmetric.com websurveys2.servmetric.com content.govdelivery.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com static-v.tawk.to; connect-src 'self' www.charnwood.gov.uk ssl.google-analytics.com www.google-analytics.com translate.googleapis.com babm.texthelp.com plus.browsealoud.com baspeech.speechstream.net sentry.cuttlefish.com https://stats.g.doubleclick.net *.tawk.to wss://*.tawk.to https://api.mixpanel.com; frame-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk static.addtoany.com platform.twitter.com syndication.twitter.com www.facebook.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ va.tawk.to websurveys2.govmetric.com; media-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk baspeech.speechstream.net; frame-ancestors 'self' www.charnwood.gov.uk my.charnwood.gov.uk; child-src 'self' va.tawk.to; form-action 'self' www.charnwood.gov.uk my.charnwood.gov.uk pa.charnwood.gov.uk va.tawk.to https://public.govdelivery.com/accounts/UKCHARNWOOD/subscribers/qualify; report-uri https://us-central1-domains-174713.cloudfunctions.net/csp?report_only; 1
script-src 'self' https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
report-uri /api/log_csp_event 1
default-src 'self' *.doubleclick.net *.synthetix.com https://stats.g.doubleclick.net; media-src 'self' *.synthetix.com; frame-ancestors 'self' *.doubleclick.net *.hotjar.com *.youtube.com https://widget.trustpilot.com https://www.google.com https://www.facebook.com; frame-src 'self' *.doubleclick.net *.hotjar.com *.youtube.com *.pardot.com https://widget.trustpilot.com https://www.google.com https://www.facebook.com https://www.opinionstage.com https://www.googletagmanager.com https://connect.facebook.net https://embed.ex.co; font-src 'self' *.synthetix.com *.gstatic.com https://cloud.typography.com https://hello.myfonts.net https://benendenglobalassets.blob.core.windows.net https://maxcdn.bootstrapcdn.com https://use.typekit.net https://script.hotjar.com https://cdnjs.cloudflare.com data:; connect-src 'self' *.synthetix.com *.hotjar.com *.google-analytics.com *.doubleclick.net *.playbuzz.com https://www.facebook.com https://vc.hotjar.io https://nexus.ensighten.com https://a.tiles.mapbox.com https://api.postcodes.io https://www.opinionstage.com https://stats.g.doubleclick.net https://www.google.com wss://*.hotjar.com https://api.mapbox.com; style-src 'self' *.googleapis.com *.synthetix.com https://hello.myfonts.net https://cloud.typography.com https://benendenglobalassets.blob.core.windows.net https://benenden.syn-finity.com https://maxcdn.bootstrapcdn.com https://api.mapbox.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' *.googleapis.com *.synthetix.com *.pardot.com *.mapbox.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cloud.typography.com https://benendenglobalassets.blob.core.windows.net https://hello.myfonts.net https://benenden.syn-finity.com 'unsafe-inline'; img-src 'self' *.google-analytics.com *.doubleclick.net *.visualwebsiteoptimizer.com *.gstatic.com *.googleapis.com *.facebook.net *.linkedin.com *.synthetix.com *.googletagmanager.com *.hotjar.com *.playbuzz.com *.benenden.co.uk https://nexus.ensighten.com https://secure.adnxs.com https://www.google.co.uk https://www.google.com https://t.co https://www.facebook.com https://benendenhubblobprod.blob.core.windows.net https://b.tiles.mapbox.com https://a.tiles.mapbox.com https://api.mapbox.com https://p.typekit.net https://i.ytimg.com https://www.google-analytics.com https://cm.g.doubleclick.net https://stats.g.doubleclick.net https://ssl.google-analytics.com https://amplifypixel.outbrain.com https://bppmdmxgsg.execute-api.eu-west-1.amazonaws.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src 'self' *.googleapis.com *.google-analytics.com *.pardot.com *.visualwebsiteoptimizer.com *.synthetix.com *.doubleclick.net *.responsetap.com *.hotjar.com *.googletagmanager.com *.twitter.com *.playbuzz.com https://pixel.mathtag.com https://vc.hotjar.io https://sjs.bizographics.com https://nexus.ensighten.com https://connect.facebook.net https://secure.frog9alea.com https://static.ads-twitter.com https://www.google.com https://benenden.syn-finity.com https://t.co https://www.facebook.com https://www.google.co.uk https://live-chat-help.com https://www.googleadservices.com https://widget.trustpilot.com https://forbusiness.benenden.co.uk https://api.mapbox.com https://api.postcodes.io https://a.tiles.mapbox.com https://maxcdn.bootstrapcdn.com https://connect.facebook.net https://www.youtube.com https://s.po.st https://s.ytimg.com https://use.typekit.net https://snap.licdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.opinionstage.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.playbuzz.com *.hotjar.com *.twitter.com *.googleapis.com *.synthetix.com *.responsetap.com *.pardot.com *.youtube.com *.mapbox.com *.doubleclick.net https://dev.visualwebsiteoptimizer.com https://nexus.ensighten.com https://ssl.google-analytics.com https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.synthetix.com https://www.google-analytics.com https://connect.facebook.net https://secure.frog9alea.com https://static.ads-twitter.com https://www.googleadservices.com https://benenden.syn-finity.com https://googleads.g.doubleclick.net https://forbusiness.benenden.co.uk https://c5.adalyser.com https://www.opinionstage.com https://s.po.st https://s.ytimg.com https://use.typekit.net https://maxcdn.bootstrapcdn.com https://use.typekit.net https://ad.doubleclick.net https://www.pagespeed-mod.com 'unsafe-inline' data:; report-uri https://benwebteam.report-uri.com/r/d/csp/enforce 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.kr&source%5Bsection%5D=brochure&source%5Buuid%5D=3f2d8894a6df334b283ca3fde6cc3cec 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' images.masterlogin.de; media-src 'none'; frame-src 'none'; connect-src *; report-uri /violation.php 1
default-src 'self' www.youtube.com *.hotjar.com; script-src 'self' 'nonce-1rMXyZnQTkuPCjemtF7a4g==' report-sample *.google-analytics.com *.googletagmanager.com *.hotjar.com 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://*.googletagmanager.com/; frame-src 'self' vars.hotjar.com www.youtube.com; connect-src 'self' *.pusher.com *.hotjar.io https://sentry.io google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.google-analytics.com res.cloudinary.com stats.g.doubleclick.net google.com *.google.com google.no *.google.no; worker-src 'none'; media-src 'self' https://res.cloudinary.com/obos/; block-all-mixed-content; report-uri /csp-error/; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://2gub4a67k9.execute-api.eu-central-1.amazonaws.com/csp/ 1
default-src 'self'; base-uri 'self'; connect-src 'self' bam.nr-data.net sentry.io *.freshworksapi.com wss://*.freshworksapi.com www.google-analytics.com heapanalytics.com; font-src 'self' d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net data: fonts.gstatic.com use.typekit.net; frame-src 'self' *.webpush.freshchat.com *.freshreports.com wchat.freshchat.com *.freshid.io *.freshworks360.io *.chargebee.com *.myfreshworks.dev *.freshworksweb.com freshdesk.com *.freshworks.com *.int.myfreshworks.dev; img-src https: data: blob:; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'report-sample' 'self' accounts.freshworks.com bam.nr-data.net d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net js-agent.newrelic.com polyfill.io wchat.freshchat.com sentry.io js.chargebee.com www.google-analytics.com *.freshworksapi.com heapanalytics.com *.heapanalytics.com fonts.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline' accounts.freshworks.com d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net wchat.freshchat.com fonts.googleapis.com; worker-src blob:; report-uri https://vfm4r1o44m.execute-api.us-east-1.amazonaws.com/default/FreshreleaseCSPReport 1
default-src *; style-src *  data: 'unsafe-inline'; img-src *  data:; font-src *  data:; connect-src *; media-src * ; frame-src *;  script-src * data: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com; 1
default-src 'self' *.localphone.com *.localphone.co.uk https://*.tawk.to wss://*.tawk.to; img-src * data: ; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://*.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://*.tawk.to https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com https://*.tawk.to wss://*.tawk.to; report-uri https://localphone.report-uri.io/r/default/csp/reportOnly 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: s.ytimg.com www.youtube.com www.googletagmanager.com www.google-analytics.com cdn.mouseflow.com static.hotjar.com connect.facebook.net script.hotjar.com js-agent.newrelic.com bam.nr-data.net www.google.com www.gstatic.com f24.org maps.googleapis.com ssp.deepmap.de cdnjs.cloudflare.com cdn.rawgit.com *.mapsindoors.com; connect-src 'self' insights.hotjar.com stats.g.doubleclick.net www.bing.com www.google-analytics.com ws://www.olma-messen.ch o2.mouseflow.com *.facebook.com *.mapsindoors.com; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com *.mapsindoors.com; font-src 'self' data: fonts.gstatic.com; object-src 'self'; worker-src www.google.com; frame-ancestors 'self'; frame-src 'self' data: www.youtube.com vars.hotjar.com www.facebook.com www.google.com curationwall.com connect.facebook.net www.googletagmanager.com clients.mapsindoors.com; base-uri 'self'; form-action 'self' www.facebook.com connect.facebook.net; manifest-src 'self'; media-src 'self'; report-uri https://unic.report-uri.com/r/d/csp/reportOnly; report-to cspro; 1
default-src 'self' data: *.hotjar.com *.hotjar.io *.googleusercontent.com *.cloud.google.com *.fontawesome.com *.gstatic.com *.reevoo.com *.jsdelivr.net; img-src 'self' data: https: *.googletagmanager.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.reevoo.com *.fontawesome.com *.jsdelivr.net; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.reevoo.com *.fontawesome.com *.newrelic.com *.contentstack.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.videodelivery.net *.googleadservices.com *.analytics.yahoo.com *.googletagmanager.com *.salesforceliveagent.com *.facebook.net *.jsdelivr.net *.bing.com *.hotjar.com *.hotjar.io *.tiqcdn.com *.yimg.com *.golfbreaks.com bam.eu01.nr-data.net polyfill.io; connect-src 'self' *.reevoo.com *.bing.com *.tealiumiq.com *.google-analytics.com *.salesforceliveagent.com *.yimg.com *.facebook.com *.hotjar.com *.hotjar.io *.fontawesome.com sentry.io videodelivery.net bam.eu01.nr-data.net; font-src 'self' data: *.reevoo.com *.hotjar.com *.fontawesome.com *.jsdelivr.net *.gstatic.com; frame-src *.doubleclick.net *.autoeurope.com *.doubleclick.net *.hotjar.com *.reevoo.com *.facebook.com *.tealiumiq.com; child-src 'self' blob: *; media-src 'self' blob: *.google.com videodelivery.net *.googleusercontent.com; form-action 'self' golfbreaks.secure.force.com *.facebook.com *.tealiumiq.com *.cs110.force.com *.salesforceliveagent.com; frame-ancestors 'none'; object-src 'none'; report-uri https://o246236.ingest.sentry.io/api/1470514/security/?sentry_key=aaa779434b65427fa3608b8938255828 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.google.com www.google-analytics.com ucads-cdn.ucweb.com clientcdn.pushengage.com www.googletagmanager.com maps.googleapis.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net ajax.googleapis.com ruparupa.pushengage.com static.ads-twitter.com cdn.polyfill.io; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' ruparupa.pushengage.com fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.googletagmanager.com ucads-cdn.ucweb.com www.facebook.com cdn.flipsnack.com bid.g.doubleclick.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' googleads.g.doubleclick.net www.google.com.hk ruparupa.pushengage.com informa.co.id maps.gstatic.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' plugin.ucads.ucweb.com stats.g.doubleclick.net clients-api.pushengage.com www.google.com www.google-analytics.com gjtrack.ucweb.com oeqepmcz7a.execute-api.us-east-1.amazonaws.com www.facebook.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' assetscdn.pushengage.com stats.g.doubleclick.net www.gstatic.com googleads.g.doubleclick.net maps.googleapis.com informa.co.id www.google.co.id www.google.com www.googletagmanager.com maps.gstatic.com www.google.com.hk www.google.com.tw res.cloudinary.com www.google.com.sg www.facebook.com www.google-analytics.com placehold.it; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' informa.co.id fonts.gstatic.com; report-uri /csp_report 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-UVd1bfzbP7xrxtJSDHp//V/fO0IkNJkciQP0yeBrIPw=' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY=' 'sha256-sjHn4TEpK5Mg0DnixdVitXRrBEVkwGriDPnccbpj+Nw='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.toolpartsdirect.com ssl.google-analytics.com d.impactradius-event.com www.googletagmanager.com   www.googlecommerce.com *.google.com s.ytimg.com www.youtube-nocookie.com *.addthis.com z.moatads.com v1.addthisedge.com static-na.payments-amazon.com js.braintreegateway.com logs-01.loggly.com www.paypalobjects.com c.paypal.com assets.braintreegateway.com flex.msn.com *.cloudmaestro.com *.cloudflare.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.homepointfinanical.com https://cdnjs.cloudflare.com https://*.mortgageloan.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://stats.g.doubleclick.net https://www.gravatar.com https://*.umbraco.org https://pixel-a.basis.net https://pixel.sitescout.com https://snazzymaps.com https://*.podium.com; report-uri https://hpfc.report-uri.com/r/d/csp/reportOnly 1
default-src https:; frame-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
script-src 'nonce--COuV_oDH09xFNMbqVedNw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk apps.nestle.com apps.nestle.co.uk *.newrelic.com *.betrad.com bam.nr-data.net https://static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net https://lb.nestle-watersna.com *.serving-sys.com http://7225833.collect.igodigital.com https://connect.facebook.net *.krxd.net *.cloudfront.net; style-src 'self' 'unsafe-inline' *.nestlepurelife.com *.acsitefactory.com fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com https://lb.nestle-watersna.com http://nplus.nestlewaters.acsitefactory.com *.google.com *.nestlewaters.com www.nestlepurelife.com *.nestlewaters.com www.nestlepurelife.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://lb.nestle-watersna.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlewaters.com http://*.nestlewaters.com *.nestlewaters.com http://*.nestlewaters.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://www.nestle-purelife.us https://nestle-purelife.us https://lb.nestle-watersna.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net *.krxd.net; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://www.nestle-purelife.us https://nestle-purelife.us https://lb.nestle-watersna.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net *.krxd.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://lb.nestle-watersna.com https://collect.analyze.ly https://secure-ds.serving-sys.com; report-uri /us/report-csp-violation 1
default-src 'self' www.google-analytics.com www.googletagmanager.com *.formitable.com www.w3.org connect.facebook.net *.facebook.com secure-hotel-tracker.com player.vimeo.com www.youtube.com js-agent.newrelic.com bam.nr-data.net *.cookiebot.com  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.loyaltyinabox.com https://iframeshop.chipta.com 'unsafe-eval' data:; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' www.facebook.com www.google-analytics.com www.googletagmanager.com https://optimize.google.com https://bam.nr-data.net https://www.gstatic.com https://secure.gravatar.com https://translate.google.com data:; style-src 'self' https://optimize.google.com https://fonts.googleapis.com *.formitable.com https://secure.gravatar.com/ https://translate.googleapis.com 'unsafe-inline' data:; connect-src 'self' https://www.facebook.com *.formitable.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net www.google-analytics.com; frame-src 'self' www.google-analytics.com www.googletagmanager.com *.formitable.com https://*.youtube.com www.w3.org connect.facebook.net *.facebook.com secure-hotel-tracker.com player.vimeo.com www.youtube.com js-agent.newrelic.com bam.nr-data.net *.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://optimize.google.com https://*.loyaltyinabox.com https://iframeshop.chipta.com https://w.soundcloud.com https://www.mixcloud.com/ 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors: self https://*.volkshotel.nl; base-uri: 'self'; form-action: 'self'; report-uri https://volkshotel0.report-uri.com/r/d/csp/reportOnly; 1
script-src 'nonce-VF8-q4O95p2BbIP_kU-tVg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/startup_google_com; base-uri 'none' 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; report-uri /report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://*.google.sk https://*.linkedin.com https://*.emjcd.com https://sjs.bizographics.com https://az416426.vo.msecnd.net https://*.googleadservices.com https://*.trustpilot.com https://*.googlesyndication.com https://*.leadforensics.com https://*.doubleclick.net https://*.eset.co.uk https://*.bing.com https://*.en25.com https://s.ytimg.com https://cdn1.esetstatic.com https://assets.esetstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.facebook.net https://www.youtube.com https://*.googleapis.com; img-src 'self' 'unsafe-inline' https://esetassets.blob.core.windows.net https://secure.adnxs.com https://fapi.eset.cz https://snap.licdn.com https://*.google.sk https://*.dotomi.com https://*.emjcd.com https://px.ads.linkedin.com https://*.google.com https://*.ytimg.com https://*.doubleclick.net https://*.bing.com https://*.eset.com https://*.esetstatic.com https://www.google-analytics.com https://*.gstatic.com https://www.facebook.com https://dpm.demdex.net *.eloqua.com https://cm.everesttech.net https://www.googletagmanager.com https://maps.googleapis.com; frame-src https://*.eset.com https://*.wirewax.com https://*.facebook.com https://*.trustpilot.com https://*.googlesyndication.com https://*.googleapis.com https://*.facebook.net https://*.doubleclick.net https://www.google.com https://www.youtube.com https://int.form.eset.com https://*.hotjar.com https://eset.demdex.net https://www.opinionstage.com; font-src 'self' https://cdn1.esetstatic.com https://fonts.gstatic.com; connect-src 'self' https://*.linkedin.vom https://dc.services.visualstudio.com https://*.google.com https://*.eset.com https://*.esetstatic.com https://*.facebook.com https://cookieconsent.eset.com https://api.eset.com https://*.demdex.net https://*.omtrdc.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.pingdom.net https://*.google-analytics.com; media-src 'self' https://*.esetstatic.com; report-uri https://eset.report-uri.com/r/d/csp/wizard; report-to default 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://connect.facebook.net https://api.instagram.com https://maps.googleapis.com https://bat.bing.com https://cdn.demio.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://scontent.cdninstagram.com https://maps.gstatic.com https://csi.gstatic.com  https://maps.googleapis.com https://bat.bing.com data:; object-src https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net; frame-src https://www.google.com https://www.facebook.com https://disqus.com https://www.youtube.com  https://www.youtube-nocookie.com https://moneybird.clickwebinar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor script-src 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.scoutbags.com platform.twitter.com *.pinterest.com apis.google.com membrain.getsidecar.com script.hotjar.com cdn.jsdelivr.net cdn.bronto.com bat.bing.com bam.nr-data.net js.bronto.com js-agent.newrelic.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com static.zdassets.com static.hotjar.com s.ytimg.com js.hs-analytics.net js.hs-scripts.com h30-deploy.hiconversion.com staticw2.yotpo.com d3v27wwd40f0xu.cloudfront.net d10lpsik1i8c69.cloudfront.net connect.facebook.net www.youtube.com container.pepperjam.com dev.visualwebsiteoptimizer.com fullstory.com 1
style-src widget.reviews.co.uk cdn.natterly.com 'self' c.disquscdn.com vps.freethought-internet.co.uk; child-src widget.reviews.co.uk disqus.com js.stripe.com; connect-src api-cache.reviews.co.uk api.natterly.com socket.natterly.com 'self' www.freethought.uk cdn.natterly.com vps.freethought-internet.co.uk; font-src cdn.natterly.com 'self' vps.freethought-internet.co.uk; media-src cdn.natterly.com 'self'; script-src widget.reviews.co.uk cdn.natterly.com 'self' js.stripe.com c.disquscdn.com disqus.com freethought-internet.disqus.com vps.freethought-internet.co.uk; img-src www.freethought.uk 'self' cdn.natterly.com files.natterly.com referrer.disqus.com c.disquscdn.com www.paypal.com vps.freethought-internet.co.uk; form-action 'self' portal.freethought.uk www.paypal.com ldex1-plesk3.uk.fi.net.uk ldex1-plesk4.uk.fi.net.uk ldex1-plesk5.uk.fi.net.uk ldex1-plesk6.uk.fi.net.uk www.freethought.uk ldex1-cpanel1.uk.fi.net.uk ldex1-plesk4.uk.fi.net.uk; frame-ancestors 'self'; frame-src disqus.com js.stripe.com widget.reviews.co.uk 'self'; manifest-src 'self'; default-src widget.reviews.co.uk c.disquscdn.com disqus.com; object-src 'self'; report-uri https://freethought.report-uri.com/r/d/csp/wizard 1
frame-ancestors 'self'; default-src 'self'; script-src maps.googleapis.com server.adform.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com 'self' 'unsafe-inline'; img-src maps.googleapis.com maps.gstatic.com mediafra.admiralcloud.com images.admiralcloud.com data: 'self'; font-src fonts.gstatic.com player.admiralcloud.com 'self';connect-src api.admiralcloud.com mediafra.admiralcloud.com 'self'; prefetch-src *.admiralcloud.com *.googleapis.com 'self'; frame-src tk.moovit24.de 'self'; worker-src blob: 'self'; media-src blob: 'self'; report-uri https://www.tk.de/service/rest/cspviolation/report 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ajax.googleapis.com https://apis.google.com https://cdnjs.cloudflare.com https://checkout.stripe.com https://static.accountdock.com https://stats.pusher.com https://beacon-v2.helpscout.net/ https://assets.calendly.com https://d3e54v103j8qbb.cloudfront.net 'sha256-CA+WQBPlufcdIkUhUDOoZD+LI9nFG5pEQ8mVu8YjH3Q=' 'sha256-MPJlsH5j4c6wINnG8IHGe5oFGnXdxl7l8rBToITQSpM=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-1O6ukW7q59ovCfRL0we+oC30CpPXAEYXJADSQ1vqH0s=' 'sha256-CA+WQBPlufcdIkUhUDOoZD+LI9nFG5pEQ8mVu8YjH3Q='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets.calendly.com; font-src 'self' https://fonts.gstatic.com themes.googleusercontent.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://checkout.stripe.com https://accounts.google.com https://static.accountdock.com https://payments.stunning.co https://calendly.com/; connect-src 'self' https://images.cloudcraft.co https://api.rollbar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://checkout.stripe.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://ws-mt1.pusher.com; img-src 'self' https: blob:; object-src 'self'; report-uri /api/csp/report 1
font-src *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.trustpilot.com *.braintreegateway.com *.kaptcha.com *.cardinalcommerce.com *.mention-me.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.nosto.com *.mention-me.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com invitejs.trustpilot.com polyfill.io connect.nosto.com www.google.com *.gstatic.com *.zendesk.com *.zdassets.com *.mention-me.com *.trustpilot.com *.googleapis.com *.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com connect.nosto.com *.algolia.net *.zendesk.com *.zdassets.com *.zopim.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.trustpilot.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=VN&lang=vi-VN&device=desktop&yrid=boi79hpfgl27a&partner=; 1
default-src 'self' data: 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://dc.services.visualstudio.com; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.msecnd.net; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; sandbox allow-forms allow-same-origin allow-scripts; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.skyscanner.net https://*.skyscnr.com https://*.gbot.me https://*.cloudfront.net https://*.akstat.io https://*.akamaihd.net https://*.perimeterx.net https://*.px-cloud.net https://*.mixpanel.com https://*.mxpnl.com https://*.zscloud.net https://*.branch.io https://*.usabilla.com https://app.link https://*.go-mpulse.net https://*.krxd.net https://cx.atdmt.com https://*.criteo.com https://*.criteo.net https://*.yandex.ru https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; report-uri https://slipstream.skyscanner.net/grp/v1/custom/public/csp-reports/report/security.ContentSecurityReport 1
frame-ancestors 'none'; block-all-mixed-content; object-src 'none'; report-uri https://sentry.io/api/161479/security/?sentry_key=9c457471fc3c4ce0a248b295ec84cb32 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.sparxmaths.uk https://static.prod.algenie.uk https://assets.sparxhomework.uk; connect-src wss://*.sparxmaths.uk https://*.sparxmaths.uk; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; script-src 'self' https: 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com https://edge.fullstory.com https://www.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com 'nonce-uuoMzHKLRt5KrwfDDAT02A=='; style-src 'self' https: https://tagmanager.google.com https://fonts.googleapis.com 'nonce-uuoMzHKLRt5KrwfDDAT02A=='; connect-src 'self' https: https://rs.fullstory.com https://www.google-analytics.com; base-uri 'self'; report-uri https://7675095cf102cb04f6ef9b5b801194e5.report-uri.com/r/d/csp/reportOnly 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=IN&lang=en-IN&device=desktop&yrid=ecmup3lfgkr40&partner=; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.my&source%5Bsection%5D=brochure&source%5Buuid%5D=7e0f57d9b38f330a8a27138261ad9aad 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.twojnzoz.pl az416426.vo.msecnd.net maps.google.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: maps.google.com maps.gstatic.com maps.googleapis.com csi.gstatic.com http://*.twojnzoz.pl; connect-src 'self' https://localhost:16501 ws://*.twojnzoz.pl https://dc.services.visualstudio.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ ; report-uri https://mediporta.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://comments.grahamedgecombe.com https://www.google-analytics.com; connect-src 'self' https://comments.grahamedgecombe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com; frame-ancestors 'none'; report-uri https://gpe.report-uri.io/r/default/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://apis.google.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com https://google-analytics.com https://t.womtp.com https://api.ipify.org https://maps.googleapis.com https://www.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com https://stats.g.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ad.doubleclick.net https://ads.profilemkt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com; img-src 'self' data: *.azureedge.net https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://cdnpcomercialsolvia.azureedge.net https://www.google.com https://www.google.es https://sb.scorecardresearch.com *.g.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com https://in.hotjar.com *.cdnwebcloud.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; report-uri https://69b2b976c6287d70a018dda40c4a3fca.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src youtube.com youtube-nocookie.com www.google.com www.facebook.com staticxx.facebook.com mc.yandex.ru mc.yandex.md; connect-src 'self' tomesto.ru wss://api.tomesto.ru api.tomesto.ru www.google-analytics.com stats.g.doubleclick.net *.bugsnag.com api.mixpanel.com api-js.mixpanel.com mxpnl.net www.facebook.com/tr/ mc.yandex.ru mc.yandex.md top-fwz1.mail.ru dadata.ru/api/ formgeek.net api.amplitude.com bam.nr-data.net gcdn.tomesto.ru; font-src 'self' fonts.gstatic.com data:; form-action 'self' www.facebook.com/tr/; img-src 'self' data: https:; manifest-src 'none'; media-src 'self' tomesto.ru *.tomesto.ru; object-src 'self'; plugin-types application/pdf; script-src 'self' 'unsafe-inline' 'unsafe-eval' tomesto.ru *.tomesto.ru www.google-analytics.com d2wy8f7a9ursnm.cloudfront.net mc.yandex.ru mc.yandex.md connect.facebook.net top-fwz1.mail.ru formgeek.net cdn4.mxpnl.com maps.google.com maps.googleapis.com js-agent.newrelic.com bam.nr-data.net dadata.ru/static/ cdn.amplitude.com; style-src 'self' 'unsafe-inline' tomesto.ru *.tomesto.ru fonts.googleapis.com dadata.ru/static/; worker-src 'none'; report-uri https://api.tomesto.ru/csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.youtube.com *.siteimprove.com *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com https://www.youtube.com *.siteimprove.com *.ytimg.com *.hubbardone.com;object-src 'self'; img-src 'self' *.google-analytics.com https://www.googletagmanager.com *.siteimprove.com;font-src 'self' *.gstatic.com; connect-src 'self';frame-ancestors 'self' *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net 'unsafe-inline'; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=139-2495305-3660226:rid=62CFF0E1C2E14F8EBF71:sn=www.playcrucible.com 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://apr1drrztrvo00vplh4evdpg.httpschecker.net/report 1
font-src static3.avast.com www.reedssports.com fonts.gstatic.com use.fontawesome.com cdn.honey.io www.clearplay.com use.typekit.net cdn.ivaws.com d3s8xk3etjyeyz.cloudfront.net themes.googleusercontent.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.reedssports.com 'self' 'unsafe-inline'; frame-ancestors www.reedssports.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com s7.addthis.com www.google.com bid.g.doubleclick.net assets.braintreegateway.com r2.dotdigital-pages.com protect-client.ns8.com edge.addthis.com online.fliphtml5.com www.youtube.com assets.pinterest.com mozbar.moz.com www.facebook.com s.cmptch.com s.pmgmads.com calendly.com pxy-sbx-01 pwm-image.trendmicro.com api.pmmapads.com s.pmmapads.com gateway.zscalertwo.net vocabla.com www.linkedin.com partners.cmptch.com twitter.com yellowfoxgames.com d31b6i309j1ui2.cloudfront.net d3s8xk3etjyeyz.cloudfront.net cdncache-a.akamaihd.net reddit.com www.google.com.x.3de0e39c05721041b70993c08a117cb46a3e.9270ef5b.id.opendns.com www.google.com.x.891cb68e019c7047d7090480aa5fcd23dba6.9270ef4a.id.opendns.com www.google.com.x.701698620f293040a708d840ef529b814a07.9270ef4d.id.opendns.com www.google.com.x.e3c535c7029ee041860b14003d2b8fdc350c.9270ef47.id.opendns.com api.exchmapdata.com noop.style proofpointisolation.com cdn.exchmapdata.com crushclanscom-a.akamaihd.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com s.ytimg.com a-52365312.ns8ds.com www.google.com stats.g.doubleclick.net bacon.section.io www.google.co.uk r2-t.trackedlink.net www.reedssports.com www.gstatic.com www.google.co.kr translate.google.com www.google.com.do www.google.de hardyload.com amasty.com www.google.com.ua www.google.com.mx www.google.ca www.google.com.ar www.google.rs cdn.ivaws.com www.google.ru www.google.it a5.behance.net www.google.com.br www.google.com.ph www.googletagmanager.com www.google.co.th www.google.co.in www.google.com.co www.google.dk www.google.bg www.facebook.com gateway.zscalertwo.net rum-collector-2.pingdom.net jaretsummer.com www.google.co.id www.google.cl www.addthis.com log.pinterest.com www.google.com.uy www.google.com.ec www.google.co.jp www.google.lt www.google.com.sg www.google.se www.google.com.sa www.google.lv www.google.com.vn www.google.com.eg www.google.com.mt www.google.com.au www.google.pt www.google.pl i.ytimg.com www.google.dj www.google.nl www.google.cz www.google.com.x.ce25557a0b87f04cbc08e740b8cedb1000ce.9270ef50.id.opendns.com www.google.ba www.magentocommerce.com www.google.es www.google.is www.youtube.com www.google.tt www.google.hn www.google.ro srvtop.com srdrvp.com partners.cmptch.com s.pmgmads.com www.google.no www.google.ae www.google.com.af bpb.opendns.com gateway.zscloud.net www.google.fi pm.w55c.net su.addthis.com www.google.com.tr www.google.fr www.google.sk www.google.com.pr www.google.com.hk www.google.hu pxy-sbx-01 www.google.iq www.google.at www.google.com.pk www.google.co.nz www.google.com.lb www.google.gr www.google.com.ng www.google.com.pe api.pmmapads.com dozi-staging.zoominfo.com accounts.google.com www.google.com.py gateway.zscaler.net security-us.mimecast.com gateway.zscalerthree.net www.google.com.bh www.google.tn www.google.ee cdn.klarna.com loungesrc.net www.google.co.il www.google.ch p.typekit.net www.google.com.kw www.google.by www.google.be www.tailwindapp.com www.google.co.ma www.google.hr www.google.com.tw www.google.ie s3.amazonaws.com cosmeticsrc.com 199.46.250.161 m.addthis.com bam.nr-data.net wseast01-wcg.medcampus.org www.google.ge adfs.scheels.com 10.54.48.39 www.google.com.cy www.google.com.kh www.google.al www.google.lk 10.16.2.137 s.cmptch.com www.google.co.ve www.google.jo www.google.com.bz 10.51.0.100 s.pmmapads.com debugsinfo.com security.etn.com www.google.com.x.967185d4051ab04c0008cd6070c0793a8166.9270ef4a.id.opendns.com www.google.com.ni www.google.com.sv 172.20.6.33 www.google.com.x.445a61070ea89043370a9c4040c3915480b4.9270ef5b.id.opendns.com sgnpypproxy002.na.cobank2.corp autroliner.com canvasdp-a.akamaihd.net canvaspl-a.akamaihd.net www.google.com.x.f711586a0a597042fc0814e05e36ddb716c2.9270ef40.id.opendns.com www.google.com.x.7b21c8c2002a104e850b29908214b7905e41.9270ef5b.id.opendns.com 172.217.215.154 www.google.com.x.eb2b8d2f0aff3046ef0b50300247a26956f5.9270ef4a.id.opendns.com www.backcountryevents.com 108.177.111.157 172.217.214.156 assets.grammarly.com www.google.com.x.eb6bb9440be620466e098ac09d64d65844d2.9270ef55.id.opendns.com www.google.com.gt www.google.com.x.0a5056dd04ec3044bf080ae0e3aca63e2409.9270ef43.id.opendns.com www.google.com.gh www.google.com.x.1236697c01069041af08215054169c6213fb.9270ef41.id.opendns.com cn1631599192-vnsg10734.ibosscloud.com cn1759618467-vnsg11583.ibosscloud.com 192.168.109.23 stats.g.doubleclick.net.x.831667c10b9f60486d08fb500cfc33e83895.d045241d.id.opendns.com www.google.dz www.google.si idsync.rlcdn.com lh3.googleusercontent.com mikkiload.com pt.ispot.tv x.dlx.addthis.com www.google.com.mm www.google.com.bo www.google.me www.google.com.x.3cb9b81c0748004a6709b1400617b3a51794.9270ef58.id.opendns.com crisdomson.com c.bing.com tags.bluekai.com www.google.lu tags.bkrtx.com ironport01 www.google.ht wseast02-wcg.medcampus.org roxlock.com cdn.exchmapdata.com api.exchmapdata.com www.google.cm www.google.com.x.486c25620be620407c080ba0a661c0b4d916.9270ef5a.id.opendns.com 10.10.254.20 hm.baidu.com www.google.co.za www.google.bs yastatic.net cdn.exchgmdata.com i.emlfiles.com strongsignal-a.akamaihd.net eventping-a.akamaihd.net jsl.infostatsvc.com www.att.com about.blank zswpmanager.wip.mmc.com qalitygigant.com donewrork.org stats.g.doubleclick.net.x.7e7ec0f80966c04b14084460db4fb073b74d.d045241d.id.opendns.com 192.168.240.81 10.1.1.61 199.46.250.164 cdn0.couponarea.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.youtube.com s7.addthis.com a-52365312.cdn.ns8ds.com z.moatads.com rum-static.pingdom.net v1.addthisedge.com js-agent.newrelic.com m.addthis.com www.google.com r2-t.trackedlink.net bam.nr-data.net www.gstatic.com www.googletagmanager.com googleads.g.doubleclick.net awesome.section.io r2.dotdigital-pages.com d3hfiwqcryy9cp.cloudfront.net www.reedssports.com edge.addthis.com swurl.com hardyload.com siteprerender.com cache-check.net siteblock.exeloncorp.com rialto-gms.s3.amazonaws.com connect.facebook.net gateway.zscalertwo.net jaretsummer.com assets.pinterest.com rum-static.pingdom.net.x.28cf52f007fb2045b9081a006963ed120f5f.9270f442.id.opendns.com nc006wsa04p1 www.google.com.x.3e3b0e7e03506043210840a0413ddefac494.9270ef4d.id.opendns.com rum-static.pingdom.net.x.891a249503f680461f0988a0b25f3b5fdf7e.9270ef5b.id.opendns.com rum-static.pingdom.net.x.411bd060087a604b640921905abfeab80a31.9270ef58.id.opendns.com rum-static.pingdom.net.x.3d24e4a9088d2048dd0b38f04bd10ea2bb4d.9270f05c.id.opendns.com goodbyesearch.com rum-static.pingdom.net.x.c57c6a2d0ef1c041190951c06ce1278bbc91.9270ef5b.id.opendns.com gateway.zscloud.net rum-static.pingdom.net.x.ed0ead8909e1d0430409e340069580863f09.9270ef4d.id.opendns.com assets.calendly.com 10.119.4.164 www.pagespeed-mod.com pxy-sbx-01 tanksmashcom-a.akamaihd.net s.cmptch.com partners.cmptch.com rum-static.pingdom.net.x.fdc7cee50f581040d209f240a700f25b0ea5.9270ef4b.id.opendns.com 10.10.4.168 a-52365312.ns8ds.com rum-static.pingdom.net.x.10e20fe40b5e7044140b17f08fe731af9928.9270f057.id.opendns.com rum-static.pingdom.net.x.4b3abbd90d80b048f70b20e0402b89c3e4f3.9270ef58.id.opendns.com gateway.zscaler.net rum-static.pingdom.net.x.9c18eeda0dad50479208b37029ab13337b1d.9270ef4a.id.opendns.com security-us.mimecast.com gateway.zscalerthree.net loungesrc.net use.typekit.net cn1631599192-vnsg10734.ibosscloud.com cn1759617973-vnsg11320.ibosscloud.com adfs.scheels.com www.oracle.com cosmeticsrc.com 199.46.250.161 wseast02-wcg.medcampus.org cn1759618467-vnsg11583.ibosscloud.com www.instapaper.com brounelink.com autroliner.com 97.64.57.143 security.etn.com www.google.com.x.ae3807fb036ed04a910b1310c0a1900969c3.9270ef55.id.opendns.com yellowfoxgames.com payperclickadz.com data1.molaroute.com d00lg11.surete.qc.ca 172.20.6.33 www.google.com.x.abe446990831a046b509be301ec72fcaa82b.9270ef42.id.opendns.com z.moatads.com.x.0dbcb11804589045a509b2b036557d78c829.d04520a1.id.opendns.com bpb.opendns.com z.moatads.com.x.20f67ca30f287040c20afd6062adbd1dcaff.d0452097.id.opendns.com www.google.com.x.53bd7f2f00d730461d0a93e05c90517085c2.9270ef58.id.opendns.com 172.217.12.2 172.217.1.194 fillr.local www.google.com.x.529eda310df5904fc0088d3011b157684b8f.9270ef4a.id.opendns.com www.google.com.x.54545a5e08717045410b5f80a7a2d0e4d37f.9270ef43.id.opendns.com 26735269438.s3.amazonaws.com 192.168.109.23 a-52365312.cdn.ns8ds.com.x.910da3e500cae0435a099760d4826376e53b.ccc2ee9c.id.opendns.com mikkiload.com cdn.optitc.com crisdomson.com ironport01 wseastvm03-wcg.medcampus.org roxlock.com fevoki.wejekihota.com www.google.com.x.5b86aed10e5e9040340a69f0aaf3cd11fc0e.9270ef57.id.opendns.com vezowi.rakiwoxori.com crushclanscom-a.akamaihd.net fp143.mediaoptout.com strongsignal-a.akamaihd.net asrvvv-a.akamaihd.net protectsurf-a.akamaihd.net s.dcbap.com revsrv-a.akamaihd.net cdncache-a.akamaihd.net s.pmddby.com qdatasales.com about.blank siterequest-test.littlesixinc.net zswpmanager.wip.mmc.com qalitygigant.com donewrork.org z.moatads.com.x.652110f704f4904a99096dc07cd4c2b67974.d0452497.id.opendns.com z.moatads.com.x.a4bd166c0819b04fa30b4d3074cae94048ab.d045241d.id.opendns.com 10.32.103.23 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com www.reedssports.com fonts.googleapis.com s.cmptch.com use.fontawesome.com pwm-image.trendmicro.com www.gstatic.com 'self' 'unsafe-inline'; object-src partners.cmptch.com noop.style object.center 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com ssl.gstatic.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com rum-collector-2.pingdom.net bam.nr-data.net m.addthis.com payments.braintree-api.com bacon.section.io client-analytics.braintreegateway.com www.google-analytics.com stats.g.doubleclick.net www.reedssports.com s7.addthis.com swurl.com freakarcade.com subwayblaze.com api.braintreegateway.com sovetnik.market.yandex.ru gateway.zscloud.net cn1631599192-vnsg10734.ibosscloud.com cn1759617973-vnsg11320.ibosscloud.com filter.nov.com cheerygames.com www.instapaper.com gjtrack.ucweb.com performance.typekit.net yellowfoxgames.com savingsslider-a.akamaihd.net ajax.googleapis.com funkogamers.com cn1759618467-vnsg11583.ibosscloud.com www.google.com luxins.net catds.net code.jquery.com hm.baidu.com protectsurf-a.akamaihd.net fp143.mediaoptout.com videoram.com gameferno.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.reedssports.com/fl32csp/report/; 1
policy-uri /http://204.131.106.240:10514 1
script-src 'self' cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'none'; base-uri 'none'; script-src 'self' 'strict-dynamic' https://api.github.com https://content-autofill.googleapis.com https://www.google-analytics.com https://cdn.contentful.com https://app-sj30.marketo.com https://static.zdassets.com https://ekr.zdassets.com https://tidepoolsupport.zendesk.com wss://tidepoolsupport.zendesk.com wss://*.zopim.com; style-src 'self' blob: 'unsafe-inline'; img-src 'self' data: https://cdn.contentful.com https://images.ctfassets.net https://v2assets.zopim.io https://static.zdassets.com https://tidepoolsupport.zendesk.com https://support.tidepool.org; font-src 'self' data:; report-uri /event/csp-report/violation; object-src blob:; worker-src 'self' blob:; child-src 'self' blob: https://docs.google.com; frame-src https://www.youtube.com https://docs.google.com; connect-src localhost https://api.github.com/repos/tidepool-org/uploader/releases https://www.youtube.com https://static.zdassets.com https://cdn.contentful.com https://app-sj30.marketo.com https://ekr.zdassets.com https://tidepoolsupport.zendesk.com wss://tidepoolsupport.zendesk.com https://api.rollbar.com wss://*.zopim.com *.tidepool.org 1
default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; connect-src https: wss:; block-all-mixed-content; report-uri https://4care.report-uri.com/r/d/csp/reportOnly; 1
default-src https: ; script-src https: 'unsafe-inline'; img-src https: ; style-src https: 'unsafe-inline' ; block-all-mixed-content; report-uri https://uflib.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=14e11be204679e2549a59fa6e1bb4cf2 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com/tr/ https://connect.facebook.net/log/error https://chat.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://dpm.demdex.net https://the.sciencebehindecommerce.com https://chat.sim.de https://stats.sim.de https://imagepool.sim.de; script-src 'strict-dynamic' 'nonce-4665500483a066ef8c6475d6b197e512' 'nonce-1983165940faefc541ed9dcdd882da78' 'nonce-539888a67ced22aa4ee97c3c52ec4e4c' 'nonce-aab5f3d6f18865426e35aaefc32363b5' 'nonce-bee09f6c1434ceb60691b156badffb5a' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports 1
script-src 'unsafe-eval' 'unsafe-inline' player.vimeo.com *.lagrangesystems.net www.webscale.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.google.com googleads.g.doubleclick.net app.purechat.com prod.purechatcdn.com forms.hsforms.com js.hsforms.net  js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net ; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://pcls.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://www.ergo-webreporting.com/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://www.ergo-webreporting.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; report-uri /report-csp-violation 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://secure.livechatinc.com https://webchannel-content.eservice.emarsys.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://imgfly.scarabresearch.com https://bat.bing.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://cdn.lr-ingest.io https://cdn.livechatinc.com https://js-agent.newrelic.com https://salon11120.pcapredict.com https://connect.facebook.net https://rum-static.pingdom.net https://cdn-sitegainer.com https://d191y0yd6d0jy4.cloudfront.net https://bat.bing.com https://cdn.scarabresearch.com https://static.scarabresearch.com https://www.google.com https://www.gstatic.com https://cdn.polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://recommender-eu.scarabresearch.com https://webchannel-content.eservice.emarsys.net https://r.lr-ingest.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ogier.com https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://cdn.curator.io https://addsearch.com https://s6.searchcdn.com https://content.jwplatform.com https://ssl.p.jwpcdn.com; style-src 'self' 'unsafe-inline' *.ogier.com https://fonts.googleapis.com https://cdn.curator.io https://app.addsearch.com https://d20vwa69zln1wj.cloudfront.net; font-src 'self' data: *.ogier.com https://fonts.gstatic.com https://cdn.curator.io https://ssl.p.jwpcdn.com; img-src 'self' data: *.ogier.com https://www.google-analytics.com https://www.google.com https://www.google.ie https://www.google.co.uk https://ogier.vuture.net https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://media-exp1.licdn.com https://addsearch.com https://app.addsearch.com https://stats.addsearch.com https://d20vwa69zln1wj.cloudfront.net https://assets-jpcust.jwpsrv.com https://prd.jwpltx.com https://ping-meta-prd.jwpltx.com  https://content.jwplatform.com; connect-src 'self' *.ogier.com https://api.curator.io https://assets-jpcust.jwpsrv.com https://content.jwplatform.com https://videos-fms.jwpsrv.com; frame-src 'self' *.ogier.com https://g.jwpsrv.com https://player.vimeo.com; worker-src 'self' blob: *.ogier.com; media-src 'self' blob: *.ogier.com; frame-ancestors 'self' *.ogier.com; object-src 'self'; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coachseye.com *.stripe.com platform.twitter.com apis.google.com *.cloudfront.net *.doubleclick.net script.crazyegg.com www.techsmith.com *.googleapis.com *.googlecode.com www.googleadservices.com *.addthis.com connect.facebook.net az416426.vo.msecnd.net www.google-analytics.com analytics.twitter.com static.ads-twitter.com www.youtube.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com tagmanager.google.com;object-src *.coachseye.com assets.techsmith.com;style-src 'self' 'unsafe-inline' *.coachseye.com www.techsmith.com tagmanager.google.com fonts.googleapis.com optimize.google.com;img-src 'self' *.coachseye.com *.stripe.com www.facebook.com *.twitter.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net secure.gravatar.com t.co www.google-analytics.com stats.g.doubleclick.net data: *.gstatic.com *.googleapis.com *.pinimg.com *.blogspot.com www.google.com;media-src *.coachseye.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-src *.cloud.tsc-dev.co *.tsc-stage.co *.coachseye.com platform.twitter.com staticxx.facebook.com www.youtube.com *.stripe.com www.googletagmanager.com bid.g.doubleclick.net;font-src 'self' *.coachseye.com www.techsmith.com use.typekit.net fonts.gstatic.com;connect-src 'self' *.stripe.com performance.typekit.net az416426.vo.msecnd.net dc.services.visualstudio.com *.cloud.tsc-dev.co *.tsc-stage.co *.techsmith.com cdn.cookielaw.org privacyportal.onetrust.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-ancestors 'self' *;report-uri https://coachseye.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.at ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.at *.spreadshirt.at ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.at ; font-src 'self' https: data: *.spreadshirt.at ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.at ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.at ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com js.pusher.com d14jnfavjicsbe.cloudfront.net a.opmnstr.com a.quora.com ajax.googleapis.com amplify.outbrain.com analytics.twitter.com assets.voyagetext.com js.recurly.com b1img.com bat.bing.com cdk.shopmsg.me cdn.fuelx.com cdn.jsdelivr.net cdn.pbbl.co cdn.shopmsg.me cdn.taboola.com cdn1.affirm.com cdnjs.cloudflare.com connect.facebook.net  d.adroll.com *.cloudfront.net e.fomo.com edge.fullstory.com geocode.usefomo.com googleads.g.doubleclick.net js.b1js.com load.fomo.com loader.wisepops.com platform.shopmsg.me rules.quantcount.com s.adroll.com s.pinimg.com sc-static.net secure.quantserve.com secure.trust-provider.com static.ads-twitter.com static.zdassets.com staticw2.yotpo.com tags.b1js.com trc.taboola.com use.fontawesome.com use.typekit.net v2.zopim.com www.dojomojo.com www.facebook.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com www.dojomojo.ninja assets.zendesk.com alb.reddit.com cm.g.doubleclick.net spotter.fuel451.com www.lensabl.com www.lensable.com lensable.com lensabl.com fullstory.com js.stripe.com static-na.payments-amazon.com maps.googleapis.com getdrip.com cdn.lensabl.com *.getdrip.com *.klaviyo.com cdn.equalweb.com fast.a.klaviyo.com s3.amazonaws.com www.trustedsite.com js-agent.newrelic.com shop.pe bam.nr-data.net addshoppers.s3.amazonaws.com shopper.shop.pe static.fittingbox.com widget-mediator.zopim.com d.adroll.mgr.consensu.org s.dca0.com sn.dca0.com lore.deduce.com 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.se ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.se *.spreadshirt.se ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.se ; font-src 'self' https: data: *.spreadshirt.se ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.se ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.se ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
report-uri /csp/report 1
default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com avero.speed-trap.nl googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com  onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com celebrus.avero.nl static.hotjar.com script.hotjar.com  js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net avero.speed-trap.nl *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com track.hubspot.com forms.hubspot.com celebrus.avero.nl;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.hubapi.com api.hubspot.com forms.hubspot.com vc.hotjar.io cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://zhklrkwwz3qjjxbsljqmqe2b.httpschecker.net/report 1
default-src https://www.regionorebrolan.se:443;script-src *.google.com ssl.google-analytics.com ssl.webserviceaward.com *.orebroll.se www.regionorebrolan.se https://js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'  data:;style-src  'self' 'unsafe-inline' ssl.webserviceaward.com;img-src *.orebroll.se ssl.google-analytics.com ssl.webserviceaward.com www.regionorebrolan.se 'self' data:;media-src rstts.readspeaker.com app.readspeaker.com streamio.com video.orebroll.se;frame-src *.youtube.com app.readspeaker.com  rstts.readspeaker.com media.readspeaker.com www.regionorebrolan.se https://streamio.com https://video.orebroll.se https://solaris.orebroll.se https://app.powerbi.com;connect-src rstts.readspeaker.com;report-uri https://www.regionorebrolan.se/csp-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.id&source%5Bsection%5D=brochure&source%5Buuid%5D=a190c99881d2ee390af262ddd7a47569 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 1
report-uri https://sentry.io/api/1318134/security/?sentry_key=180a5bb8e9f14da280c79e29fca852e9 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' www.google.com seal.digicert.com ajax.googleapis.com a.optmnstr.com www.googletagmanager.com tpc.googlesyndication.com js.stripe.com cdn001.milotree.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net pixel-geo.prfct.co s.pinimg.com script.hotjar.com ssl.p.jwpcdn.com static.hotjar.com tag.marinsm.com www.google-analytics.com www.googleadservices.com www.shopperapproved.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src 'self' data: script.hotjar.com static.hotjar.com fonts.gstatic.com ssl.p.jwpcdn.com; connect-src 'self' api.stripe.com prd.jwpltx.com www.facebook.com vc.hotjar.io a.mstrlytcs.com z.opmnstr.com api.optmnstr.com api.opmnstr.com fps.ezdrm.com ct.pinterest.com in.hotjar.com www.google.dk www.google.com.vn www.google.com.pk www.google.com.my www.google.com.kw www.google.co.za www.google.co.ke www.google.co.in www.google.bs www.google.ca www.google.co.in www.google.co.uk www.google.com.au www.google.com.fj www.google.com.ph www.google.com.sa www.google.es www.google.fi www.google.fr www.google.no www.google.se graylog.hotjar.com playready.ezdrm.com *.vimeocdn.com stats.g.doubleclick.net www.google-analytics.com player.vimeo.com *.akamaized.net www.google.com wss://*.hotjar.com insights.hotjar.com *.calcworkshop.com widevine-dash.ezdrm.com; media-src blob: cws.freetls.fastly.net *.calcworkshop.com *.akamaized.net *.vimeocdn.com player.vimeo.com; frame-src 'self' vimeo.com www.googletagmanager.com tpc.googlesyndication.com g.jwpsrv.com js.stripe.com www.youtube.com player.vimeo.com connect.facebook.net cdn001.milotree.com bid.g.doubleclick.net vars.hotjar.com www.facebook.com; form-action 'self' connect.facebook.net www.facebook.com; report-uri https://calcworkshop.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 1
default-src *.addthis.com,*.google-analytics.com,*.googleapis.com; report-uri /admin/settings/seckit/csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://cdn.vsadu.ru/csp_report 1
script-src 'nonce-DEkL0XBIKkQ7Ji9SsDBEBA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
frame-ancestors 'self';   script-src 'self' platform.twitter.com tpc.googlesyndication.com www.google.com gateway.zscloud.net s1.cnnx.io www.gstatic.com snap.licdn.com go.posterguard.com www2.hrdirectapps.com t.channeladvisor.com ut.ra.linksynergy.com tracking2.channeladvisor.com www.facebook.com hrdirectapps.com tag.rmp.rakuten.com channeladvisor.com stats.g.doubleclick.net static.ads-twitter.com sjs.bizographics.com s3.amazonaws.com s.acquire.io pi.pardot.com cdn.datasteam.io bat.bing.com api.datasteam.io analytics.twitter.com ajax.googleapis.com aa.agkn.com api.datasteam.io fast.wistia.com cdn.hrdirect.com  www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net feed.jquery-plugins.net s7.addthis.com  z.moatads.com v1.addthisedge.com m.addthis.com ssl.google-analytics.com navink.navitor.com stage.secure.orders.com graph.facebook.com 'unsafe-inline' 'unsafe-eval';    script-src-elem 'self' fast.wistia.com billyjons.net platform.twitter.com mocadi.wisoyekivo.com gateway.zscloud.net data: snap.licdn.com www.googleadservices.com tpc.googlesyndication.com go.posterguard.com connect.facebook.net navink.navitor.com 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com cdn.hrdirect.com www2.hrdirectapps.com www.gstatic.com ut.ra.linksynergy.com tracking2.channeladvisor.com tag.rmp.rakuten.com stats.g.doubleclick.net static.ads-twitter.com sjs.bizographics.com s1.cnnx.io alert.scansafe.net hrdirectapps.com aa.agkn.com ajax.googleapis.com analytics.twitter.com api.datasteam.io bat.bing.com cdn.datasteam.io pi.pardot.com s.acquire.io t.channeladvisor.com s3.amazonaws.com;   style-src 'self' logos.formetocoupon.com cdn.hrdirect.com fonts.googleapis.com 'unsafe-inline';    img-src 'self' www.google.com.jm www.google.es www.google.se t.co/i/adsct www.google.com.kw partners.cmptch.com translate.google.com www.google.co.nz www.google.com.mx www.google.co.il www.google.am www.google.ie www.google.ps www.google.nl www.google.tt www.google.cz www.google.pt www.google.tn zoudlogick.net transmapp.com magictraps.com bpb.opendns.com hardyload.com configurator.navitor.com billyjons.net www.bizrate.com www.gstatic.com www.google.be gateway.zscloud.net www.google.com.pr www.google.com.au www.google.com.mx www.google.ae www.google.co.jp track.linksynergy.com rd.connexity.net dc.ads.linkedin.com www.linkedin.com www.google.ro www.google.fr www.google.dk www.google.de www.google.com.ua www.google.com.sa www.google.com.pk www.google.com.ph www.google.co.uk www.google.co.in www.google.co.id www.google.ca t.co ut.ra.linksynergy.com tags.rd.linksynergy.com stats.g.doubleclick.net s.acquire.io raac33.net px.ads.linkedin.com p.alcmpn.com p.adsymptotic.com nypi.dc-storm.com media.acquire.io idsync.rlcdn.com googleads.g.doubleclick.net consent.linksynergy.com bat.bing.com alert.scansafe.net data: embedwistia-a.akamaihd.net fast.wistia.com www.facebook.com connect.facebook.net www.google-analytics.com www.google.com stats.g.doubleclick.net www.googletagmanager.com cdn.hrdirect.com ssl.google-analytics.com ;    connect-src 'self' ssl.google-analytics.com wss://ws.acquire.io bat.bing.com wss://s.acquire.io www.facebook.com stats.g.doubleclick.net s.acquire.io app.acquire.io snapshot-tracking.crazyegg.com pipedream.wistia.com distillery.wistia.com fg8vvsvnieiv3ej16jby.litix.io www.google-analytics.com s7.addthis.com feed.jquery-plugins.net m.addthis.com  ;    font-src 'self' data: cdn.hrdirect.com app.acquire.io fonts.gstatic.com data: application; object-src 'self';    media-src 'self' data: 172.17.100.254 blob: cdn.hrdirect.com ;    frame-src 'self' api.pmqzads.com 31.13.66.35:6080 saltcdn2.googleapis.com www.youtube.com tool-bcg.bwe.io ua.yektanet.com www.priceblink.com safe.menlosecurity.com s.pmgmads.com pwm-image.trendmicro.com vars.hotjar.com 9753606.fls.doubleclick.net xen-media.com bcp.crwdcntrl.net media.acquire.io s.cmptch.com s.pmmapads.com ucads-cdn.ucweb.com gateway.zscloud.net www.googletagmanager.com pi.pardot.com cl.exct.net cdn.hrdirect.com secure.orders.com tpc.googlesyndication.com s.acquire.io navink.navitor.com connect.facebook.net  bid.g.doubleclick.net        www.facebook.com s7.addthis.com stage.secure.orders.com ;   report-uri https://complyrightnop.report-uri.com/r/d/csp/reportOnly  1
font-src *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.addtoany.com *.facebook.com *.doubleclick.net *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudfront.net *.facebook.com *.google.com *.google.ru data: *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googletagmanager.com *.cloudfront.net *.searchspring.net *.klaviyo.com *.addtoany.com *.facebook.net *.doubleclick.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.fontawesome.com *.searchspring.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.searchspring.io *.luckyorange.net *.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self' http: https: *.aguaquito.gob.ec; 1
default-src https: 'self'; connect-src 'self'; font-src * 'self' data: ; frame-src 'self' https://www.youtube-nocookie.com; img-src * 'self' data: etasmatomo.de.bosch.com:8443 ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' etasmatomo.de.bosch.com:8443 ; style-src * 'self' 'unsafe-inline' data: fast.fonts.net; report-uri /csp_.php; 1
default-src 'none'; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://embed.videodelivery.net https://stackpath.bootstrapcdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://code.jquery.com; connect-src 'self' https://127.0.0.1:41951 https://localhost:41951; img-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdn.datatables.net; font-src 'self' data: https://fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com https://*.google.com https://*.google.de; media-src 'self'; form-action 'self' https://*.formulastudent.de https://*.fs-g.org https://www.paypal.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://fsgde.report-uri.com/r/d/csp/enforce 1
default-src 'none' ; script-src 'self' 'unsafe-inline' fonts.googleapis.com d2wy8f7a9ursnm.cloudfront.net maps.googleapis.com www.google-analytics.com pendo-io-static.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-static-5419957858336768.storage.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-5419957858336768.storage.googleapis.com; img-src 'self' data: *.locus-api.com www.google-analytics.com s3.amazonaws.com maps.gstatic.com maps.googleapis.com cdn.pendo.io app.pendo.io pendo-static-5419957858336768.storage.googleapis.com blob:; font-src 'self' fonts.gstatic.com; connect-src *.locus-api.com www.google-analytics.com *.bugsnag.com s3.amazonaws.com app.pendo.io *.zendesk.com blob:; media-src 'self' ; object-src 'none' ; frame-src * ; frame-ancestors app.pendo.io; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://testsecureacceptance.cybersource.com/silent/pay https://secureacceptance.cybersource.com/silent/pay https://testsecureacceptance.cybersource.com/silent/token/create https://secureacceptance.cybersource.com/silent/token/create https://testsecureacceptance.cybersource.com/silent/token/update https://secureacceptance.cybersource.com/silent/token/update 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://google.com/recaptcha/ https://testsecureacceptance.cybersource.com/silent/embedded/pay https://secureacceptance.cybersource.com/silent/embedded/pay https://testsecureacceptance.cybersource.com/silent/embedded/token/create https://secureacceptance.cybersource.com/silent/embedded/token/create https://testsecureacceptance.cybersource.com/silent/embedded/token/update https://secureacceptance.cybersource.com/silent/embedded/token/update https://testflex.cybersource.com/ https://flex.cybersource.com/ http://test.topslegalforms.com/ http://www.topslegalforms.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com stats.g.doubleclick.net data: *.gstatic.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r2-t.trackedlink.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ h.online-metrix.net https://testflex.cybersource.com/ https://flex.cybersource.com/ https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://*.irl.com https://fonts.googleapis.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.irl.com; connect-src 'self' https://*.irl.com https://*.ingest.sentry.io; font-src https://fonts.gstatic.com; form-action mailto:; frame-src https://cal.irl.com https://accounts.google.com; object-src 'none'; report-uri https://o352720.ingest.sentry.io/api/1551799/security/?sentry_key=8fd426ee7b954309bf45ae6ccbb1dab4&sentry_environment=production 1
default-src 'self'; img-src 'self' https: data:; script-src 'self' https://tag.yieldoptimizer.com https://www.gstatic.com https://cdn.polyfill.io https://code.jquery.com https://cdnjs.cloudflare.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://*.responsetap.com https://*.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://use.fontawesome.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://storify.com https://fonts.gstatic.com data:; child-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; frame-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; connect-src 'self' https://*.google-analytics.com https://*.facebook.com https://*.doubleclick.net https://api.trustpilot.com https://*.google.com; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/reportOnly; media-src 'self'; worker-src 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flagman.kiev.ua www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.multichannel.demo.owox.com *.retailrocket.ru *.retailrocket.net *.retailrocket.de *.retailrocket.nl *.retailrocket.es *.retailrocket.cl; default-src 'self' fonts.gstatic.com *.flagman.kiev.ua; frame-src *.flagman.kiev.ua vkontakte.ru yastatic.net www.facebook.com vk.com; img-src *.flagman.kiev.ua data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.multichannel.demo.owox.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.flagman.kiev.ua; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193; object-src 'self' www.youtube.com fonts.gstatic.com *.flagman.kiev.ua; 1
script-src 'self' 'unsafe-inline' data: https://d32wwkhr7u0jpu.cloudfront.net https://d1iur83891nlm5.cloudfront.net https://*.vimeo.com https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hsleadflows.net https://*.hs-banner.com https://*.hubapi.com https://*.hubspot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.hsadspixel.net https://*.doubleclick.net; img-src 'self' data: https://www.gravatar.com https://d1iur83891nlm5.cloudfront.net https://d32wwkhr7u0jpu.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.hubspot.com; default-src 'self' 'unsafe-inline' https://d32wwkhr7u0jpu.cloudfront.net https://d1iur83891nlm5.cloudfront.net https://*.vimeo.com https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hsleadflows.net https://*.hs-banner.com https://*.hubapi.com https://*.hubspot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.doubleclick.net https://*.hsadspixel.net https://*.wagtail.io; report-uri https://1fg9rdm4g6.execute-api.us-east-1.amazonaws.com/csp/report 1
default-src https: 'unsafe-eval' 'unsafe-inline';         font-src https: data:;         img-src https: data:;         report-uri https://gaa.report-uri.io/r/default/csp/reportOnly 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mariatash.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.facebook.net *.googletagmanager.com *.payments-amazon.com www.gstatic.com *.klaviyo.com *.gladly.com *.newrelic.com *.audioeye.com *.nr-data.net *.cloudfront.net *.youtube.com s.ytimg.com api.smooch.io *.gladly.qa ipinfo.io *.searchspring.net *.searchspring.com *.zdassets.com code.jquery.com ajax.aspnetcdn.com searchanise-ef84.kxcdn.com *.zopim.io *.zopim.org *.zopim.com *.hotjar.com www.searchanise.com *.amazon.com *.config.smooch.io *.google.com *.hotjar.io *.pinterest.com *.sinter-collect.com *.twitter.com player.vimeo.com snisecdn-feh571kz.stackpathdns.com *.facebook.com *.cloudmaestro.com *.signifyd.com 1
font-src *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.hotjar.com *.facebook.com *.braintreegateway.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.facebook.com *.feefo.com *.linksynergy.com *.visualwebsiteoptimizer.com *.doubleclick.net *.google.com https://t.co *.google.co.uk *.google.hu *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.crazyegg.com *.rmtag.com *.visualwebsiteoptimizer.com *.facebook.net *.feefo.com *.googletagmanager.com *.google.com *.googleapis.com *.hotjar.com *.ads-twitter.com *.twitter.com *.salesfire.co.uk *.doubleclick.net *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.feefo.com *.paypal.com *.braintree-api.com *.smartmetrics.co.uk *.hotjar.com *.hotjar.io *.salesfire.co.uk 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://drbservices.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.trentino.com css.trentino.com www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src 'none'; script-src 'self' 'unsafe-eval' https://www.google-analytics.com; connect-src 'self'; img-src 'self' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/  http://use.typekit.net/ http://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/ 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /misc/csp-report.php 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.sportstargear.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com *.twitter.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.facebook.com *.google.com *.sportstargear.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.google.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.sportstargear.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.sportstargear.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.doubleclick.net *.google-analytics.com *.sportstargear.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.sportstargear.com/; report-to report-endpoint; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com secure.authorize.net test.authorize.net www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src mc.yandex.ru yastatic.net awaps.yandex.net data: favicon.yandex.net avatars.mds.yandex.net an.yandex.ru *.verify.yandex.ru mc.admetrica.ru yandex.ru 'self';connect-src mc.admetrica.ru yandex.ru mc.yandex.ru an.yandex.ru;child-src yastatic.net st.yandexadexchange.net mc.yandex.ru mc.yandex.md yandexadexchange.net;default-src 'none';script-src yastatic.net yandex.ru awaps.yandex.ru mc.yandex.ru an.yandex.ru 'nonce-+OyLsdcJ1Hhicejxrr4Vqg==';style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1594530988.95119.95650.499688&h=stable-morda-any-sas-yp-3&csp=new&date=20200712&yandexuid=9213651491594530989 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com connect.facebook.net twitter.com platform.twitter.com maps.googleapis.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' *.jivosite.com; connect-src https: wss://*.jivosite.com; img-src https: data:; font-src https: data:; report-uri /csp-report 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/frenchpaper.com; 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com/tr/ https://connect.facebook.net/log/error https://chat.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://dpm.demdex.net https://the.sciencebehindecommerce.com https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-10c249ca3b1e1cad52287017abd3f7fe' 'nonce-0da6e7eb35115ce167e9e411c942691c' 'nonce-27c068a42b68a44d7ca842d75143bdc7' 'nonce-b6974f28a0f577c3980c4f961eced4a4' 'nonce-4d1068f5477176d224b9dfd2234ddcc3' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: stats.g.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com analytics.skroutz.gr www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.bootstrapcdn.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://static.olark.com https://bid.g.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://log.olark.com https://www.google.com https://marketing.labdepotinc.com https://www.google.com.ph https://stats.g.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.google-analytics.com *.bootstrapcdn.com https://www.bugherd.com https://cdn.nextopia.net https://static.olark.com https://connect.facebook.net https://nrpc.olark.com https://www.googletagmanager.com https://marketing.labdepotinc.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com https://api.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.bootstrapcdn.com https://cdn.nextopia.net https://static.olark.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.paypal.com *.bootstrapcdn.com https://nrpc.olark.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.labdepotinc.com/; report-to report-endpoint; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com http://nullpoint.owox.com *.intexpool.ua *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.doubleclick.net *.google.com.ua *.facebook.net *.binotel.com *.trackjs.com *.hotjar.com *.onesignal.com *.moatads.com; default-src 'self' *.gstatic.com; frame-src vkontakte.ru www.facebook.com vk.com *.intexpool.ua *.youtube.com *.google.com *.doubleclick.net *.google.com.ua *.googleapis.com *.gstatic.com *.addthis.com; img-src *.multichannel.demo.owox.com data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.intexpool.ua ssl.gstatic.com *.yandex.ru *.doubleclick.net *.google.com *.google.com.ua *.yandex.ua *.googleapis.com *.gstatic.com *.facebook.com *.trackjs.com; style-src 'unsafe-inline' 'self' *.intexpool.ua *.googleapis.com *.gstatic.com; report-uri https://csp.intexpool.ua; connect-src 'self' *.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193 *.intime.ua *.addthis.com *.google.com *.google.com.ua; object-src 'self' www.youtube.com *.googleapis.com *.gstatic.com; 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.at/ajax/csp-violation/action 1
font-src *.bobux.com *.typekit.net data: strutagiocdn.blob.core.windows.net 'self' 'unsafe-inline'; form-action *.bobux.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com *.bobux.com www.facebook.com strutfit.azurewebsites.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.bobux.com www.facebook.com data: strutagiocdn.blob.core.windows.net static.afterpay.com static.secure-afterpay.com.au a.klaviyo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.bobux.com foursixty.com connect.facebook.net *.newrelic.com *.nr-data.net *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bobux.com *.klaviyo.com foursixty.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.klaviyo.com *.bobux.com foursixty.com *.nr-data.net strutfitportalapi.azurewebsites.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.pinterest.com log.pinterest.com connect.facebook.net platform.twitter.com syndication.twitter.com tfw-current.s3.amazonaws.com www.google.com www.gstatic.com cdnjs.cloudflare.com stevenlevithan.com www.googletagmanager.com www.google-analytics.com; report-uri /nelmio/csp/report 1
connect-src member-http.prod.meta-infra.org search-http.prod.meta-infra.org feed-http.prod.meta-infra.org library-http.prod.meta-infra.org login.meta.org 'self' https://api.segment.io https://sdk.split.io https://ekr.zdassets.com https://metaorg.zendesk.com https://sczimetaprod.112.2o7.net https://events.split.io https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://*.appcues.com wss://api.appcues.net https://www.google-analytics.com/ sentry.prod.si.czi.technology stats.g.doubleclick.net; default-src 'self'; font-src 'self' data: https://assets.beta.meta.org/ fonts.gstatic.com; frame-src 'self' https://czi.demdex.net login.meta.org https://*.appcues.com https://fast.wistia.net/; img-src 'self' https://sci-assets-prod.s3.amazonaws.com www.google.com www.google.ca www.google.co.jp www.google.es www.facebook.com www.google.de www.google.co.uk www.gstatic.com www.google-analytics.com https://assets.beta.meta.org/; media-src 'self' https://metascience.wistia.com; object-src 'none'; report-uri https://sentry.prod.si.czi.technology/api/23/security/?sentry_key=3e6b0c6222e64bf5bc9bb3823e5e66a2; script-src https://www.meta.org 'unsafe-inline' 'self' https://cdn.split.io https://cdn.segment.com https://static.zdassets.com https://cdn.tt.omtrdc.net https://chanzuckerberginitia.tt.omtrdc.net https://www.google-analytics.com https://connect.facebook.net https://sczimetaprod.112.2o7.net https://browser.sentry-cdn.com https://*.opendns.com https://*.appcues.com 'sha256-paq8+WqUzSOxxoNbBRGI1F4/BFCYHTJ5UzwJBhUJz7E=' 'sha256-eidyCkg2danG17C9fZzhZldEmrvc2mvl4VTLqUQ6iTA=' 'sha256-JFaR/qkbjWPZg08Af+AbnNmSCKjhm+iiXW9KIhkF0Hk=' 'sha256-m5ynRuriW968nCaqAHEVZh5n23gbkA8SWJce5pg3Hjk=' 'sha256-XJGgf+z+yxS6JUhrhvkSBSSysybBCwBmoKA/NUyW2xs=' 'sha256-PJ7PDCVlHmSDOHsXf6Gfdis6iLLs1NAgF3JVWc5sxyc='; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.appcues.com https://assets.beta.meta.org/ 1
require-sri-for script; require-sri-for style 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com;; object-src 'none'; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com; img-src 'self' data: *; frame-src pim.schiller.ch www.google.com; frame-ancestors 'self'; font-src 'self' data: fast.fonts.net use.typekit.net fonts.gstatic.com; form-action 'self'; connect-src 'self' performance.typekit.net stats.g.doubleclick.net www.google-analytics.com pim.schiller.ch; report-uri https://unic.report-uri.com/r/d/csp/reportOnly; report-to cspro; manifest-src 'self'; base-uri 'self' 1
report-uri https://viabovag.report-uri.com/r/d/csp/reportOnly; base-uri 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https:; block-all-mixed-content; default-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net; object-src 'none'; connect-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://*.smartsuppcdn.com https://*.smooch.io https://api.adcalls.nl https://api.rollbar.com https://api.rollbar.io https://api.zuko.io https://bootstrap.smartsuppchat.com https://cdn.chatshipper.com https://connect.facebook.net https://dc.services.visualstudio.com https://in.hotjar.com https://plugins.blueconic.net https://server.smartsupp.com https://vc.hotjar.io https://viabovag.blueconic.net wss://server.smartsupp.com; font-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://*.smartsuppcdn.com https://cdn.smooch.io https://fonts.gstatic.com https://script.hotjar.com; form-action 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net; frame-ancestors 'self' https://www.motor.nl https://www.viabovag.nl/ https://*.www.viabovag.nl/; frame-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://*.doubleclick.net https://*.fls.doubleclick.net https://consent.azureedge.net https://consentcdn.cookiebot.com https://vars.hotjar.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' blob: data: https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net http://images.ctfassets.net http://www.googletagmanager.com https://*.smartsuppcdn.com https://cx.atdmt.com https://images.ctfassets.net https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://plugins.blueconic.net https://viabovag.blueconic.net https://www.facebook.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com; media-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net http://images.ctfassets.net http://www.googletagmanager.com https://*.smartsuppcdn.com https://cx.atdmt.com https://images.ctfassets.net https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://plugins.blueconic.net https://viabovag.blueconic.net https://www.facebook.com; worker-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://www.youtube-nocookie.com https://www.youtube.com; script-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com http://cdn.blueconic.net http://viabovag.containers.piwik.pro https://*.adform.net https://*.smartsuppcdn.com https://assets.zuko.io https://cdn.blueconic.net https://cdn.chatshipper.com https://cdn.smooch.io https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.azureedge.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://plugins.blueconic.net https://s.ytimg.com https://script.adcalls.nl https://script.hotjar.com https://static.hotjar.com https://storage.googleapis.com https://track.adform.net https://viabovag.blueconic.net https://viabovag.containers.piwik.pro https://www.gstatic.com https://www.smartsuppchat.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://*.smartsuppcdn.com https://cdn.smooch.io https://fonts.googleapis.com https://plugins.blueconic.net https://viabovag.blueconic.net 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' about: statref.com *.statref.com tetondata.com *.tetondata.com *.google-analytics.com fonts.googleapis.com *.gstatic.com assets.adobedtm.com trk.etrigue.com *.vimeo.com *.youtube.com *.akamaized.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; img-src * data:; report-uri https://online.statref.com/TDSCSPReport 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 1
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.gstatic.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
default-src 'self' maxcdn.bootstrapcdn.com; connect-src www.google-analytics.com stats.g.doubleclick.net login-prod.nlm.nih.gov auth.nih.gov; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com webfonts.zohostatic.com; img-src 'self' www.google-analytics.com; script-src 'self' 'unsafe-inline' www.google-analytics.com maxcdn.bootstrapcdn.com script.crazyegg.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; default-src *; img-src 'self' data: *; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://widgets.golomtbank.com; report-uri https://glmt.report-uri.com/r/d/csp/enforce 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.nz:*; frame-ancestors *.calypso.net.au *.flightcentre.co.nz; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://rko-router.herokuapp.com/_csp 1
script-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.opmnstr.com *.googletagservices.com *.googlesyndication.com *.p-n.io api.annies-publishing.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://*; connect-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.opmnstr.com *.googletagservices.com *.googlesyndication.com *.p-n.io api.annies-publishing.com; report-uri /ajax/content_policy_violation.php 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://pmjsulxvuv1wvuwvesziy6jt.httpschecker.net/report 1
report-uri https://44481d4b4b55ba9f3c6f633aa6a0c151.report-uri.com/r/d/csp/reportOnly 1
font-src https://fonts.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://www.gstatic.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://bat.bing.com https://ct.pinterest.com https://s.pinimg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src ; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://bat.bing.com https://ct.pinterest.com https://s.pinimg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.de https://fonts.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com https://*.lpsnmedia.net https://*.liveperson.net https://*.bazaarvoice.com https://*.amazonaws.com data:; connect-src 'self' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com data:; font-src 'self' data:; img-src * data:; object-src 'none' ; frame-ancestors 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; child-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; frame-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; report-uri https://snapav.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self';script-src 'self' 'nonce-B8eomLpiM8WrRwkqiUe1' *.jquery.com *.google.com *.youtube.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.aspnetcdn.com ajax.aspnetcdn.com *.googletagmanager.com *.cloudflare.com unpkg.com *.sharethis.com *.ytimg.com;style-src 'self' 'unsafe-inline' *.jquery.com *.google.com *.gstatic.com *.googleapis.com *.aspnetcdn.com stats.g.doubleclick.net;img-src 'self' stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google.com *.google.co.uk googleads.g.doubleclick.net via.placeholder.com *.sharethis.com data: waspshubmedia.blob.core.windows.net;frame-src 'self' googleads.g.doubleclick.net *.google.com *.google.co.uk *.vimeo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com;font-src 'self' *.gstatic.com data:;connect-src 'self' query.yahooapis.com *.sharethis.mgr.consensu.org *.pingdom.net *.sharethis.com 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://contino.report-uri.com/r/d/csp/wizard 1
default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 1
child-src 'self'; connect-src 'self' data: http://*.myshowing.com https://*.google-analytics.com https://*.myshowing.com https://*.pendo.io https://*.trustev.com; default-src 'self'; font-src 'self' data: http://*.cloudflare.com http://*.myshowing.com https://*.cloudflare.com https://*.googleapis.com https://*.myshowing.com; frame-src 'self' https://*.anyonehome.com https://*.stripe.com https://*.trustev.com; img-src 'self' data: http://* http://*.s3.amazonaws.com https://* https://*.digicert.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.pendo.io https://*.s3.amazonaws.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.cloudflare.com http://*.myshowing.com https://*.cloudflare.com https://*.digicert.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.jquery.com https://*.myshowing.com https://*.pendo.io https://*.stripe.com https://*.trustev.com; style-src 'self' 'unsafe-inline' http://*.cloudflare.com http://*.myshowing.com https://*.cloudflare.com https://*.googleapis.com https://*.myshowing.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_85353fc959c369e2a5dfc6f04489ba28 1
default-src data: *.ihi.com; script-src data: 'unsafe-inline' 'unsafe-eval' *.ihi.com *.liveperson.net *.statcamp.net *.tiqcdn.com *.lpsnmedia.net *.addthis.com *.addthisedge.com *.sitecore.net *.altapaysecure.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdns.amgdgt.com translate.googleapis.com ajax.googleapis.com *.google-analytics.com *.googleadservices.com; style-src 'unsafe-inline' *.ihi.com translate.googleapis.com; img-src data: blob: *.ihi.com bupa.d2.sc.omtrdc.net *.addthis.com lpcdn.lpsnmedia.net *.gstatic.com *.google-analytics.com translate.google.com *.googleadservices.com www.adobe.com; font-src data: *.ihi.com fonts.gstatic.com; connect-src *.ihi.com *.addthis.com *.google-analytics.com; media-src *.ihi.com *.lpsnmedia.net; frame-src *.ihi.com *.lpsnmedia.net *.addthis.com *.sitecore.net *.altapaysecure.com *.liveperson.net *.doubleclick.net  www.bupainternational.com www.google.com; frame-ancestors *.ihi.com *.sitecore.net global.ihi.com; report-uri https://cb7dbe1f57f5ba315d164e874da74dde.report-uri.com/r/d/csp/reportOnly; 1
script-src 'nonce-7DdV6bPEkHBe9-M8GZmmCw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2hhjerdfgm5ug&partner=; 1
default-src 'none'; script-src 'self' 'unsafe-inline' assets.chargeover.com *; connect-src 'self'  api.segment.io  collect.albacross.com  *.doubleclick.net  api.chatlio.com  api-cdn.chatlio.com  wss://ws.pusherapp.com  *.pusher.com  *.pingdom.net  geoip-js.com ; media-src w.chatlio.com; object-src 'self'; worker-src 'none'; img-src 'self'  data:  *.chargeover.com  assets.chargeover.com  ssl.gstatic.com  www.gstatic.com  www.google-analytics.com  *.doubleclick.net  googleads.g.doubleclick.net  www.facebook.com  www.google.com  collect.albacross.com  *.ads.linkedin.com  p.adsymptotic.com  www.linkedin.com  www.googletagmanager.com  www.google.co.uk  www.google.com.au  w.chatlio.com  secure.gravatar.com  cdn.jsdelivr.net avatars.slack-edge.com  assets-mktg-chargeover.global.ssl.fastly.net ; style-src 'self' 'unsafe-inline' assets.chargeover.com fonts.googleapis.com w.chatlio.com tagmanager.google.com assets-mktg-chargeover.global.ssl.fastly.net; font-src 'self' data: *.chargeover.com fonts.gstatic.com w.chatlio.com assets-mktg-chargeover.global.ssl.fastly.net; frame-src player.vimeo.com bid.g.doubleclick.net; frame-ancestors 'none'; form-action 'self'; report-uri https://app.chargeover.com/contentsecuritypolicy 1
font-src https://fonts.gstatic.com http://fonts.gstatic.com https://secure.authorize.net https://test.authorize.net https://kit-free.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.youtube.com https://secure.authorize.net https://test.authorize.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://stats.g.doubleclick.net https://s3.us-west-1.wasabisys.com https://s3.wasabisys.com https://secure.authorize.net https://test.authorize.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://fpdbs.sandbox.paypal.com data: https://cdn.morguefile.com cdn.pixabay.com https://pixabay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.vimeo.com https://secure.authorize.net https://test.authorize.net https://t.paypal.com https://js.authorize.net  https://jstest.authorize.net https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://kit.fontawesome.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://includes.ccdc02.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com http://fonts.googleapis.com https://getfirebug.com https://kit-free.fontawesome.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com https://secure.authorize.net https://test.authorize.net https://www.paypalobjects.com https://www.sandbox.paypal.com https://s3.wasabisys.com https://s3.us-west-1.wasabisys.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://jstest.authorize.net https://apitest.authorize.net https://js.authorize.net https://api.authorize.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://makemynewspaper.com/var/log; report-to report-endpoint; 1
font-src https://cdn.provape.com https://provape.cdnpros.com data:* 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com data: https://cdn.provape.com https://provape.cdnpros.com https://*.google.com https://*.validage.com https://validage.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com https://cdn.provape.com https://provape.cdnpros.com https://*.validage.com https://*.zdassets.com https://provape.zendesk.com https://*.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://*.validage.com https://cdn.provape.com https://provape.cdnpros.com https://*.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.zdassets.com https://provape.cdnpros.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://cdn.provape.com https://provape.cdnpros.com https://provape.zendesk.com wss://*.zopim.com https://*.validage.com https://*.zdassets.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 1
default-src 'unsafe-inline' *.ssl.google-analytics.com * data: ; script-src 'self' 'unsafe-inline' *.plus.meshulam.co.il *.dev.meshulam.co.il *.meshulam.co.il *.google-analytics.com *.bankhapoalim.co.il *.poalim-site.co.il ;object-src 'none' ; report-uri //meshulam.co.il/api/server/1.0/reportCsp/; 1
font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://basinelectric.report-uri.com/r/d/csp/wizard 1
default-src 'self' *.jivosite.com wss://*.jivosite.com yandex.ru  mc.yandex.ru mc.yandex.by  *.maps.yandex.net api-maps.yandex.ru informer.yandex.ru yastatic.net  www.googletagmanager.com fonts.gstatic.com  www.google-analytics.com www.googleadservices.com www.youtube.com vk.com *.vk.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jivosite.com mc.yandex.ru *.maps.yandex.net api-maps.yandex.ru informer.yandex.ru yandex.st  www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.youtube.com vk.com; style-src 'self' 'unsafe-inline' ; img-src 'self' export-base.ru en.export-base.ru data: *.yandex.ru yandex.ru *.maps.yandex.net yastatic.net *.vk.com vk.com  www.google.com www.google.ru *.jivosite.com  googleads.g.doubleclick.net  www.googletagmanager.com www.googleadservices.com  www.google-analytics.com; report-uri /api/csp_report/; 1
default-src 'self'; upgrade-insecure-requests; block-all-mixed-content; report-to logflare 1
default-src 'self' 'unsafe-inline' *.googleapis.com *.instagram.com *.cdninstagram.com *.cloudflare.com *.fonts.net *.typography.com *.amazonaws.com *.google.com *.youtube.com *.vimeo.com *.gstatic.com *.oniqa.com *.onenorth.com *.tklaw.com *.oniedge.com *.googletagmanager.com *.google-analytics.com 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.za:*; frame-ancestors *.calypso.net.au *.flightcentre.co.za; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src https:; child-src blob: https: ; report-uri /csp-report 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com/tr/ https://connect.facebook.net/log/error https://chat.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://dpm.demdex.net https://the.sciencebehindecommerce.com https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de; script-src 'strict-dynamic' 'nonce-6c678f256863ecd969f161576d6f0b4c' 'nonce-6883b6ec63f5600abfd49796c0c66fae' 'nonce-262de1c9fcec4735f8363acf025114f2' 'nonce-5930b804444e4ee1c29b959beee37d87' 'nonce-c5f0b263b51d2f7a5f8e652a4a2b20eb' 'nonce-944189ea5b4038bfb8c7a44d1fc0cde3' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://b27bc57f5ac35510ce587d23f4bd7d03.report-uri.com/r/d/csp/reportOnly 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=32gim4dfglm6r&partner=; 1
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.gstatic.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://browser-update.org https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src *; form-action 'self'; report-uri /API/csp-report.php 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.gstatic.com https://*.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net data: https://*.facebook.com https://*.yotpo.com https://*.pinterest.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com use.typekit.net p.typekit.net amcglobal.sc.omtrdc.net commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com https://apis.google.com https://*.zdassets.com https://*.monetate.net https://*.yotpo.com https://r1-t.trackedlink.net https://searchanise-ef84.kxcdn.com https://connect.facebook.net https://*.getsitecontrol.com https://www.searchanise.com https://ajax.aspnetcdn.com https://tracking1.force24.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://*.googleapis.com https://*.yotpo.com https://searchanise-ef84.kxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://*.zdassets.com https://tilegiant.zendesk.com https://*.yotpo.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com http://*.cloudflare.com https://ajax.cloudflare.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.googletagmanager.com https://*.google-analytics.com https://*.fontawesome.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com http://*.cloudflare.com https://ajax.cloudflare.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.googletagmanager.com https://*.google-analytics.com https://*.fontawesome.com; report-uri https://jagps01.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https://*.revato.com https://www.google.com; connect-src 'self' https://*.revato.com https://*.datahc.com https://hc-userreviews.azurewebsites.net https://hc-media.azurewebsites.net https://*.kayak.com https://bam.nr-data.net https://www.google-analytics.com https://vc.hotjar.io https://in.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.revato.com https://*.hotjar.com https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://bam.nr-data.net https://js-agent.newrelic.com https://www.googleadservices.com https://www.googletagmanager.com; img-src https: data:; media-src https:; style-src 'self' 'unsafe-inline' https://*.revato.com https://fonts.gstatic.com https://fonts.googleapis.com; font-src 'self' https://*.revato.com https://fonts.gstatic.com data:; frame-ancestors data:; frame-src https://www.google.com; report-uri https://www.hotelscombined.com/s/run/cspreport/revato 1
block-all-mixed-content;default-src 'self' *.addtoany.com *.adform.net *.ads-twitter.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.finnchat.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.intercom.io *.intercomcdn.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.licdn.com *.pardot.com *.polyfill.io *.ravenjs.com *.sentry-cdn.com *.twitter.com *.wisepops.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.intercom.io wss://*.hotjar.com youtu.be ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addtoany.com *.adform.net *.ads-twitter.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.finnchat.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.intercom.io *.intercomcdn.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.licdn.com *.pardot.com *.polyfill.io *.ravenjs.com *.sentry-cdn.com *.twitter.com *.wisepops.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.intercom.io wss://*.hotjar.com youtu.be ;style-src 'self' blob: 'unsafe-inline' *.addtoany.com *.adform.net *.ads-twitter.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.finnchat.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.intercom.io *.intercomcdn.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.licdn.com *.pardot.com *.polyfill.io *.ravenjs.com *.sentry-cdn.com *.twitter.com *.wisepops.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.intercom.io wss://*.hotjar.com youtu.be ;font-src 'self' data: https: *.addtoany.com *.adform.net *.ads-twitter.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.finnchat.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.intercom.io *.intercomcdn.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.licdn.com *.pardot.com *.polyfill.io *.ravenjs.com *.sentry-cdn.com *.twitter.com *.wisepops.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.intercom.io wss://*.hotjar.com youtu.be ;img-src 'self' data: https: *.addtoany.com *.adform.net *.ads-twitter.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.finnchat.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.intercom.io *.intercomcdn.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.licdn.com *.pardot.com *.polyfill.io *.ravenjs.com *.sentry-cdn.com *.twitter.com *.wisepops.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.intercom.io wss://*.hotjar.com youtu.be ;report-uri ; 1
default-src https: wss: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/index 1
upgrade-insecure-requests;default-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; script-src 'nonce-vY6ll1lVat1NlBjknrEc/Bls+TI=' 'unsafe-inline' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; img-src 'unsafe-inline' 'data:' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; style-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com'unsafe-inline'; report-uri /event/csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google.com *.googleapis.com *.googletagmanager.com *.cloudflare.com *.typekit.net *.siteimprove.com *.youtube.com *.vimeo.com *.siteimproveanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.googleapis.com *.cloudflare.com *.typekit.net *.siteimprove.com *.siteimproveanalytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' *.gstatic.com *.typekit.net; frame-src 'self' *.vimeo.com *.youtube.com *.google.com; 1
child-src 'self'; connect-src 'self' http://*.easycredito.me http://*.facebook.com https://*.akamaihd.net https://*.easycredito.com.br https://*.easycredito.me https://*.easycredito.net.br https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.jquery.com https://*.lkqd.net https://*.nr-data.net https://*.taboola.com https://*.zdassets.com https://*.zendesk.com https://onesignal.com https://viacep.com.br wss:; default-src 'self' *.static.site24x7rum.com https://*.easycredito.net.br https://fonts.googleapis.com/; font-src 'self' chrome-extension: data: http://*.easycredito.me http://*.gstatic.com https://*.bootstrapcdn.com https://*.easycredito.me https://*.fontawesome.com https://*.googleusercontent.com https://*.gstatic.com https://*.typekit.net; frame-src 'self' data: http://*.facebook.com https://*.akamaihd.net https://*.clearsale.com.br https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.youtube.com https://linkado.cc https://onesignal.com; img-src 'self' android-webview-video-poster: data: http://*.easycredito.me http://*.facebook.com http://*.gstatic.com https://*.akamaihd.net https://*.amazonaws.com https://*.bing.com https://*.clear.sale https://*.clearsale.com.br https://*.cloudfront.net https://*.easycredito.com.br https://*.easycredito.me https://*.easycredito.net.br https://*.facebook.com https://*.fbsbx.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.com.br https://*.googleapis.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.lkqd.net https://*.nr-data.net https://*.onesignal.com https://onesignal.com; manifest-src 'self'; media-src 'self' blob: data: https://*.zdassets.com; object-src 'self' https://*.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' asset: blob: data: http://*.easycredito.me https://*.akamaihd.net https://*.bing.com https://*.clearsale.com.br https://*.cloudflare.com https://*.cloudfront.net https://*.easycredito.me https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.lkqd.net https://*.nr-data.net https://*.onesignal.com https://*.receitaws.com.br https://*.site24x7rum.com https://*.taboola.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://linkado.cc https://onesignal.com; style-src 'self' 'unsafe-inline' http://*.easycredito.me https://*.bootstrapcdn.com https://*.easycredito.me https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://*.typekit.net https://onesignal.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c7a15219a6e44183873067f3225c02df 1
script-src 'nonce-rMD0Hq6STgPKt85hO0QsGQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https:; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://rules.quantcount.com/ https://ajax.googleapis.com/ https://secure.quantserve.com/quant.js https://assets.delvenetworks.com/player/embed.js https://ssl.google-analytics.com/ga.js; img-src 'self' https://img.delvenetworks.com/ https://secure.quantserve.com/pixel/p-65annTnPZswCE.gif https://ssl.google-analytics.com/ https://pixel.quantserve.com/ data:; style-src 'self' 'unsafe-inline'; report-uri https://efxcsptest.report-uri.com/r/d/csp/reportOnly; 1
script-src 'nonce-Qu1gDnDlKvRsma8KWWrFtA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' *.callbackhunter.com callbackhunter.com ws://callbackhunter.com wss://callbackhunter.com *.cbh.lc cbh.lc ws://*.cbh.lc ws://cbh.lc wss://*.cbh.lc wss://cbh.lc https://mc.yandex.ru https://fonts.gstatic.com https://*.doubleclick.net https://*.google.com https://*.google.ru *.facebook.com https://*.facebook.com https://ajax.googleapis.com *.youtube.com https://youtube.com; img-src 'self' data: *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc vk.com https://vk.com t.co https://mc.yandex.ru *.google-analytics.com https://www.google-analytics.com https://analytics.twitter.com *.facebook.com https://*.facebook.com https://*.google.com https://*.google.ru https://*.doubleclick.net *.adroll.com https://*.adroll.com https://pixel.rubiconproject.com ads.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net; style-src 'self' 'unsafe-inline' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.googleapis.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.vimeocdn.com vk.com mc.yandex.ru https://mc.yandex.ru *.googleadservices.com *.google-analytics.com https://www.google-analytics.com *.twitter.com https://*.twitter.com *.facebook.net https://connect.facebook.net *.adroll.com https://*.adroll.com https://ajax.googleapis.com *.oneretarget.com https://*.oneretarget.com; child-src 'self' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.vimeo.com *.youtube.com https://youtube.com *.youtube-nocookie.com https://youtube-nocookie.com googleads.g.doubleclick.net *.google.com *.google.ru; report-uri /csp/index 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.100partnerprogramme.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://ssl.google-analytics.com ; style-src https: 'unsafe-inline' ; img-src https: about: data: https://cdn.evbstatic.com http://*.cloudfront.net; http://xml.showcasead.com https://*.s3.amazonaws.com ; connect-src https: about: https://connect.facebook.net ; font-src data: https: http://themes.googleusercontent.com https://cdn.evbstatic.com ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors 'self' ; worker-src blob: ; form-action 'self' ; child-src 'self' ; report-uri https://www.eventbrite.ch/ajax/csp-violation/action 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; style-src 'unsafe-inline' https:; img-src data: about: https:; font-src data: https:; form-action 'self' https:; block-all-mixed-content; report-uri https://travelonbags.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; block-all-mixed-content ; font-src lintjes.nl use.typekit.com; img-src 'self' lintjes.nl www.googletagmanager.com www.google-analytics.com p.typekit.net; style-src 'unsafe-inline' lintjes.nl; script-src 'self' 'unsafe-inline' lintjes.nl www.googletagmanager.com www.google-analytics.com ajax.googleapis.com use.typekit.com; report-uri https://cspreport.vi.company/reports?hash=76b25c33e76d6d4e61ab02eee6d7ce66&timestamp=2020-07-12T01:13:55.3883330Z; 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' https://consent.cookiebot.com/ https://tracking.sunbeam-berlin.de/ https://consentcdn.cookiebot.com/ https://www.youtube-nocookie.com/ https://www.instagram.com/; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: http://www.w3.org/ https://scontent.cdninstagram.com/; frame-src 'self' https://consent.cookiebot.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/ https://consentcdn.cookiebot.com/; connect-src 'self' 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.youtu.be *.youtube.com www.google-analytics.com *.doubleclick.net *.ads-twitter.com t.co *.twitter.com *.express-scripts.ca; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https:; object-src 'self'; frame-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://acp.miloo.nl wss://acp.miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com disqus.com; child-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://acp.miloo.nl wss://acp.miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com *.disqus.com; style-src 'self' 'unsafe-inline' *.kvk.nl s3.amazonaws.com tagmanager.google.com translate.googleapis.com *.mopinion.com https://fonts.googleapis.com *.abtasty.com *.disqus.com *.disquscdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.kvk.nl blob: bat.bing.com *.nowinteract.com www.youtube.com s.ytimg.com channel.me cloudstatic.obi4wan.com *.hotjar.com www.google-analytics.com www.googletagmanager.com cdn-assets-prod.s3.amazonaws.com tagmanager.google.com *.mopinion.com https://acp.miloo.nl wss://acp.miloo.nl *.abtasty.com *.disqus.com *.disquscdn.com 'nonce-SWhMbdKh3Ocf6RqwCRmDL6oPPm3dhlXfQibEO6ffOO0='; img-src 'self' *.kvk.nl blob: data: tr3.onlinesucces.nl www.ondernemersplein.nl bat.bing.com https://www.gstatic.com/images/branding/product/2x/translate_24dp.png www.google-analytics.com www.googletagmanager.com https://acp.miloo.nl wss://acp.miloo.nl *.abtasty.com *.cloudfront.com *.mopinion.com *.disqus.com *.disquscdn.com; font-src 'self' blob: data: *.kvk.nl http://fonts.gstatic.com https://fonts.gstatic.com static.hotjar.com *.mopinion.com *.abtasty.com *.disqus.com; connect-src 'self' *.kvk.nl wss://*.kvk.nl opendata.ondernemersplein.nl *.nowinteract.com translate.googleapis.com bots.obi4wan.com app.obi4wan.ai *.hotjar.com wss://*.hotjar.com www.google-analytics.com script.google.com https://acp.miloo.nl wss://acp.miloo.nl *.mopinion.com col.eum-appdynamics.com *.abtasty.com sentry.io *.disqus.com; frame-ancestors 'self' https://*.kvk.nl; base-uri 'self' *.kvk.nl; report-uri https://acd4a6fc2b303186c154a28c8bda5e62.report-uri.com/r/t/csp/reportOnly; 1
default-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://bizzdesign.com 'nonce-KfCBu6S0BzCVf8iYXfMXsrnN3lB7lYP3KWiFkMuzcrU5Qdklhvu622jeARIkYjw0dLvMKNUTQ2u4OFDRU7bZJGCQWbKhXxBGnbO7FWh5qD4oVJhTIBs7qVGxSCZ5Xiny'; connect-src https://api.segment.io https://bizzdesign.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://settings.luckyorange.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; font-src data: https://bizzdesign.com https://fonts.gstatic.com https://use.typekit.net; frame-src https://bizzdesign.catsone.nl https://go.bizzdesign.com https://js.driftt.com https://platform.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; child-src https://bizzdesign.catsone.nl https://go.bizzdesign.com https://js.driftt.com https://platform.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; img-src data: https://bizzdesign.com https://cdn2.hubspot.net https://dc.ads.linkedin.com https://gateway.zscaler.net https://go.bizzdesign.com https://px.ads.linkedin.com https://secure.gravatar.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://storage.pardot.com https://tracking.leadlander.com https://www.bizzdesign-academy.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fi https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com; script-src 'unsafe-eval' 'unsafe-inline' https://bizzdesign.catsone.nl https://bizzdesign.com https://bpb.opendns.com https://cdn.segment.com https://connect.facebook.net https://d10lpsik1i8c69.cloudfront.net https://go.bizzdesign.com https://js.driftt.com https://pi.pardot.com https://platform.twitter.com https://px.ads.linkedin.com https://s.ytimg.com https://snap.licdn.com https://ssl.google-analytics.com https://t.sf14g.com https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; style-src 'unsafe-inline' https://ajax.googleapis.com https://bizzdesign.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; worker-src https://www.facebook.com 1
default-src 'self'; base-uri 'self'; child-src 'self' www.google.com www.google.com/recaptcha/ secure.livechatinc.com https://*.hotjar.com https://vars.hotjar.com http://*.hotjar.io https://*.hotjar.io pliki.drukomat.pl; connect-src 'self' ajax.googleapis.com https://www.google-analytics.com analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net sentry.drukomat.co api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com wss://api.livechatinc.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://vc.hotjar.io:* wss://*.hotjar.com www.facebook.com shops-si.trustedshops.com trustbadge.api.etrusted.com api.trustedshops.com pliki.drukomat.pl; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.livechatinc.com themes.googleusercontent.com netdna.bootstrapcdn.com http://*.hotjar.com https://*.hotjar.com http://script.hotjar.com https://script.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com widgets.trustedshops.com; frame-src www.google.com www.googletagmanager.com bid.g.doubleclick.net tpc.googlesyndication.com www.youtube.com www.facebook.com secure.livechatinc.com https://*.hotjar.com https://vars.hotjar.com http://*.hotjar.io https://*.hotjar.io c.imedia.cz pliki.drukomat.pl; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com google.com translate.google.com translate.googleapis.com www.googleadservices.com www.gstatic.com ssl.gstatic.com googleads.g.doubleclick.net stats.g.doubleclick.net doubleclick.net cdn.livechatinc.com secure.livechatinc.com http://*.hotjar.com https://*.hotjar.com https://script.hotjar.com http://script.hotjar.com http://*.hotjar.io https://*.hotjar.io www.facebook.com l.facebook.com connect.facebook.net www.gravatar.com i.ytimg.com cx.atdmt.com px.ads.linkedin.com www.linkedin.com p.adsymptotic.com widgets.trustedshops.com c.imedia.cz ib.adnxs.com www.google.ae www.google.at www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.in www.google.co.jp www.google.co.ug www.google.co.uk www.google.cz www.google.com www.google.com.bo www.google.com.co www.google.com.ec www.google.com.np www.google.com.ph www.google.com.qa www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.ge www.google.gl www.google.hu www.google.ie www.google.it www.google.je www.google.lt www.google.lu www.google.lv www.google.me www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sk www.google.si pliki.drukomat.pl; media-src 'self' cdn.livechatinc.com secure.livechatinc.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com ajax.googleapis.com/ajax/libs/jquery/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googleadservices.com www.google.com tpc.googlesyndication.com googleads.g.doubleclick.net doubleclick.net accounts.livechatinc.com secure.livechatinc.com cdn.livechatinc.com cdn.tinymce.com code.jquery.com netdna.bootstrapcdn.com 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com http://*.hotjar.io https://*.hotjar.io connect.facebook.net snap.licdn.com widgets.trustedshops.com sk.search.etargetnet.com c.imedia.cz pliki.drukomat.pl 'sha256-Pkrk7EQUCze/+y2ieQcihkqf20ngyO1o8p0bLJqEUEg=' 'sha256-sN2JfK4DItW+tHEvTPTRUlVsTp6P99J+1UtsJiAzbJQ=' 'sha256-J28m+KfipY9skgQSQHiWGcSLu/r+9MNLMkdmblaToRY='; style-src 'self' translate.googleapis.com fonts.googleapis.com code.jquery.com cdn.livechatinc.com secure.livechatinc.com netdna.bootstrapcdn.com widgets.trustedshops.com use.fontawesome.com; report-uri https://sentry.drukomat.co/api/6/security/?sentry_key=0a78d5cc04564c5d8a0ffffe654389bb 1
script-src 'nonce-dupIZncaPKg7G3czVPEGmg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sc020yt0rwhkktjwws4uujxl.httpschecker.net/report 1
: default-src https: 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://gaecgh.org/wp-json/rsssl/v1/csp?rsssl_apitoken=1580297516  1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net ; connect-src 'self' *.typekit.net *.umbraco.org *.openstreetmap.org ws://www.portaal.nl ; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org ; frame-ancestors 'self' ;  1
frame-src 'self' http://mapy.kr-plzensky.cz; report-uri /log 1
default-src 'none'; script-src 'self' twitter.com google.com; img-src *; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src 'self' wss:; report-uri /ping/ 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s.ytimg.com https://cdn-images.mailchimp.com https://s3.amazonaws.com; script-src-elem 'self' https://visionkino.de/piwik/piwik.js; script-src 'self' 'unsafe-inline' https://visionkino.de/piwik/piwik.js https://www.visionkino.de/ https://s.ytimg.com https://www.google.com; font-src 'self' https://fonts.gstatic.com/ https://www.google.com; connect-src 'self' https://www.visionkino.de/filmtipps/ https://www.visionkino.de/piwik/piwik.php; report-uri https://www.visionkino.de/report/report.php; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://player.theplatform.com; img-src 'self' data https://*.vimeocdn.com/ https://i.ytimg.com https://visionkino.de/piwik/piwik.php; media-src https://www.youtube-nocookie.com https://*.googlevideo.com; 1
default-src 'self'; connect-src 'self' dc.services.visualstudio.com ssl.google-analytics.com stats.g.doubleclick.net www.facebook.com intranet.microk12.com middleman.microk12.com; font-src 'self' data: fonts.gstatic.com static.stockinthechannel.com; frame-src 'self' accounts.us.stockinthechannel.com app.powerbi.com ad.doubleclick.net bid.g.doubleclick.net www.youtube.com www.facebook.com; frame-ancestors accounts.us.stockinthechannel.com; img-src * data:; media-src 'self' images.us.stockinthechannel.com media.stockinthechannel.com; manifest-src images.us.stockinthechannel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' accounts.us.stockinthechannel.com images.us.stockinthechannel.com static.stockinthechannel.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com analytics.twitter.com; style-src 'self' 'unsafe-inline' static.stockinthechannel.com fonts.googleapis.com ajax.googleapis.com; report-uri https://stockchannel.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hotjar.com https://*.doubleclick.net https://*.cookiebot.com https://*.google-analytics.com wss://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com; frame-ancestors 'self'; frame-src blob: https://*.cookiebot.com https://*.pay1.de https://*.criteo.com https://*.criteo.net https://*.googletagmanager.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.google.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.cookiebot.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.pay1.de https://*.google.de https://*.criteo.net https://*.criteo.com https://*.googleadservices.com https://*.baywa.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.doubleclick.net https://maps.googleapis.com https://bat.bing.com; img-src 'self' data: https://*.googletagmanager.com https://res.cloudinary.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.analytics.yahoo.com https://maps.googleapis.com https://*.gstatic.com https://bat.bing.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.criteo.net https://*.criteo.com https://*.google-analytics.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.googleapis.com https://fonts.gstatic.com; worker-src blob:; report-uri https://csp.lwp.baywa.de/index; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; connect-src http:; font-src http: data:; report-uri 'unsafe-inline' http:; frame-src 'unsafe-inline' http:; sandbox allow-forms allow-scripts 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/reportOnly 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.icons8.com *.fontawesome.com *.hotjar.com *.zopim.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.zopim.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com platform.twitter.com *.twitter.com *.zopim.com *.trustpilot.com *.consensu.org *.hotjar.com *.sharethis.com *.google.com *.https://app.clickup.com/t/6gkgpw 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.google.com *.google.co.in *.zopim.com *.zopim.io *.sharethis.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.trustpilot.com *.sharethis.com *.hotjar.com chimpstatic.com *.zopim.com *.zdassets.com *.doubleclick.net *.google.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.icons8.com *.bootstrapcdn.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.zopim.com *.sharethis.com *.zdassets.com *.trustpilot.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://static.juicer.io *.gstatic.com *.klevu.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://maps.gstatic.com https://www.google.rs https://www.google.com *.klevu.com https://stats.g.doubleclick.net https://scontent.cdninstagram.com https://assets.juicer.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://maps.googleapis.com https://chimpstatic.com *.klevu.com *.juicer.io *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.juicer.io https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://www.juicer.io https://cdn.rawgit.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src blob: *; font-src 'self' data: cdn.wheretostay.com fonts.gstatic.com cdn.livechatinc.com themes.googleusercontent.com cdn.bootstrapcdn.com maxcdn.bootstrapcdn.com ; frame-src blob: *; img-src 'self' https: data:; media-src 'self' cdn.wheretostay.com cdn.livechatinc.com; script-src 'self' 'unsafe-eval' *.g.doubleclick.net cdn.wheretostay.com connect.facebook.net www.google.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com www.googleadservices.com verify.authorize.net js.authorize.net seal.godaddy.com cdn.livechatinc.com secure.livechatinc.com www.wheretostay.com/www.spatropique.com bat.bing.com cdn.jsdelivr.net js-agent.newrelic.com www.shopperapproved.com blob: cdn.ampproject.org www.google.com www.gstatic.com 'unsafe-inline'; script-src-elem: data: cdn.ampproject.org js-agent.newrelic.com; style-src * blob: 'unsafe-inline'; report-uri https://admin.wheretostay.com/webhooks/cspreport 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/kolpin.com; 1
default-src 'none'; script-src 'self' ajax.googleapis.com ajax.aspnetcdn.com use.typekit.com platform.twitter.com cdn.syndication.twimg.com web103.reachmee.com ssl.google-analytics.com s.webtrends.com statse.webtrendslive.com ssl.webserviceaward.com; style-src 'self' ajax.googleapis.com fonts.googleapis.com platform.twitter.com ssl.webserviceaward.com; img-src 'self' data: about: ajax.googleapis.com platform.twitter.com syndication.twitter.com pbs.twimg.com p.typekit.net statse.webtrendslive.com hm.webtrends.com ssl.webserviceaward.com; font-src 'self' data: fonts.gstatic.com use.typekit.com; connect-src 'self' performance.typekit.net; media-src 'self'; object-src 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com platform.twitter.com syndication.twitter.com cws.huginonline.com inpublic.globenewswire.com web103.reachmee.com; report-uri /csp-report; 1
connect-src 'self' app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com; default-src 'self' media.newmindmedia.com beta.pitea.se data:; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com netdna.bootstrapcdn.com www.stratsys.se; form-action 'self' app-eu.readspeaker.com web103.reachmee.com; img-src 'self' data: beta.pitea.se app-eu.readspeaker.com image.providesupport.com media.newmindmedia.com media.readspeaker.com js.arcgis.com jamforelse.stratsys.se webgis.it.pitea.se about:; script-src beta.pitea.se 'self' web103.reachmee.com image.providesupport.com code.jquery.com pitea.mynewsdesk.com 'sha256-Hnhe4R0P6wwATJSY3ifua+lDsSOOHIE/rI+ZRzOZGVk=' 'sha256-1o2A60+/OGPBNg+labGVrJPqbLVGijeWnFRH+VlKT9c=' 'sha256-GMVQdhnizKqXD0cuutPtyd6gO2Qs87cMkK0F5k8hAww=' 'sha256-6Pk95aFTSNedgvHBIgl/vKGXo5p/MkasbBKrPJXiPl8='; script-src-elem beta.pitea.se 'self' web103.reachmee.com image.providesupport.com pitea.mynewsdesk.com app-eu.readspeaker.com code.jquery.com jamforelse.stratsys.se www.stratsys.se 'sha256-Hnhe4R0P6wwATJSY3ifua+lDsSOOHIE/rI+ZRzOZGVk=' 'sha256-1o2A60+/OGPBNg+labGVrJPqbLVGijeWnFRH+VlKT9c=' 'sha256-GMVQdhnizKqXD0cuutPtyd6gO2Qs87cMkK0F5k8hAww=' 'sha256-6Pk95aFTSNedgvHBIgl/vKGXo5p/MkasbBKrPJXiPl8='; object-src 'self'; frame-src 'self' pitea.se web103.reachmee.com www.dedu.se webgis.it.pitea.se a.entergate.se app-eu.readspeaker.com pitea.uc.standout.se rstts-eu.readspeaker.com extweb5.pitea.se lifecare.pitea.se www.novasoftware.se pitea.tromanpublik.se www.esmaker.net www.kommersannons.se pitea.mynewsdesk.com recruit.visma.com www.hrmab.se player.vimeo.com www.youtube-nocookie.com; media-src app-eu.readspeaker.com rstts-eu.readspeaker.com; style-src-elem 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'self' netdna.bootstrapcdn.com www.stratsys.se; style-src 'self' netdna.bootstrapcdn.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-CLC1c4VNJL2uHK1VjQZNRXp2weHQdHTmDXMOlGGxhas=' 'sha256-K1bgZVOFN7wLgJX1uVzwjXHOGctG+HNu2HEORw6wJkY=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; report-uri https://pitea.report-uri.com/r/d/csp/wizard 1
default-src https: wss://paperless.com.ua 'self' wss://channelapi.liqpay.ua; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data: 'self' blob:; font-src https: data: 'self'; report-uri /api/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com platform.twitter.com connect.facebook.net *.addthis.com *.doubleclick.net; img-src 'self' *.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline' *.addthis.com *.doubleclick.net; media-src 'self' *.youtube.com; child-src 'self' *.youtube.com apis.google.com accounts.google.com *.googletagmanager.com platform.twitter.com *.addthis.com *.doubleclick.net *.facebook.com 1
default-src 'none'; img-src https://www.proefjes.nl/images/; script-src https://www.proefjes.nl/scripts/; style-src https://www.proefjes.nl/styles/; form-action 'none'; base-uri https://www.proefjes.nl/; frame-ancestors 'none'; 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob:; report-uri https://alfa.reality.cz/info/csp/ 1
font-src maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com *.zopim.com https://maxcdn.bootstrapcdn.com/font-awesome/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com/tr/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com consentcdn.cookiebot.com www.facebook.com vars.hotjar.com www.woodandbeyond.fr 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.feefo.com stats.g.doubleclick.net www.facebook.com https://www.google-analytics.com https://www.google.com/ads https://www.google.co.uk/ads v2.zopim.com https://amcglobal.sc.omtrdc.net/ 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.gstatic.com https://www.google.com https://www.gstatic.com *.googletagmanager.com www.google-analytics.com *.newrelic.com bam.nr-data.net/ register.feefo.com *.cookiebot.com front.optimonk.com connect.facebook.net *.hotjar.com v2.zopim.com static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleapis.com bam.nr-data.net www.googleadservices.com www.google.co.uk/pagead/attribution https://www.google-analytics.com/ api.feefo.com collect.feefo.com front.optimonk.com ekr.zdassets.com *.hotjar.com vc.hotjar.io wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://vfduk.report-uri.com/r/d/csp/wizard; report-to report-endpoint; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com/ui/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-daterangepicker/ https://*.crisp.chat/; script-src 'self' 'unsafe-eval' 'nonce-zRniEhRA+3sweKgv9UsykQ==' https://js.stripe.com/ https://g.stripe.com/ https://hosted.paysafe.com/request/ https://ajax.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-daterangepicker/ https://cdn.webrtc-experiment.com/DetectRTC.min.js https://code.jquery.com/ui/ https://*.crisp.chat/ https://maps.googleapis.com/maps/api/ https://www.google.com/recaptcha/api.js https://www.datadoghq-browser-agent.com/datadog-logs-us.js https://www.datadoghq-browser-agent.com/datadog-rum-us.js; font-src 'self' https://fonts.gstatic.com https://client.crisp.chat/; img-src 'self' data: https://s3.amazonaws.com/gotabpublic/ https://s3.amazonaws.com/gotabpublic/ https://*.crisp.chat/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ https://gotabpublic.s3.amazonaws.com/; media-src 'self' data: https://s3.amazonaws.com/gotabpublic/ https://gotabpublic.s3.amazonaws.com/; frame-src 'self' https://js.stripe.com/ https://metabase.gotab.io/ https://www.google.com/; connect-src 'self' https://*.crisp.chat/ wss://client.relay.crisp.chat/ https://hosted.paysafe.com/request/api/ https://*.logs.datadoghq.com/ *.verygoodvault.com *.verygoodproxy.com; report-uri https://gotab.io/log/csp 1
default-src 'self' https: data: 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' platform.twitter.com maps.googleapis.com *.facebook.net *.google-analytics.com; img-src 'self' secure.gravatar.com s.w.org maps.googleapis.com syndication.twitter.com *.gstatic.com *.google-analytics.com *.facebook.com *.google.com *.google.pl stats.g.doubleclick.net; report-uri https://69830d5e338164135e36866a3157b942.report-uri.com/r/d/csp/reportOnly 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://dmzls-dub-mc.safe-installation.com/poker 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.hotjar.com https://*.salesforceliveagent.com https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://npmcdn.com/@turf/turf@4.6.1/turf.min.js https://rules.quantcount.com https://s.pinimg.com https://s.ytimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://service.force.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com/iframe_api https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://service.force.com https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; frame-ancestors 'self'; manifest-src https://media.gadventures.com; default-src 'none'; frame-src https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://service.force.com https://static.criteo.net https://tpc.googlesyndication.com https://vars.hotjar.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; upgrade-insecure-requests; img-src 'self' blob: data: https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; connect-src 'self' https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://in.hotjar.com https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://vc.hotjar.io https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com 1
default-src 'unsafe-inline' 'unsafe-eval' data: https:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1
default-src http: https:; script-src data: 'unsafe-inline' 'unsafe-eval' http: https: blob:; style-src 'unsafe-inline' http: https:; img-src data: http: https:; font-src data: http: https:; connect-src http: https: wss://ws3.hotjar.com; report-uri https://webstores.report-uri.com/r/d/csp/reportOnly; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 1
default-src 'self'; img-src 'self' data: shareasale.com *.bizrate.com *.connexity.net *.scanalert.com *.feedburner.com *.authorize.net dkolz1uzvia15.cloudfront.net dts57qhtf7twy.cloudfront.net d2ldlvi1yef00y.cloudfront.net *.googletagmanager.com  https://*.google-analytics.com gammonvillage.com www.gammonvillage.com https://*.visa.com https://*.paypal.com ssl.comodo.com sealserver.trustwave.com *.paypalobjects.com bat.bing.com https://*.doubleclick.net *.online-metrix.net *.whoson.com *.twitter.com *.bizrateinsights.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yieldmanager.com *.msn.com *.bootstrapcdn.com *.bizrate.com *.amazon.com bat.bing.com *.authorize.net *.payments-amazon.com *.googleadservices.com *.doubleclick.net *.mastercard.com *.paypal.com *.paypalobjects.com *.aexp-static.com *.clickguard.com cdnjs.cloudflare.com *.googlesyndication.com *.google.com cdn.jsdelivr.net *.google-analytics.com *.googletagmanager.com *.visa.com sealserver.trustwave.com *.online-metrix.net *.whoson.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.amazon.com io.clickguard.com *.visa.com *.google-analytics.com *.doubleclick.net; frame-src 'self' *.visa.com *.mastercard.com *.americanexpress.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.online-metrix.net *.twitter.com *.facebook.com; object-src *.visa.com; report-uri https://gammonvillage.report-uri.com/r/d/csp/wizard; report-to default 1
default-src 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com www.travelinescotland.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
connect-src 'self' apay-us.amazon.com api.braintreegateway.com api.sandbox.braintreegateway.com beaconapi.helpscout.net chatapi.helpscout.net client-analytics.braintreegateway.com coin.amazonpay.com core32-helpscout.pusher.com core33-helpscout.pusher.com d3hb14vkzrxvla.cloudfront.net origin-analytics-sand.sandbox.braintree-api.com payments-sandbox.amazon.com payments.amazon.com payments.braintree-api.com payments.sandbox.braintree-api.com sock32-helpscout.pusher.com sock33-helpscout.pusher.com sockjs-helpscout.pusher.com stats.g.doubleclick.net www.amazon.com www.facebook.com www.google-analytics.com www.paypal.com wss://ws-helpscout.pusher.com; frame-ancestors 'none'; font-src 'self' data: *; form-action 'self' apay-us.amazon.com payments.amazon.com www.facebook.com; frame-src 'self' accounts.google.com apay-us.amazon.com api-cdn.amazon.com assets.braintreegateway.com c.paypal.com pay.google.com payments.amazon.com static-na.payments-amazon.com web.facebook.com www.facebook.com www.google.com www.paypal.com www.sandbox.paypal.com www.youtube.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' device.maxmind.com ajax.cloudflare.com apay-us.amazon.com apis.google.com bat.bing.com beacon-v2.helpscout.net c.paypal.com connect.facebook.net converter.dynamicconverter.com detect.dynamicconverter.com js.braintreegateway.com optimize.google.com pay.google.com payments-sandbox.amazon.com payments.amazon.com s.ytimg.com static-na.payments-amazon.com static.cloudflareinsights.com tagmanager.google.com www.googleapis.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.paypal.com www.paypalobjects.com www.youtube.com; style-src 'self' 'unsafe-inline' *; object-src 'none'; report-uri https://divegearexpress.report-uri.com/r/d/csp/wizard 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' https://stats.liqd.net; default-src 'self' https://stats.liqd.net https://w.soundcloud.com; style-src 'self' 'unsafe-inline' 1
script-src 'self' https://platform.twitter.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
style-src-attr 'unsafe-inline'; form-action www.facebook.com 'self'; frame-src staticxx.facebook.com www.facebook.com platform.twitter.com marketplace.cchq.co.uk www.google.com; img-src syndication.twitter.com 'self' www.facebook.com www.craftcourses.com; script-src-elem 'self' connect.facebook.net platform.twitter.com www.craftcourses.com www.google-analytics.com www.google.com www.gstatic.com 'unsafe-inline'; style-src-elem 'self' fast.fonts.net www.craftcourses.com 'unsafe-inline'; font-src 'self'; script-src 'unsafe-eval'; report-uri https://craftcourses.report-uri.com/r/d/csp/reportOnly 1
script-src 'nonce-55f9iiI9ILE2U2mWGBPvEA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://maps.google.com https://m.addthis.com https://www.youtube.com/iframe_api https://www.youtube.com http://www.youtube.com http://dev.openlayers.org https://dev.openlayers.org https://m.addthisedge.com https://s7.addthis.com https://apis.google.com https://googleads.g.doubleclick.net https://unpkg.com  https://use.fontawesome.com https://pro.fontawesome.com http://www.amcharts.com https://platform.twitter.com https://ssl.p.jwpcdn.com https://www.google-analytics.com https://records-ws.nbnatlas.org https://use.typekit.net https://www.googleadservices.com https://mc.us16.list-manage.com https://www.googletagmanager.com https://tagmanager.google.com https://downloads.mailchimp.com https://code.jquery.com https://maps.googleapis.com https://connect.facebook.net   https://downloads.mailchimp.com https://csi.gstatic.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' http://dev.openlayers.org https://tagmanager.google.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://downloads.mailchimp.com https://use.fontawesome.com https://p.typekit.net https://use.typekit.net https://pro.fontawesome.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://pro.fontawesome.com  https://maxcdn.bootstrapcdn.com; frame-src 'self'  https://www.google.com https://s7.addthis.com https://e.issuu.com https://apis.google.com/ https://www.youtube.com/ https://staticxx.facebook.com/ https://accounts.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.facebook.com/ https://web.facebook.com/; object-src 'self'; connect-src 'self' https://m.addthis.com https://syndication.twitter.com  https://performance.typekit.net/ ; media-src 'self' blob: https://e5c5a7c5.ssl.hwcdn.net; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self' 1
object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://tags.srv.stackadapt.com https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://www.chasepaymentechhostedpay.com;font-src 'self' https://fonts.gstatic.com  https://webfonts.zohostatic.com  https://static.ecorebates.com https://ajax.googleapis.com https://use.typekit.net data:  ;base-uri 'self' ; object-src 'self' https://na.electroluxmedia.com https://media.electroluxappliances.com; report-uri /CSP-report; 1
default-src 'self' data: *.googletagmanager.com *.google.com *.google-analytics.com  *.googleapis.com *.gstatic.com *.doubleclick.net mc.yandex.ru api-maps.yandex.ru yastatic.net webvisor.com *.calltouch.ru *.youtube.com *.ytimg.com 'nonce-counters' 'report-sample'; img-src https: data: blob: ; report-uri /feedback/http-csp-report.php 1
; frame-ancestors 'self' 1
default-src 'self' base.kvartus.ru a.kvartus.ru *.cdn.kvartus.ru; base-uri 'self'; frame-src https://www.google.com https://api-maps.yandex.ru blob: https://mc.yandex.ru data:; connect-src 'self' base.kvartus.ru widget.5nit.ru wss://ws.api.kvartus.ru:8081 *.tinymce.com https://mc.yandex.ru; script-src 'self' base.kvartus.ru widget.5nit.ru *.cdn.kvartus.ru https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://maps.googleapis.com http://www.googletagservices.com api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://yastatic.net *.tinymce.com ; style-src 'self' blob: 'unsafe-inline' base.kvartus.ru widget.5nit.ru *.tinymce.com https://fonts.googleapis.com; font-src 'self' data: widget.5nit.ru *.tinymce.com https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: base.kvartus.ru img.kvartus.ru kvartus.ru widget.5nit.ru image-cacher.ru *.tinymce.com api-maps.yandex.ru https://mc.yandex.ru https://*.maps.yandex.net https://yandex.ru https://www.gstatic.com ; media-src base.kvartus.ru; object-src 'self'; upgrade-insecure-requests; report-uri https://kvartus.report-uri.io/r/default/csp/reportOnly 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8001 http://localhost:8001 https://*.youtube.com https://cdn.jsdelivr.net https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://*.newrelic.com http://*.sumome.com/ sumo.b-cdn.net https://secure-ds.serving-sys.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' sumo.b-cdn.net https://cdn.jsdelivr.net https://use.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com; img-src * data:; report-uri https://cd36466f21f5db895967ac9cb87c0cb5.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' *.yandex.ru 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.williamashley.com www.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.pinimg.com *.livechatinc.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com assets.pinterest.com *.cloudmaestro.com maps.googleapis.com 1
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.qq.com *.weishi.com; object-src 'self' *.qq.com; style-src 'unsafe-inline' res.wx.qq.com; img-src data: http://mmbiz.qlogo.cn http://mmbiz.qpic.cn http://*.qq.com https://mmbiz.qlogo.cn https://mmbiz.qpic.cn http://wx.qlogo.cn https://wx.qlogo.cn https://*.qq.com http://mp.weixin.qq.com https://mp.weixin.qq.com; media-src 'self' *.qq.com; font-src res.wx.qq.com; frame-src http://*.qq.com https://*.qq.com; report-uri https://mp.weixin.qq.com/mp/fereport?action=csp_report 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' data: *.hotjar.com *.klevu.com *.bootstrapcdn.com *.bigpoppasmokers.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com *.bigpoppasmokers.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.twitter.com *.olark.com *.affirm.com *.youtube.com *.hotjar.com *.bigpoppasmokers.com *.demdex.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: 'self' http://* *.lightemporium.com *.usercentrics.eu *.klevu.com *.olark.com *.cloudfront.net *.bigpoppasmokers.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.cloudflareinsights.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.olark.com *.hellomedian.com *.affirm.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.hotjar.com includes.ccdc02.com *.shareasale.com *.dwin1.com *.bigpoppasmokers.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.affirm.com *.olark.com *.bootstrapcdn.com *.bigpoppasmokers.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.olark.com *.bigpoppasmokers.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.affirm.com *.olark.com *.hellomedian.com wss://socket.hellomedian.com *.hotjar.com *.hotjar.io *.nr-data.net *.authorize.net *.bigpoppasmokers.com *.demdex.net 'self' 'unsafe-inline'; child-src 'self' blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ie&source%5Bsection%5D=brochure&source%5Buuid%5D=1b2766fa3b3b9baf0914a1c79c126de9 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.browsealoud.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src 'self' *.pensioenfederatie-jaarcongres.nl/ *.pensioenfederatie.nl/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pensioenfederatie-jaarcongres.nl/ *.pensioenfederatie.nl/; style-src 'self' 'unsafe-inline' *.pensioenfederatie-jaarcongres.nl/ *.pensioenfederatie.nl/; report-uri /cms/modules/cci/CSPReport/ 1
script-src 'nonce-FyRHzkLxJxJCWusXryZAuw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com s.ytimg.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com video.google.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=newspaper_PETPLUSDVA 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://dildoking.de https://*.dildoking.de https://stats.g.doubleclick.net https://*.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://connect.nosto.com https://js-agent.newrelic.com https://www.googletagmanager.com https://*.channeladvisor.com https://*.payments-amazon.com https://bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.paypal.com https://connect.nosto.com https://*.amazon.com https://bam.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src dybp9aem9km4k.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com dybp9aem9km4k.cloudfront.net *.paypal.com static.afterpay.com www.facebook.com maps.gstatic.com *.fbcdn.net *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com dybp9aem9km4k.cloudfront.net www.googletagmanager.com connect.facebook.net secure.ewaypayments.com *.afterpay.com maps.googleapis.com www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com dybp9aem9km4k.cloudfront.net *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src dybp9aem9km4k.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com dybp9aem9km4k.cloudfront.net www.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: https://*.hotjar.com:* https://*.hotjar.io 'unsafe-eval'; base-uri 'none'; connect-src 'self' https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://*.hotjar.com; font-src https: data:; frame-src https://bid.g.doubleclick.net https://www.youtube.com https://codepen.io http://codepen.io https://www.facebook.com https://staticxx.facebook.com/ https://platform.twitter.com/ https://www.google.com/recaptcha/ https://formkeep.com https://formkeep.refersion.com https://app.codefund.io https://intercom-sheets.com https://js.intercomcdn.com https://*.hotjar.com:* https://*.hotjar.io; img-src 'self' https: http: data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' https://*.hotjar.com https://*.hotjar.io 'nonce-OHVjbpTecnNB/hDMN4knI1pZSxOxbyKiJBBraMcdmpM='; style-src 'self' https: 'unsafe-inline'; report-uri https://formkeep.com/f/fda9843107fc 1
script-src 'self'; report-uri: https://pegasotecnologiacfdi.net; 1
default-src 'self' 'unsafe-inline' https://*.wistia.com https://*.wistia.net; frame-src *.vimeo.com *.hotjar.com *.google.com static.addtoany.com cdn.yoshki.com fast.wistia.com fast.wistia.net cloud.highcharts.com app.everviz.com *.addthis.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.hotjar.io www.googletagmanager.com www.google-analytics.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com ajax.googleapis.com *.google.com instant.page *.wistia.com *.wistia.net https://src.litix.io static.addtoany.com assets.juicer.io cookiehub.net stats.g.doubleclick.net *.gstatic.com *.cloudflare.com *.apester.com *.addthis.com *.moatads.com *.cdnjs.cloudflare.com/ajax/libs/hammer.js/ cdn.jsdelivr.net/npm/handlebars@4.0.5/dist/; connect-src 'self' 'unsafe-inline' cookiehub.net analytics.nyltx.com embedwistia-a.akamaihd.net distillery.wistia.com pipedream.wistia.com embed-fastly.wistia.com embed-ssl.wistia.com *.litix.io fg8vvsvnieiv3ej16jby.litix.io www.juicer.io *.hotjar.com wss://*.hotjar.com *.hotjar.io analytics.google.com www.google-analytics.com *.doubleclick.net *.apester.com; style-src 'self' 'unsafe-inline' blob: cookiehub.net fonts.googleapis.com assets.juicer.io *.cloudflare.com https://fast.wistia.com; font-src 'self' data: 'unsafe-inline' fonts.gstatic.com static.juicer.io https://*.wistia.com; img-src 'self' data: assets.juicer.io *.wistia.com embedwistia-a.akamaihd.net pbs.twimg.com maps.gstatic.com maps.googleapis.com www.google-analytics.com uniform.azureedge.net *.doubleclick.net 'unsafe-inline' *.google.com *.google.co.uk *.cdninstagram.com *.fbcdn.net *.apester.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; worker-src 'self' blob:; 1
Content-Security-Policy: default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.rejoiner.com *.demandjump.com i.simpli.fi www.googletagmanager.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com *.amazon.com *.addthisedge.com *.authorize.net *.beachfrontmedia.com *.s3.amazonaws.com *.payments-amazon.com www.googleadservices.com *.moatads.com vpaid.springserve.net vidoplay.b-cdn.net ucads-cdn.ucweb.com static.vertamedia.com static.ctctcdn.com s0.2mdn.net player-cdn.beachfrontmedia.com imasdk.googleapis.com dtm.advertising.com cdn.pmmapads.com cdn-ssl.vidible.tv ad.lkqd.net 127.0.0.1:* blob:; style-src * data: 'unsafe-inline' blob:; report-uri https://swarming.report-uri.com/r/d/csp/wizard; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 1
font-src https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: *.seton.de; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.seton.de *.media-brady.com *.insidebrady.com *.google-analytics.com *.tealiumiq.com *.tiqcdn.com *.bing.com *.azalead.com *.doubleclick.net *.richrelevance.com *.monetate.net *.mouseflow.com *.leadlab.click *.adnymics.com *.hurra.com *.themessagecloud.com *.whoisvisiting.com *.googletagmanager.com *.liveperson.net *.shopperapproved.com *.googlecommerce.com *.googleadservices.com *.google.com *.google.de *.google.fr *.google.co.uk *.lengow.com *.monetate.net *.contentsquare.net *.smartfocus.com *.jabmo.app *.adnxs.com d22d1xpx4ztuef.cloudfront.net flex.msn.com *.facebook.net *.infoprodata.com *.veoxa.com; style-src 'self' 'unsafe-inline' *.seton.de *.media-brady.com *.insidebrady.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' data: *.seton.de *.media-brady.com *.insidebrady.com *.google-analytics.com *.bing.com *.youtube.com *.effiliation.com *.azalead.com *.feefo.com *.doubleclick.net *.monetate.net *.adnymics.com *.adnxs.com *.whoisvisiting.com *.googletagmanager.com *.shopperapproved.com *.google.com *.google.de *.google.fr *.google.co.uk *.lengow.com *.monetate.net *.contentsquare.net *.jabmo.app *.facebook.com *.infoprodata.com; font-src 'self' data: *.seton.de *.media-brady.com *.insidebrady.com *.bootstrapcdn.com *.fontawesome.com *.infoprodata.com; connect-src 'self' *.seton.de *.media-brady.com *.insidebrady.com *.google-analytics.com *.tealiumiq.com *.richrelevance.com *.leadlab.click *.google.com *.google.de *.google.fr *.google.co.uk *.doubleclick.net *.bing.com *.mouseflow.com *.contentsquare.net *.jabmo.app api.ipify.org; media-src 'self' *.seton.de *.media-brady.com; object-src 'self' *.seton.de *.media-brady.com; prefetch-src 'self' *.seton.de *.media-brady.com; child-src 'self' *.seton.de *.xisecurenet.com; frame-src 'self' *.seton.de *.insidebrady.com *.xisecurenet.com *.doubleclick.net *.liveperson.net *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.facebook.com *.monetate.net; worker-src 'self' *.seton.de *.contentsquare.net; frame-ancestors 'self' *.seton.de *.xisecurenet.com; form-action 'self' *.seton.de *.facebook.com; upgrade-insecure-requests; block-all-mixed-content; disown-opener; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups allow-pointer-lock; reflected-xss block; base-uri https://www.seton.de; plugin-types none; referrer origin-when-cross-origin; report-uri https://brady.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' *.parkmobile.us *.parkmobile.io 1
report-uri https://wwwhellobankat.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 1
report-uri //report-csp-violation 1
default-src 'self'; connect-src 'self' https://usc-srt-wapp01.prls.net https://usc-skb.prls.net https://forum.parallels.com; img-src 'self' https://www.google-analytics.com https://static.myparallels.com https://www.parallels.com data:; font-src 'self' https://static.myparallels.com; frame-src 'self' https://chat.parallels.com https://usc-skb.prls.net; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://appleid.cdn-apple.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri https://my.myparallels.com/csp_report 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; media-src 'self' blob: data: https: *.idnes.cz; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ocko&d=2020-07-12 1
script-src 'nonce-gadxd51v6N2r3JBrutriYw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src data: maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com channels.magento.com fonts.gstatic.com qaapp02.xisecurenet.com *.paymetric.com hottools.us15.list-manage.com www.facebook.com facebook.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net https://qaapp02.xisecurenet.com *.paymetric.com 'self' data: https://hottools.us15.list-manage.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com www.facebook.com connect.facebook.net amc.demdex.net 5764011.fls.doubleclick.net vars.hotjar.com checkoutshopper-test.adyen.com qaapp02.xisecurenet.com bid.g.doubleclick.net assets.adobedtm.com www.weltpixel.com www.xtento.com fast.amc.demdex.net www.google.com https://public.cobrowse.oraclecloud.com *.mouseflow.com/ *.xisecurenet.com *.paymetric.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com gethatch.com pixel.quantserve.com stats.g.doubleclick.net www.google.com www.facebook.com *.paypal.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net network-eu-stg.bazaarvoice.com data: checkoutshopper-test.adyen.com www.googleads.g.doubleclick.net www.google.co.in googleads.g.doubleclick.net landofcoder.com cdn.klarna.com www.xtento.com cdn.xtento.com www.magentocommerce.com *.gstatic.com *.cdninstagram.com gallery.mailchimp.com https://www.googletagmanager.com https://qaapp02.xisecurenet.com *.paymetric.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.googletagmanager.com connect.facebook.net googleads.g.doubleclick.net www.facebook.com qaapp02.xisecurenet.com channels.magento.com cdn.wootric.com cdn-assets.rapidspike.com cdnjs.cloudflare.com *.www.googletagmanager.com tagmanager.google.com *.instagram.com www.google.com www.gstatic.com ajax.cloudflare.com js-agent.newrelic.com https://public.cobrowse.oraclecloud.com *.mouseflow.com/ s3.amazonaws.com *.oraclecloud.com https://qaapp02.xisecurenet.com *.paymetric.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com channels.magento.com fonts.googleapis.com tagmanager.google.com *.oraclecloud.com *.mouseflow.com/ cdn-images.mailchimp.com https://qaapp02.xisecurenet.com *.paymetric.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://magento.com https://devdocs.magento.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net www.sandbox.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com data-a495851.data.us2.oraclecloud.com www.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net channels.magento.com cdn.wootric.com eligibility.wootric.com wootric-eligibility.herokuapp.com rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com stats.g.doubleclick.net *.oraclecloud.com *.mouseflow.com/ www.instagram.com https://qaapp02.xisecurenet.com *.paymetric.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/nuaire.com; 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'; 1
default-src 'self';
        img-src 'self'
            data: *
            blob: *
            https://insights.hotjar.com https://static.hotjar.com
            https://www.googletagmanager.com
            https://*.odigeoconnect.com
            https://www.google-analytics.com;
        font-src 'self'
            data: *
            https://static.hotjar.com
            https://www.google-analytics.com
            https://maxcdn.bootstrapcdn.com/
            https://fonts.gstatic.com;
        style-src 'self' 'unsafe-inline'
            https://cdnjs.cloudflare.com
            https://opensource.keycdn.com
            https://maxcdn.bootstrapcdn.com
            https://fonts.googleapis.com;
        frame-src 'self'
            https://www.googletagmanager.com
            https://vars.hotjar.com;
        script-src 'self' 'unsafe-inline' 'unsafe-eval'
            https://static.hotjar.com
            https://script.hotjar.com
            https://cdnjs.cloudflare.com
            https://maxcdn.bootstrapcdn.com
            https://www.google-analytics.com/
            https://tagmanager.google.com/
            https://www.googletagmanager.com/;
        connect-src 'self'
            https://*.hotjar.com:*
            https://vc.hotjar.io:*
            wss://*.hotjar.com
            https://www.google-analytics.com
            https://*.odigeoconnect.com;
        report-uri https://csp.odigeoconnect.com/csp; 1
default-src 'self'; report-uri learndjango.report-uri.com 1
worker-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri https://csp.firstscribe.com/culliganwater.com; 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com *.hotjar.com *.facebook.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.gstatic.com *.google.com *.googleapis.com *.facebook.com *.cloudfront.net 'self' 'unsafe-inline'; script-src *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cardinalcommerce.com *.pingdom.net https://www.google.com *.googleapis.com *.googletagmanager.com *.payments-amazon.com translate.google.com *.hotjar.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.amazon.com *.pingdom.net *.hotjar.com *.hotjar.io *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
report-uri https://sakshat.ac.in/index.php?rest_route=/reporting-api/v1/reporting; report-to default 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:;  object-src 'self'; font-src https: data:; script-src 'nonce-bab1c1dd-242a-44e5-a4e9-01851455598b' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
font-src *.achatpc.com *.bootstrapcdn.com *.tawk.to *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.achatpc.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.achatpc.com *.twitter.com *.demdex.net *.eetgroup.com *.addthis.com *.trustpilot.com *.facebook.com *.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.achatpc.com *.getfirebug.com *.everesttech.net *.omtrdc.net *.demdex.net *.safemage.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.jsdelivr.net *.google.com *.facebook.com *.google.co.in *.cloudfront.net *.atdmt.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.achatpc.com *.getfirebug.com *.trustpilot.com *.addthis.com *.moatads.com *.tawk.to *.facebook.net *.addthisedge.com *.jsdelivr.net *.trackedlink.net *.payments-amazon.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.achatpc.com *.jsdelivr.net *.getfirebug.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.achatpc.com *.addthis.com *.demdex.net *.tawk.to *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.amazon.com *.amazon.de *.amazon.fr *.amazon.es *.amazon.it 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.achatpc.com/; report-to report-endpoint; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';style-src * 'unsafe-inline';font-src 'self' data: https://fonts.gstatic.com https://i00.eu;script-src * 'unsafe-inline';form-action 'self';frame-src https://www.facebook.com;img-src * data:;media-src 'self';manifest-src 'self';report-uri https://report-uri.simplia.cz/prod/csp-frontend 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'nonce-atndT3IChTud0mJobbKNPysRGac=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://decodoma.report-uri.com/r/d/csp/reportOnly 1
default-src https:;
    script-src https: 'unsafe-eval' 'unsafe-inline';
    style-src https: 'unsafe-inline';
    img-src https: data:;
    font-src https: data:;
    report-uri /csp-report 1
default-src https: 'self'; style-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; img-src 'self' data: https://www.google-analytics.com https://library.northeastern.edu https://librarystaff.neu.edu https://repository.library.northeastern.edu https://secure.gravatar.com https://jwpltx.com https://s.w.org eval:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:; script-src 'self' https://www.google-analytics.com https://ssl.p.jwpcdn.com https://code.jquery.com ; report-uri https://nults.report-uri.com/r/d/csp/reportOnly ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.jscache.com https://*.google-analytics.com https://connect.facebook.net https://d2h91ryym5ztec.cloudfront.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://www.youtube.com https://reservations.verticalbooking.com https://www.tripadvisor.com https://cdn.callrail.com https://s.ytimg.com https://www.googletagmanager.com https://beacon.sojern.com https://bat.bing.com https://*.hotjar.com https://*.google.com https://static.tacdn.com https://js.callrail.com; img-src 'self' https://ad.doubleclick.net static.agkn.com https://*.google-analytics.com https://*.facebook.com https://p.travelsmarter.net https://aa.agkn.com https://tapestry.tapad.com https://adservice.google.com https://bidagent.xad.com https://pixel.sojern.com https://www.tripadvisor.com d2h91ryym5ztec.cloudfront.net; style-src 'self' 'unsafe-inline' https://www.tripadvisor.com  https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d2h91ryym5ztec.cloudfront.net https://static.tacdn.com code.jquery.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://d2h91ryym5ztec.cloudfront.net maxcdn.bootstrapcdn.com; frame-src https://*.facebook.com; object-src 'none'; media-src 'self' https://s3.amazonaws.com; connect-src 'self' js.callrail.com; report-uri https://monteverdituscany.report-uri.com/r/d/csp/reportOnly; frame-ancestors 'self' 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://geodata.rivm.nl https://acceptatie.geodata.rivm.nl https://platform.twitter.com/ https://syndication.twitter.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; report-uri /report-csp-violation 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=b98ecdc77af4c09563bb741cf1c4548e 1
default-src 'self'; 1
font-src *.bootstrapcdn.com *.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.youtube.com *.hotjar.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.fr *.facebook.net *.facebook.com *.pinterest.com personnaliser.c-monetiquette.fr 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.hotjar.com *.googletagmanager.com *.google-analytics.com *.trustpilot.com *.facebook.net *.pinimg.com googleads.g.doubleclick.net tag.aticdn.net img.metaffiliation.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com wgn.c-monetiquette.fr www.google-analytics.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' www.google-analytics.com *.googleapis.com www.googletagmanager.com *.hotjar.com connect.facebook.net plus.browsealoud.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.googleapis.com www.googletagmanager.com *.hotjar.com connect.facebook.net plus.browsealoud.com maxcdn.bootstrapcdn.com; img-src * ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' *.hotjar.com plus.browsealoud.com; frame-src 'self' *.hotjar.com; report-uri https://colegcambria.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests; default-src data: blog: 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com secure.livechatinc.com s3.amazonaws.com bat.bing.com connect.facebook.net *.doubleclick.net *.addthis.com *.addthisedge.com *.googleapis.com *.google.com *.hotjar.com *.districtm.ca *.newrelic.com *.nr-data.net; font-src 'self' maxcdn.bootstrapcdn.com cdn.livechatinc.com fonts.gstatic.com themes.googleusercontent.com; img-src 'self' 'data' www.google-analytics.com www.facebook.com www.google.com www.google.ca *.livechatinc.com *.doubleclick.net bat.bing.com www.paypalobjects.com maps.gstatic.com maps.googleapis.com *.districtm.ca *.adnxs.com; frame-src 'self' bid.g.doubleclick.net *.livechatinc.com *.addthis.com *.youtube.com *.google.com *.hotjar.com connect.facebook.net *.newrelic.com; connect-src 'self' *.addthis.com *.hotjar.com www.google-analytics.com; report-uri /csp-test.php 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://9e49880b0992168725768dd6545bc97a.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://translate.google.com https://translate.googleapis.com https://bat.bing.com https://m.addthis.com https://widget.intercom.io  https://app.intercom.io https://js.intercomcdn.com https://platform-api.sharethis.com https://m.addthisedge.com https://buttons-config.sharethis.com https://s7.addthis.com https://inlinemanual.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://code.jquery.com https://cdn.syndication.twimg.com https://stackpath.bootstrapcdn.com; style-src-elem * 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://translate.googleapis.com https://translate.googleapis.com/* https://translate.google.com https://platform-api.sharethis.com https://widget.intercom.io https://code.jquery.com https://js.intercomcdn.com https://connect.facebook.net; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://platform.twitter.com https://ton.twimg.com; connect-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://twitter.com https://firebasestorage.googleapis.com https://staticxx.facebook.com https://www.facebook.com https://c.sharethis.mgr.consensu.org https://syndication.twitter.com https://platform.twitter.com https://s7.addthis.com; object-src 'none'; media-src * 'unsafe-inline'; report-uri api/v1/public/reports 1
child-src 'self' maps.google.nl www.google.com; connect-src 'self' www.haarlem.nl *.googleapis.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: *.global.siteimproveanalytics.io www.google-analytics.com translate.google.com ssl.siteimprove.com *.gstatic.com *.googleapis.com; object-src 'self'; script- src 'self' 'unsafe-inline' 'unsafe-eval' siteimproveanalytics.com www.google-analytics.com translate.google.com *.googleapis.com www.vrk.nl; style-src 'self' fonts.googleapis.com *.googleapis.com 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; report-uri https://haarlem.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: use.fontawesome.com https://*.hotjar.com https://code.jquery.com https://maxcdn.bootstrapcdn.com www.google-analytics.com cdn.ckeditor.com https://www.google.com https://embed.tawk.to https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://appcenter.intuit.com ajax.googleapis.com https://www.googletagmanager.com https://d3rxaij56vjege.cloudfront.net https://www.gstatic.com; style-src 'self' 'unsafe-inline' use.fontawesome.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://code.jquery.com cdn.ckeditor.com https://cdn.jsdelivr.net https://appcenter.intuit.com https://*.hotjar.com https://www.google-analytics.com https://www.google.com https://embed.tawk.to https://www.gstatic.com; img-src 'self' data: https://*.insureship.com https://stats.g.doubleclick.net www.google-analytics.com cdn.ckeditor.com https://static-v.tawk.to https://appcenter.intuit.comcdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://code.jquery.com https://cdn.jsdelivr.net https://appcenter.intuit.com https://*.hotjar.com https://www.google-analytics.com https://www.google.com https://embed.tawk.to https://www.gstatic.com https://cdnjs.cloudflare.com https://www.google-analytics.com; font-src 'self' data: use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://static-v.tawk.to https://maxcdn.bootstrapcdn.com; connect-src 'self' https://www.google-analytics.com https://*.tawk.to wss://*.tawk.to https://*.hotjar.com; media-src 'self' https://s3.us-east-2.amazonaws.com https://static-v.tawk.to; frame-src https://vars.hotjar.com https://www.google.com https://va.tawk.to; frame-ancestors 'self'; form-action 'self' https://va.tawk.to; base-uri 'none'; manifest-src 'self'; report-uri https://insureship.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com wlresults.westlotto.com ergebnisse.westlotto.com www.youtube.com error.westlotto.de www.paypal.com www.paypalobjects.com data: blob: ; script-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com tags.tiqcdn.com t23.intelliad.de js.braintreegateway.com bs.serving-sys.com secure-ds.serving-sys.com www.paypalobjects.com c.paypal.com www.paypal.com connect.facebook.net maps.googleapis.com data1.open-dog.com www.google-analytics.com s3.amazonaws.com www.googletagmanager.com www.pagespeed-mod.com 'unsafe-inline' 'unsafe-eval' data: blob: ; script-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com tags.tiqcdn.com t23.intelliad.de js.braintreegateway.com maps.googleapis.com www.paypalobjects.com c.paypal.com www.paypal.com bs.serving-sys.com secure-ds.serving-sys.com connect.facebook.net www.google-analytics.com www.pagespeed-mod.com data1.bresera.com 'unsafe-inline' 'unsafe-eval' data: ; style-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com fonts.googleapis.com translate.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com client-analytics.braintreegateway.com api.braintreegateway.com api.braintreegateway.com payments.braintree-api.com www.paypal.com steganos-api.ciuvo.com www.facebook.com wss://www.westlotto.de 'unsafe-inline' 'unsafe-eval'; font-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com www.eurojackpot.de eurojackpot.de www.eurojackpot.com eurojackpot.com fonts.gstatic.com data: ; img-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com csi.gstatic.com maps.gstatic.com www.gstatic.com maps.googleapis.com www.google-analytics.com westlotto01.webtrekk.net app-westlotto.loyjoy.com westlotto.loyjoy.com fbc.wcfbc.net lh3.ggpht.com www.facebook.com www.awin1.com c.paypal.com t.paypal.com *.stats.paypal.com c6.paypal.com translate.google.com stats.g.doubleclick.net cx.atdmt.com www.paypal.com www.paypalobjects.com data: blob: ; child-src 'self' www.westlotto.com westlotto.com www.westlotto.de westlotto.de ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de partners.webmasterplan.com; frame-src 'self' www.westlotto.com westlotto.com www.westlotto.de westlotto.de ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de westlotto-job.perbit-job.de partners.webmasterplan.com c.paypal.com www.paypal.com data: ; block-all-mixed-content; reflected-xss block; base-uri 'self'; report-uri https://720d8194ee90af5a13ab9860df5df23d.report-uri.com/r/d/csp/reportOnly 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws:; report-uri /csp-violation-report-endpoint/ 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 1
default-src 'self' *.facebook.com *.fbcdn.net *.google-analytics.com *.doubleclick.net *.bing.com secure.adnxs.com *.google.com *.google.it go.turboadv.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.bing.com *.turboadv.com;               style-src 'self' 'unsafe-inline' fonts.googleapis.com;              font-src 'self' fonts.gstatic.com;              report-uri /none; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com script.hotjar.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com vars.hotjar.com widget.trustpilot.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google-analytics.com stats.g.doubleclick.net thumbs.nosto.com cdn.nosto.com data: maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google-analytics.com static.hotjar.com script.hotjar.com vars.hotjar.com widget.intercom.io js.intercomcdn.com connect.nosto.com widget.trustpilot.com invitejs.trustpilot.com js-agent.newrelic.com bam.eu01.nr-data.net maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com googleapis.com static.hotjar.com script.hotjar.com vars.hotjar.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io connect.nosto.com stats.g.doubleclick.net bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' junfermann.de www.junfermann.de captcha.wirth-horn.de cookiemanager.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://fonts.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://www.blickinsbuch.de https://appjs.blickinsbuch.de https://www.instagram.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
frame-ancestors 'self'; default-src 'self' https:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' https: data:; report-uri https://concordia.report-uri.com/r/d/csp/reportOnly; 1
default-src https:; form-action https:; report-uri:https://openmikes.report-uri.com/r/d/csp/reportOnly 1
font-src *.relaxdays.com www.gstatic.com 'self' 'unsafe-inline'; form-action https://www.sandbox.paypal.com www.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.it-recht-kanzlei.de *.relaxdays.com data: i.pinimg.com log.pinterest.com *.g.doubleclick.net www.google.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.co.uk www.googletagmanager.com www.facebook.com *.cloudfront.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.relaxdays.com assets.pinterest.com widgets.pinterest.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net googleads.g.doubleclick.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.relaxdays.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src *.relaxdays.com www.google-analytics.com www.google.com www.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' asset; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com/; report-uri //joinpage.webbilling.com/logservice.php 1
script-src 'nonce-YhhpMlu7xwUlnrAh2MpPtA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com use.typekit.net p.typekit.net; script-src 'self' 'unsafe-inline' maps.google.com maps.googleapis.com googletagmanager.com www.googletagmanager.com siteimproveanalytics.com google-analytics.com www.google-analytics.com *.cloudfront.net connect.facebook.net *.player.vimeo.com 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com 'unsafe-eval' .plot.ly scotland.shinyapps.io; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.tiles.mapbox.com/ https://code.jquery.com/ https://unpkg.com/ https://fonts.gstatic.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://ajax.googleapis.com/ www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.tiles.mapbox.com/ https://code.jquery.com/ https://unpkg.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://ajax.googleapis.com/ www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; object-src 'self'; connect-src 'self' 'unsafe-inline';img-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com/ https://unpkg.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ www.google.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net data: ; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://unpkg.com/ https://fonts.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/;  1
default-src 'self'; img-src 'self' https: data: blob:; connect-src 'self' blob:; frame-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:;  report-uri https://9ec04c4fa675be0bd04813b93ed11342.report-uri.com/r/d/csp/reportOnly; 1
worker-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri https://csp.firstscribe.com/thefoundrypublishing.com; 1
script-src 'unsafe-inline' 'unsafe-eval' http: https: 1
default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1
img-src 'self' *.etnetera.cz 'unsafe-inline' data: *; script-src 'unsafe-inline' 'strict-dynamic' 'nonce-Z0rHmYEn3uBoVer5mTO9Hm00V87BtOYx'; style-src 'self' *.etnetera.cz fonts.googleapis.com 'unsafe-inline'; report-uri https://sentry-csp.etnetera.cz/api/2/csp-report/?sentry_key=6a19ac8d3fd2460781f226b489931769 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://adservice.google.com https://adservice.google.co.jp https://*.googleapis.com https://maps.google.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://googleads.g.doubleclick.net; img-src 'self' https://www.google-analytics.com https://maps.gstatic.com https://*.googleapis.com; connect-src 'self' https://www.google-analytics.com; report-uri https://report-uri.appspot.com/987194809741479936?ro=1 1
script-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com gitcdn.github.io www.google-analytics.com kit.fontawesome.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com gitcdn.github.io cdnjs.cloudflare.com kit-free.fontawesome.com; img-src 'self' data: www.google-analytics.com code.jquery.com ffbeequip.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com kit-free.fontawesome.com; connect-src 'self' www.google-analytics.com firebasestorage.googleapis.com https://api.github.com https://discordapp.com https://api.imgur.com/3/image; media-src 'none'; object-src 'none'; child-src 'self'; worker-src 'self'; frame-src 'self'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://ffbeequip.report-uri.com/r/d/csp/reportOnly 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.kxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' appointments-production-f.squarecdn.com square.site squareup.com maxcdn.bootstrapcdn.com; connect-src 'self' appointments-production-f.squarecdn.com square.site squareup.com data-platform-staging.squarecloudservices.com data-platform.squarecloudservices.com api2.branch.io conversations-production-f.squarecdn.com conversations-production-c.squarecdn.com; img-src 'self' data: api.mapbox.com *.tiles.mapbox.com square-go-production.s3.amazonaws.com/ s3.amazonaws.com/square-dashboard-production/ www.google-analytics.com api.squareup.com appointments-production.s3.amazonaws.com/ square-web-production-f.squarecdn.com appointments-production-f.squarecdn.com d1g145x70srn7h.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' appointments-production-f.squarecdn.com js-agent.newrelic.com/ bam.nr-data.net/ cdn.branch.io/ api2.branch.io/ app.link/ ajax.googleapis.com maxcdn.bootstrapcdn.com conversations-production-f.squarecdn.com conversations-production-c.squarecdn.com; style-src 'self' blob: 'unsafe-inline' appointments-production-f.squarecdn.com maxcdn.bootstrapcdn.com; report-uri https://squareup.com/1.0/as-reporter/csp/E-g-3sEcG3-1DHsDEIhKGqOrreQ_KmM23fhp_JMWVt34xrVL 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.cloudmaestro.com img06.en25.com app.usercentrics.eu *.svc.dynamics.com player.vimeo.com maps.googleapis.com s.ytimg.com www.youtube.com evidon.mgr.consensu.org js-agent.newrelic.com bam.nr-data.net www.googletagmanager.com www.google-analytics.com *.evidon.com evidon.mgr.consensu.org www.google.com www.gstatic.com www.swarovski-lighting.com swarovski-lighting.com www.schonbek.com schonbek.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com s.ytimg.com data: www.bauer-plus.de www.google-analytics.com stats.g.doubleclick.net www.etracker.de 'self' 'unsafe-inline'; script-src s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com static.etracker.com code.etracker.com www.etracker.de www.googletagmanager.com www.google-analytics.com www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.etracker.de 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /general/csp/; report-to report-endpoint; 1
base-uri 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-c3abde0e-193'; object-src 'self'; img-src 'self' *.regenwald.org data:; connect-src 'self'; block-all-mixed-content; report-uri /csp-violation-report/c3abde0e-193 1
worker-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri https://csp.firstscribe.com/biprousa.com; 1
default-src 'self'; style-src 'self'; connect-src stats.g.doubleclick.net www.google-analytics.com; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src www.google-analytics.com; script-src-elem www.google-analytics.com www.google.com 'unsafe-inline' cse.google.com; style-src-elem 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com www.google.com 'unsafe-inline'; script-src www.google.com; report-uri https://cspreporturi525.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.be ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.be *.spreadshirt.be ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.be ; font-src 'self' https: data: *.spreadshirt.be ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.be ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.be ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com oss.maxcdn.com www.googletagmanager.com www.google.com *.gstatic.com *.googleapis.com *.kameleoon.com *.kameleoon.eu platform.linkedin.com platform.twitter.com connect.facebook.net *.amazonaws.com static.sfam.group; upgrade-insecure-requests; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src js.klevu.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com thumbs.nosto.com js.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com connect.nosto.com js.klevu.com www.dwin1.com www.google.com www.gstatic.com www.googletagmanager.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com connect.nosto.com js-agent.newrelic.com bam.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.pl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.pl *.spreadshirt.pl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.pl ; font-src 'self' https: data: *.spreadshirt.pl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.pl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.pl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src *.go2tigers.com 'self' 'unsafe-eval' 'unsafe-inline' *.wistia.net *.jquery.com *.googleapis.com *.gstatic.com *.google.com         tigers-web1-staging.azurewebsites.net tigers-web1.azurewebsites.net *.fontawesome.com *.facebook.com *.tawk.to cdnjs.cloudflare.com        cdn.jsdelivr.net *.google-analytics.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net *.trendmicro.com *.yoast.com;      form-action 'self';     frame-ancestors 'none';     report-uri https://go2tigersmainsite.report-uri.com/r/d/csp/wizard 1
default-src https://www.google.com https://maps.google.com  https://stats.g.doubleclick.net  https://www.google-analytics.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; font-src data: https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' http://fonts.googleapis.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; object-src https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; img-src https://www.google.com https://www.google.pl https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://www.google-analytics.com data:; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.questionpoint.org; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src *.questionpoint.org; upgrade-insecure-requests 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.no ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.no *.spreadshirt.no ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.no ; font-src 'self' https: data: *.spreadshirt.no ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.no ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.no ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://www.google-analytics.com https://performance.typekit.net; font-src 'self' https://wp-static.assets.sh https://use.typekit.net; frame-src 'self' https://www.googletagmanager.com https://player.vimeo.com; img-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.be https://www.google.com https://p.typekit.net https://i.vimeocdn.com data: https://hugoandmarie-wp.imgix.net; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://player.vimeo.com https://vimeo.com https://vod-progressive.akamaized.net; script-src 'self' 'unsafe-inline' https://polyfill.io https://wp-static.assets.sh https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net https://s3.amazonaws.com https://hugoandmarie.us12.list-manage.com/subscribe/post-json https://s3.amazonaws.com/downloads.mailchimp.com/js/; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://use.typekit.net https://p.typekit.net; worker-src 'self' https://wp-static.assets.sh; frame-ancestors 'none'; form-action 'self' https://hugoandmarie.us12.list-manage.com; report-uri https://mrhenry.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests;default-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; script-src 'nonce-OaNBioXvYSL+yiABesXgBfuvXNg=' 'unsafe-inline' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; img-src 'unsafe-inline' 'data:' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; style-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com'unsafe-inline'; report-uri /event/csp-violation 1
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' *.favorengineering.com *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' cdn.siftscience.com js.stripe.com maps.googleapis.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard 1
default-src https:;   connect-src https: ws://10.1.13.34;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;   font-src https: 'self' data:;   img-src 'self' data: https: https://zradio.org;   style-src 'self' https: 'unsafe-inline';   object-src 'none';   report-uri https://csp.zradio.org/ 1
base-uri 'none'; default-src 'none'; child-src blob:; font-src data: assets.castupload.com https://fonts.gstatic.com; img-src 'self' data: android-webview-video-poster: android-webview: assets.castupload.com https://d205pfv3qf1itp.cloudfront.net static.castupload.com https://www.pro.castupload.com; media-src static.castupload.com; object-src 'none'; form-action 'self' https://*.facebook.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'report-sample' assets.castupload.com 'nonce-LXlJLFw+u/e/1pE+IOiAkA=='; style-src 'unsafe-inline' assets.castupload.com https://fonts.googleapis.com; connect-src 'self' https://castupload-com.s3-eu-west-1.amazonaws.com https://api.rollbar.com; block-all-mixed-content; manifest-src 'self'; frame-ancestors 'none'; report-uri https://o384298.ingest.sentry.io/api/5215332/security/?sentry_key=e8deefcb271f4ecbabf96cf79f0fe558 1
default-src https://www.jufmelis.nl; 1
base-uri 'self';script-src https://*.cnzz.com https://*.tbcdn.cn https://*.alicdn.com https://ynuf.aliapp.org http://alimei-sub.sg.aliyun.com http://*.alicdn.com http://*.tbcdn.cn https://alimei-sub.sg.aliyun.com https://*.alibaba-inc.com http://*.mxhichina.com https://*.mxhichina.com http://ynuf.aliapp.org http://*.cnzz.com http://*.alibaba-inc.com 'nonce-dC0zOTc0ODAtZVp1Sk406754' 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'sha256-5ZESDry5Jdgh27TvZdoin5zkV6TF0poectvQPYNk56c=';object-src 'self';frame-src https://*.aliyun.com https://*.alibaba-inc.com http://*.mxhichina.com https://*.mxhichina.com http://*.alibaba.com http://*.alibaba-inc.com http://*.aliyun.com https://*.alibaba.com 'self';report-uri /alimail/browser_csp_result 1
font-src *.klevu.com *.trustedshops.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.klarna.com *.adyen.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://cdn.klarna.com *.paypal.com *.klevu.com *.omtrdc.net *.trustedshops.com *.klarnaevt.com *.adyen.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.paypal.com *.paypalobjects.com *.newrelic.com *.google.com *.gstatic.com *.nr-data.net *.getflowbox.com *.trustedshops.com *.klevu.com *.trackedlink.net *.klarna.com *.adyen.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.trustedshops.com *.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.vimeo.com *.wistia.net *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nr-data.net *.demdex.net *.vimeo.com *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com widgets.trustedshops.com 'self' data: https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net payments.amazon.de payments-de-sandbox.amazon.com payments-eu.amazon.com/ amazon.com amazon.de www.paypal.com cdn.klarna.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.gstatic.com www.google.com amazon.com amazon.de static-eu.payments-amazon.com payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de payments-eu.amazon.com/ www.top50-solar.de widgets.trustedshops.com *.addthis.com https://www.google.com 'self' 'unsafe-inline'; img-src 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.photovoltaik-shop.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net www.gstatic.com www.google.com *.google.com *.google.de *.google.ch *.google.dk *.google.at *.google.se *.google.fi *.google.fr amasty.com amazon.com payments-eu.amazon.com/ payments.amazon.de payments-de.amazon.com static-eu.payments-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com payments-de-sandbox.amazon.com d23yuld0pofhhw.cloudfront.net www.top50-solar.de widgets.trustedshops.com tracking.qa.paypal.com cdn.klarna.com www.magecomp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.photovoltaik-shop.com *.google-analytics.com www.google-analytics.com/analytics.js maps.googleapis.com www.gstatic.com www.google.com www.google.de www.google.dk www.google.at www.google.se www.google.fi www.google.fr www.google.ch static-eu.payments-amazon.com payments-de-sandbox.amazon.com www.top50-solar.de widgets.trustedshops.com cdnjs.cloudflare.com code.jquery.com *.addthis.com *.moatads.com *.addthisedge.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com widgets.trustedshops.com maxcdn.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com stats.g.doubleclick.net www.google-analytics.com payments-de-sandbox.amazon.com *.amazon.de payments.amazon.de payments-eu.amazon.com/ *.amazon.com *.amazon.fr *.amazon.dk *.amazon.fi *.amazon.se *.amazon.ch www.paypal.com trustbadge.api.etrusted.com api.trustbadge.etrusted.com api.trustedshops.com shops-si.trustedshops.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /pub/report.php; report-to report-endpoint; 1
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/; 1
default-src 'self' https: ; connect-src https: wss:; frame-src https: *.webin.info;  script-src https: 'unsafe-eval' 'unsafe-inline' *.googleapis.com;  style-src https: 'unsafe-inline' *.googleapis.com;  img-src https: data: *.automusic.ru *.forextimes.ru *.photobucket.com forextimes.ru;  font-src https: data: fonts.googleapis.com;  report-uri /csp-report.php 1
script-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net api.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://* 'self'; connect-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net api.omappapi.com; report-uri /ajax/content_policy_violation.php 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ioteams.com https://hm.baidu.com https://assets.growingio.com https://res.wx.qq.com; report-uri https://monitor.fe.ioteams.com/csp-report 1
block-all-mixed-content; report-uri https://sentry.io/api/1185627/csp-report/?sentry_key=093e2f72c47a4fe3a90d61aa5f2f8d7a; default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' wss:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; base-uri 'self' https://optimize.google.com; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: android-webview-video-poster: data: *; report-uri https://sentry.io/api/119503/security/?sentry_key=06825940ca0b4f8da5840b18b93bc640 1
report-uri https://sentry.pressly.io/api/undefined/csp-report/?sentry_key=undefined; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 http://dev.pressly.io about: data: https: 1
script-src spir.hit.gemius.pl track.adform.net ssl.heureka.cz im9.cz c.imedia.cz api.mapy.cz www.heureka.cz *.mapy.cz script.hotjar.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net static.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com api.mapy.cz 'unsafe-inline' 'self'; report-uri /csp 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver 1
default-src https:; media-src blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 1
script-src 'self' 'unsafe-inline' www.google-analytics.com connect.facebook.net; report-uri https://spoortz.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.siinergy.net themes.googleusercontent.com *.typekit.net https://api.mapbox.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; report-uri https://sii-group.com/fr-FR/report-uri/reportOnly 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-Xh5D4PxzPhHYG5yFlAqF6nYr8jc'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
base-uri 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-d1588ba3-193'; object-src 'self'; img-src 'self' *.regenwald.org data:; connect-src 'self'; block-all-mixed-content; report-uri /csp-violation-report/d1588ba3-193 1
font-src www.google-analytics.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.dcmn.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: www.googletagmanager.com t.dcmn.io *.tvsquared.com *.doubleclick.net *.google.com *.google.it 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.google.com *.gstatic.com *.chimpstatic.com *.googletagmanager.com *.nr-data.net *.newrelic.com *.tvsquared.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1