Values for x-content-security-policy:
default-src 'self'; img-src *; media-src * data:; 1,187
frame-ancestors 'self' 408
allow 'self'; 65
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookiepro.com https://*.onetrust.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiepro.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://*.cookiepro.com; style-src 'self' 'unsafe-inline' 57
default-src 'self'; script-src 'self'; 47
img-src *; media-src * data:; 39
report-uri /report-csp-violation 38
report-uri /report-csp-violation; upgrade-insecure-requests 31
default-src 'self' 'unsafe-inline' 31
upgrade-insecure-requests; 27
default-src 'self' 22
upgrade-insecure-requests 19
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; worker-src 'self' blob:; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; report-to https://glsgroup.report-uri.io/r/default/csp/enforce; 16
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob: 15
allow 'self'; media-src *; img-src *; script-src *; style-src *; 14
frame-ancestors 'none' 13
default-src 'self'; 13
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 11
sandbox allow-scripts allow-popups allow-same-origin; 10
default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 10
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 10
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 10
default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 9
script-src 'self' 7
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 7
self 7
block-all-mixed-content 6
allow-scripts allow-popups allow-same-origin; 6
frame-ancestors 'self'; 6
frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 6
frame-ancestors https://*.ptc.com https://livesocial.seismic.com https://*.qualified.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com https://support.rockwellautomation.com 5
default-src \'self\'; img-src *; media-src * data:; 5
frame-ancestors https://app.storyblok.com/ 5
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 5
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com 4
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://js.adsrvr.org https://go.affec.tv https://bat.bing.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://snap.licdn.com https://tracking.g2crowd.com https://connect.facebook.net *.visualwebsiteoptimizer.com https://app.vwo.com *.sharethis.com https://unpkg.com https://d1hgczpbubj217.cloudfront.net https://app-static.turtl.co https://js.zi-scripts.com *.mutinycdn.com https://www.clarity.ms https://scripts.clarity.ms *.roundprinceweb.com https://www.redditstatic.com https://go.proofpoint.com https://www.google.com https://www.gstatic.com https://www.buzzsprout.com https://extend.vimeocdn.com https://storage.googleapis.com https://js.navattic.com https://js.qualified.com https://wpaassets.blob.core.windows.net https://www.youtube.com https://vimeo.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com *.qualified.com; report-uri /report-csp-violation 4
nosniff 4
default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 4
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 4
4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report 4
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 4
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.southernliving.com; upgrade-insecure-requests; 3
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.parents.com; upgrade-insecure-requests; 3
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 3
base-uri 'self' https://*.vbrick.com;child-src 'self' https://*.vbrick.com;connect-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com  https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com  https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; script-src-elem: cdn.dashjs.org; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self' datawrapper.dwcdn.net; 3
block-all-mixed-content; connect-src 'self' www.dreamland.be www.dreamland.nl https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu https://ct.pinterest.com https://*.clarity.ms/ https://sst.dreamland.be; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://f1-contest.com https://desk.zoho.eu https://ar.salta.com https://www.googletagmanager.com https://td.doubleclick.net https://ct.pinterest.com https://*.cloudflare.com https://dreamlandbe.zohodesk.eu https://sst.dreamland.be https://*.g.doubleclick.net; img-src 'self' data: about: www.dreamland.be www.dreamland.nl https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://*.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com https://sst.dreamland.be; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com; upgrade-insecure-requests 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.localizecdn.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net  *.ada.support *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io assets.gyant.com pds.fabrichealth.com pds.stage.fabrichealth.com pds.qa.fabrichealth.com pds.dev.fabrichealth.com *.kameleoon.com *.kameleoon.io *.kameleoon.eu *.kameleoon.net; upgrade-insecure-requests 3
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 3
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 3
default-src 'self'; img-src *; media-src * data: 3
default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com energieag.cdn.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com static.cloudflareinsights.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com *.openstreetmap.org *.tiktok.com *.tiktokw.us *.snapchat.com *.adnxs.com 'unsafe-inline' 'unsafe-eval' data: 3
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 3
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 3
frame-ancestors *; report-uri /report-csp-violation 3
frame-ancestors 'self' weleda.sabio.de 3
default-src 'self'; script-src 'unsafe-inline'  'unsafe-eval'  'self' *.bizzdesign.com pi.pardot.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com *.googleadservices.com www.youtube.com bizzdesign.chilipiper.com *.alfabetcloud.com cdn-cookieyes.com *.bing.com *.licdn.com *.oktopost.com js.zi-scripts.com tag.aticdn.net www.redditstatic.com a.quora.com bizzdesign.chilipiper.com fast.wistia.net api.ipify.org moderate.cleantalk.org fd.cleantalk.org dywrfp5ctng3l.cloudfront.net blob: ; object-src 'self' *.bizzdesign.com; style-src 'unsafe-inline' 'self' *.bizzdesign.com cdn.jsdelivr.net dywrfp5ctng3l.cloudfront.net; img-src data: 'self' *.bizzdesign.com *.bing.com cdn-cookieyes.com *.linkedin.com *.bing.com cdn-cookieyes.com www.googletagmanager.com *.google.com *.google.fr *.google.be *.google.de *.google.nl *.google.co.uk *.google.es q.quora.com alb.reddit.com bizzdesign.chilipiper.com stats.g.doubleclick.net; media-src data: 'self' *.bizzdesign.com; frame-src 'self' td.doubleclick.net www.googletagmanager.com www.youtube.com *.bizzdesign.com bizzdesign.chilipiper.com splunk-prod.alfabetcloud.com fast.wistia.net www.google.com/; frame-ancestors 'self' *.bizzdesign.com; child-src 'self' *.bizzdesign.com ; font-src 'self' *.bizzdesign.com fonts.gstatic.com; connect-src 'self' *.bizzdesign.com px.ads.linkedin.com *.clarity.ms bat.bing.net js.zi-scripts.com google.com  *.google.com  ws.zoominfo.com bat.bing.com www.google-analytics.com *.doubleclick.net scout.salesloft.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.hotjar.io wss://ws.hotjar.com *.cookieyes.com cdn-cookieyes.com gjzbjmh.pa-cd.com pixel-config.reddit.com www.redditstatic.com cdn.jsdelivr.net bizzdesign.chilipiper.com pipedream.wistia.com fast.wistia.net fd.cleantalk.org bizzdesign.pinpointhq.com; report-uri /policies/privacy-policy; upgrade-insecure-requests 3
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-96ggqj2n7-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com https://*.bablic.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 3
default-src 'self' *.google.com *.axa-assistance.cz *.axa-assistance.sk *.axa-assistance.pl *.axa-assistance.at *.axa-assistance.hu *.axa-assistance.de 3
default-src 'self' *.optimizely.com  wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 3
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://storage.googleapis.com https://cdn.jsdelivr.net https://malsup.github.io https://static.cloudflareinsights.com https://telegram.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://netdna.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://www.gstatic.com https://netdna.bootstrapcdn.com data:; img-src 'self' data: https: blob:; media-src 'self' data: blob:; connect-src 'self' blob: https://api.pwagroup.ai wss://api.pwagroup.ai https://ads.pwagroup.ai https://preview.pwagroup.ai https://sentry.pwastage.xyz https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://malsup.github.io https://telegram.org https://oauth.telegram.org; worker-src 'self' blob:; manifest-src 'self'; frame-src https://telegram.org https://oauth.telegram.org https://preview.pwagroup.ai https://www.youtube.com; frame-ancestors 'self' https://dash.pwa.group https://preview.pwa.group https://*.pwa.group https://*.pwagroup.ai; base-uri 'self'; form-action 'self' https://preview.pwagroup.ai; object-src 'none'; upgrade-insecure-requests; report-uri https://dash.pwa.group/api/101/csp-report; 3
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellhealth.com; upgrade-insecure-requests; 2
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.liveabout.com; upgrade-insecure-requests; 2
frame-ancestors www.red-gate.com; 2
script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'  2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thebalancemoney.com; upgrade-insecure-requests; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com 'self' https://webapps.itmc.tu-dortmund.de https://service.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googlesyndication.com www.googletagmanager.com https://connect.facebook.net https://www.facebook.com http://www.instagram.com/embed.js https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://vimeo.com https://prismic.io https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://va.vercel-scripts.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live https://us-central1-relyance-ext.cloudfunctions.net https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://www.googletagmanager.com *.tiktok.com *.ttwstatic.com *.onetrust.com 'unsafe-inline'; connect-src 'self' https://*.googlesyndication.com www.googletagmanager.com https://www.facebook.com https://www.google.com/ https://connect.facebook.net https://app-backend.toolsforhumanity.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://vault.pactsafe.io https://secure.ethicspoint.com https://geolocation.onetrust.com https://metrics.worldcoin.org https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://player.vimeo.com https://vimeo.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://us-central1-relyance-ext.cloudfunctions.net https://fleet.orb.worldcoin.org https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com world.org *.vimeocdn.com *.gstatic.com *.tiktokw.us *.tiktok.com *.ttwstatic.com *.onetrust.com; img-src 'self' blob: data: www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://raw.githubusercontent.com world.org *.gstatic.com *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://raw.githubusercontent.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; frame-src 'self' https://www.googletagmanager.com/ https://connect.facebook.net https://www.facebook.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://www.instagram.com https://vimeo.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org https://td.doubleclick.net https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live world.org *.vimeocdn.com *.google.com 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.wikimedia.org *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 2
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com  *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one *.contentsquare.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src 'self' blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se audience.ws.apsis.one *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de *.stage.bio; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data: *.stage.bio; script-src 'self' 'unsafe-inline' 'unsafe-eval' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com *.stage.bio 2
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'none'; script-src 'self' 'sha256-ieoeWczDHkReVBsRBqaal5AFMlBtNjMzgwKvLqi/tSU='; style-src 'self' 'sha256-c7UXWUzN0H2d6Esy8XO3YkQZDAZlKfdWIsW1bupteNY=' 'sha256-De7agAeYqm6ANIVvRRW6HFWi52AJW8inhFE0gSdgXnI=' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; form-action 'self' 2
base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://global.frcapi.com/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://global.frcapi.com/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; connect-src 'self' https://api.friendlycaptcha.com https://piwik.bzga.de https://global.frcapi.com/ 2
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2
frame-ancestors 'none'; 2
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net  https://*.qualtrics.com https://*.piwik.pro https://www.youtube.com/ https://*.googleapis.com https://secure.leadforensics.com/ https://*.hotjar.com ; style-src 'self' 'unsafe-inline' https://*.googleapis.com  https://*.hotjar.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com  https://*.qualtrics.com https://*.legrand.com https://*.legrandgroup.com;; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com https://*.qualtrics.com https://legrand.symex.be;; frame-ancestors https://*.legrand.com https://*.legrandgroup.com https://www.googletagmanager.com https://legrand.symex.be; font-src  https://*.googleapis.com https://*.legrand.com https://*.gstatic.com https://*.hotjar.com; connect-src 'self' https://legrand.symex.be https://www.google-analytics.com https://legrand-plateforme.containers.piwik.pro https://cdn.jsdelivr.net  https://*.qualtrics.com https://*.piwik.pro https://www.youtube.com/ https://*.googleapis.com https://www.youtube-nocookie.com https://*.google-analytics.com https://www.googletagmanager.com www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.pstmn.io https://zer-poc.bzst.de  *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com tracking-api.g2.com www.facebook.com https://lottie.host https://unpkg.com cdn.jsdelivr.net *.onetrust.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us www.googletagmanager.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://unpkg.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com http://muellershop.ch https://muellershop.ch http://*.muellershop.ch https://*.muellershop.ch http://asklio.ai https://asklio.ai http://*.asklio.ai https://*.asklio.ai 2
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com yommaserver.synology.me:5001 *.sli.do; frame-ancestors 'self'; 2
default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; frame-src 'none'; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com cognitoforms.com *.cognitoforms.com typekit.net *.typekit.net static.srcspot.com; frame-ancestors 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; frame-src 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; img-src * data: blob: 'unsafe-inline'; report-uri /nelmio/csp/report 2
frame-ancestors 'self' localhost:* *.tason.com 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
default-src 'self'; \
        script-src 'self' https://ssl.google-analytics.com; \
        img-src 'self' https://ssl.google-analytics.com 2
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' ; object-src 'self' ; frame-src 'self' ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitkainsights.com/ https://*.newrelic.com/ https://*.youtube.com/ https://*.google.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://*.recyclecoach.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; img-src 'self' https://*.youtube.com/ https://*.ytimg.com/ https://*.twimg.com/ https://*.xx.fbcdn.net/ https://*.cdninstagram.com/ https://*.ggpht.com/ https://*.recyclecoach.com/ https://*.tableau.com/ https://*.googletagmanager.com/ https://*.zscloud.net/ https://*.gstatic.com/ https://*.google.com/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; object-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; frame-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; 2
img-src * data:; media-src * data: blob:; 2
block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee *.suvekeskus.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com www.googletagmanager.com embed.figma.com www.figma.com viewer.ipaper.io; report-uri /csp/report 2
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://*.stripe.com/ https://leadbooster-chat.pipedrive.com/ https://*.idea-commerce.com https://www.googleadservices.com/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hscollectedforms.net/ https://*.licdn.com/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://hsadspixel.net/ https://*.facebook.net/ https://cdnjs.cloudflare.com/ https://*.com/recaptcha/ https://*.clickguard.com/ https://*.googleadservices.com/ https://*.googlesyndication.com/ https://*.livechatinc.com/ https://*.chatwoot.com/ https://*.ideaerp.online/ https://*.bing.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://www.google.pl/ https://s.w.org/ https://googleadservices.com/ https://*.linkedin.com/ https://*.hsforms.com/ https://*.facebook.com/ https://*.hubspot.com/ https://*.clickguard.com/ https://*.googletagmanager.com/ https://fonts.gstatic.com/ https://*.livechatinc.com/ https://cdn.files-text.com/ https://cdn.static-text.com/ https://cdn.livechat-static.com/ https://*.ideaerp.online/ https://*.bing.com/ https://*.bing.net/; object-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.clickguard.com/ https://*.livechatinc.com/ https://*.chatwoot.com/ https://*.ideaerp.online/; frame-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.clickguard.com/ https://*.livechatinc.com/ https://*.chatwoot.com/ https://*.ideaerp.online/; 2
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 2
default-src self'; script-src 'self'; 'unsafe-inline' 2
default-src 'self' localhost static.formstack.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: siteimproveanalytics.com js-agent.newrelic.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com www.google.com www.gstatic.com web2.production.gyantts.com *.vimeocdn.com cdnjs.cloudflare.com hcaptcha.com newassets.hcaptcha.com stripe.com *.stripe.com *.stripecdn.com challenges.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.gstatic.com fonts.googleapis.com s3.amazonaws.com *.typekit.net *.vimeocdn.com cdnjs.cloudflare.com js.stripe.com; img-src * data:; media-src assets.gyant.com; form-action 'self' *.formstack.com https://bellin.org http://bellin.docksal.site:8080; frame-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com challenges.cloudflare.com; frame-ancestors 'self'; child-src 'self' blob: www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; font-src 'self' data: fonts.gstatic.com *.typekit.net api.eventcalendarapp.com s3.amazonaws.com *.formstack.com; connect-src 'self' bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com wss://web2.production.gyantts.com web2.production.gyantts.com *.hcaptcha.com stripe.com *.stripe.com; base-uri 'self'; report-uri /report-csp-violation 2
default-src 'self'; script-src  'self' https://l.sharethis.com https://prod.impartner.live https://ellucian25stg.prod.acquia-sites.com https://*.ellucian.com https://code.jquery.com https://packages.prmcdn.io 'unsafe-inline' 'unsafe-eval' https://ws.sharethis.com https://maps.googleapis.com https://jamaica.value-cloud.com https://*.sharethis.com https://www.buzzsprout.com https://consent.cookiebot.com https://www.googletagmanager.com https://cdn.bizible.com https://script.crazyegg.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://munchkin.marketo.net https://abrtp2-cdn.marketo.com https://tag.simpli.fi https://assets.adoberesources.net https://cdn-public.sociabble.com https://cdn01.basis.net  https://www.youtube.com https://googleads.g.doubleclick.net https://tracking.intentsify.io https://consentcdn.cookiebot.com https://js.zi-scripts.com https://j.6sc.co https://i.simpli.fi   https://*.marketo.com https://static.addtoany.com  blob: https://unpkg.com https://a.usbrowserspeed.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://085-mht-312.mktoutil.com https://user-sync.fwmrm.net https://pbutcher.uk; style-src  'self'  'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://*.ellucian.com https://packages.prmcdn.io https://*.sharethis.com https://rtp-static.marketo.com https://www.googletagmanager.com; img-src  'self'  'unsafe-inline' 'unsafe-eval' https://*.ellucian.com data: https://impartner.blob.core.windows.net https://maps.googleapis.com https://*.sharethis.com https://maps.gstatic.com https://cnv.event.prod.bidr.io https://www.google.com https://imgsct.cookiebot.com https://*.linkedin.com https://t.co https://pixel.sitescout.com https://cdn.bizible.com https://t.co https://analytics.twitter.com  https://cdn.bizible.com  https://b.6sc.co https://www.facebook.com https://www.googletagmanager.com https://attribution.sitescout.com https://assets.adoberesources.net https://cdn.bizibly.com https://um.simpli.fi https://cm.g.doubleclick.net https://cdn.bizibly.com https://fei.pro-market.net https://www.googleadservices.com https://ps.eyeota.net https://s.ad.smaato.net https://sync.1rx.io https://eb2.3lift.com https://simplifi.partners.tremorhub.com https://aa.agkn.com https://sync.intentiq.com https://image2.pubmatic.com  https://ads.stickyadstv.com https://loadm.exelator.com  https://ups.analytics.yahoo.com https://sync.bfmio.com  https://bcp.crwdcntrl.net  https://ce.lijit.com  https://idsync.rlcdn.com  https://ib.adnxs.com  https://pixel.rubiconproject.com https://us-u.openx.net  https://fei.pro-market.net https://googleads.g.doubleclick.net  https://pixel.tapad.com https://pippio.com https://syncv4.intentiq.com https://dsum-sec.casalemedia.com https://d.agkn.com https://sync.taboola.com https://capi.connatix.com https://rtb-csync.smartadserver.com https://cs.lkqd.net  https://sync.inmobi.com https://s.amazon-adsystem.com; frame-src 'self' https://www.youtube.com https://youtu.be https://lp.ellucian.com https://www.youtube-nocookie.com https://demo.arcade.software https://*.sharethis.com https://maps.googleapis.com https://calculator.value-cloud.com https://www.buzzsprout.com  https://consentcdn.cookiebot.com https://www.googletagmanager.com https://pixel-sync.sitescout.com https://player.vimeo.com https://vimeo.com https://static.addtoany.com https://unpkg.com https://*.monday.com https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src  'self'  'unsafe-inline' 'unsafe-eval' http://www.geoplugin.net https://www.geoplugin.net https://ellucian25stg.prod.acquia-sites.com https://partners.ellucian.com https://maps.googleapis.com https://*.sharethis.com https://event.on24.com https://bcp.crwdcntrl.net https://www.google.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.linkedin.com https://085-mht-312.mktoresp.com https://*.crazyegg.com https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io  https://js.zi-scripts.com https://js.zi-scripts.com https://*.mktoresp.com https://js.zi-scripts.com https://c.6sc.co https://*.marketo.com  https://ws.zoominfo.com https://ipv6.6sc.co wss://*.cloud.adobe.io https://secure.adnxs.com https://www.facebook.com https://*.6sense.com  https://unpkg.com https://assets.adoberesources.net https://browser.sentry-cdn.com https://o4510076484911104.ingest.us.sentry.io https://static.addtoany.com https://impartner.blob.core.windows.net https://www.googletagmanager.com https://085-mht-312.mktoutil.com https://lp.ellucian.com https://*.monday.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'self'; connect-src 'self' 2
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 2
default-src 'self'; connect-src 'self' wss: *; font-src 'self' fonts.gstatic.com use.fontawesome.com webshop.abahn.net ccchat.estpak.ee embed.tawk.to data:; img-src blob: data: http: https: 'self'; script-src 'self' cdn.modera.org *.salesfront.eu modera-serverless-microservices-assets.s3.eu-north-1.amazonaws.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.youtube.com www.gstatic.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com static.zdassets.com cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com ajax.googleapis.com maps.googleapis.com maps.google.com webshop.abahn.net banners.adnetmedia.lt mediabrands.containers.piwik.pro services.digitalmatter.ai scdn.cxense.com id.cxense.com track.adform.net s2.adform.net static.hotjar.com script.hotjar.com cdn.visitor.chat ccchat.estpak.ee snap.licdn.com cdn-cookieyes.com analytics.tiktok.com pagead2.googlesyndication.com embed.tawk.to plausible.io www.redditstatic.com delfilt.adocean.pl gateway.aveotech.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' cdn.modera.org *.salesfront.eu fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net webshop.abahn.net use.fontawesome.com ccchat.estpak.ee embed.tawk.to 'unsafe-inline'; media-src http: https: 'self'; base-uri 'self'; object-src 'none'; frame-src http: https: 'self'; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gtranslate.net connect.facebook.net/en_US/sdk.js stats.st-denis.cloud-ed.fr translate.google.com *.googleapis.com *.formnx.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com; img-src 'self' data: blob: apicivique.s3.eu-west-3.amazonaws.com cdn.gtranslate.net plainecommune.fr fonts.gstatic.com www.gstatic.com www.google.fr translate.googleapis.com *.google.com; frame-src *; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' apicivique.s3.eu-west-3.amazonaws.com/jvalogo.svg cdn.gtranslate.net stats.st-denis.cloud-ed.fr connect.facebook.net *.googleapis.com *.formnx.com translate.google.com *.gstatic.com; upgrade-insecure-requests 2
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 2
default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at  https://*.google-analytics.com  https://*.google.com  https://*.google.at  https://*.doubleclick.net  https://*.youtube.com  https://youtu.be https://*.ytimg.com  https://*.facebook.com  https://*.vimeocdn.com  https://vimeo.com  https://*.vimeo.com  https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at  https://*.youtube.com   https://*.googletagmanager.com  https://*.google-analytics.com  https://*.hotjar.com  https://*.facebook.net  https://*.g.doubleclick.net  https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com  https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com  https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com  https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/; report-uri /report-csp-violation 2
default-src "self"; img-src *; media-src * data:; 2
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self' data:; connect-src 'self' https://www.google-analytics.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com  ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://x.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; 2
block-all-mixed-content; report-uri /nelmio/csp/report 2
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 2
frame-ancestors https://*.procampaign.net 2
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 2
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.uno.uk/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; 2
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 2
default-src  'self' *.pinimg.com *.pinterest.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.cj.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;connect-src  'self' analytics.monkeytracker.cz *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.clarity.ms *.smartlook.cloud *.smartlook.com *.tiktok.com *.permutive.com *.teads.tv *.prmutv.co *.adnxs.com *.gjirafa.tech *.gjirafa.net *.mczbf.com *.sjwoe.com *.zbozi.cz *.foxentry.cz *.bing.com *.apple.com apple.com iplatebnibrana.csob.cz api.ipify.org *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googlesyndication.com www.googletagmanager.com h.seznam.cz c.seznam.cz https://bat.bing.net https://analytics-ipv6.tiktokw.us eshops-uet-tags.ams3.cdn.digitaloceanspaces.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.facebook.net *.imedia.cz *.gstatic.com *.heureka.cz *.heureka.sk *.hotjar.com *.adform.net *.teads.tv *.clarity.ms *.smartlook.cloud *.smartlook.com *.etargetnet.com *.tiktok.com *.permutive.com *.gjirafa.net *.doubleclick.net *.mczbf.com *.zbozi.cz *.seznam.cz *.cj.com https://glamipixel.com *.foxentry.cz *.foxentry.com *.bing.com *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googleadservices.com *.glami.cz *.glami.sk cdn.heureka.group *.licdn.com *.linkedin.com im9.cz *.seznam.cz *.zbozi.cz *.googlesyndication.com https://www.googletagmanager.com https://tags.creativecdn.com;form-action  'self' *.facebook.com *.facebook.net ;frame-src  'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz www.googletagmanager.com;worker-src  'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz www.googletagmanager.com;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.facebook.com *.imedia.cz im9.cz *.teads.tv *.seznam.cz *.clarity.ms *.adnxs.com www.zasilkovna.cz www.zasielkovna.sk *.packeta.com *.bing.com *.fg.cz *.zbozi.cz *.mczbf.com *.kdukvh.com *.emjcd.com *.dotomi.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.glami.cz *.glami.sk *.heureka.cz *.heureka.sk www.googletagmanager.com https://bat.bing.net https://analytics-ipv6.tiktokw.us https://server.seadform.net;style-src  'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.gstatic.com www.googletagmanager.com *.zbozi.cz *.cj.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;object-src  'self' 2
default-src 'self'; block-all-mixed-content; connect-src sentry.trexima.sk 'self' https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.googlesyndication.com https://*.doubleclick.net https://ct.leady.com https://t.leady.com https://ads.worki.sk https://*.tiktok.com; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com https://trexima.ladesk.com https://2-vbus-de.ladesk.com videoservis.tasr.sk www.youtube.com www.facebook.com https://*.doubleclick.net https://*.googlesyndication.com https://*.ladesk.com https://*.googletagmanager.com; img-src 'self' data: *.googleusercontent.com *.worki.sk http.cat http.dog https://*.facebook.com https://*.google.com https://*.google.sk https://*.googletagmanager.com https://*.googlesyndication.com https://*.gstatic.com https://cdn-cookieyes.com https://*.doubleclick.net https://trexima.ladesk.com https://ct.leady.com https://t.leady.com via.placeholder.com; manifest-src 'self' https://dev.worki.sk/ https://dev.worki.sk/site.webmanifest https://stage.worki.sk/ https://stage.worki.sk/site.webmanifest https://www.worki.sk/ https://www.worki.sk/site.webmanifest https://*.worki.sk/*; script-src 'self' ajax.googleapis.com code.jquery.com www.google.com https://*.facebook.net https://*.facebook.com 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.googleadservices.com https://*.doubleclick.net/ https://cdn-cookieyes.com/ https://*.googlesyndication.com https://trexima.ladesk.com https://ct.leady.com https://ads.worki.sk https://*.tiktok.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com/; report-uri /nelmio/csp/report 2
frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.people.com; upgrade-insecure-requests; 1
default-src 'self' data: drupal.org *.typekit.net *.crazyegg.com; script-src 'unsafe-inline' 'self' data: drupal.org *.typekit.net www.youtube.com cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com www.googletagmanager.com gov-bam.nr-data.net js-agent.newrelic.com *.crazyegg.com static.adds-twitter.com snap.licdn.com *.teads.tv connect.facebook.net *.linkedin.com *.doubleclick.net *.facebook.com px.ads.linkedin.com cdn.linkedin.oribi.io static.ads-twitter.com s.go-mpulse.net c.go-mpulse.net *.osano.com analytics.google.com blob:; style-src 'unsafe-inline' 'self' data: blob: drupal.org *.typekit.net cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com fonts.googleapis.com *.fonts.net *.osano.com *.crazyegg.com; img-src 'self' www.facebook.com www.youtube.com analytics.twitter.com t.co www.google-analytics.com www.google.com *.teads.tv px.ads.linkedin.com www.googletagmanager.com www.linkedin.com data: *.crazyegg.com; media-src 'self' www.youtube.com; frame-src 'self' www.youtube.com www.facebook.com www.google.com html5-player.libsyn.com playlist.megaphone.fm www.podcastone.com p.teads.tv fledge.teads.tv *.osano.com *.crazyegg.com; child-src 'self' data: blob: drupal.org *.typekit.net *.osano.com; font-src 'self' fonts.gstatic.com fast.fonts.net; connect-src 'self' data: drupal.org *.typekit.net www.google-analytics.com cdn.linkedin.oribi.io cm.teads.tv *.doubleclick.net *.crazyegg.com bam.nr-data.net www.facebook.com t.teads.tv *.osano.com c.go-mpulse.net *.akstat.io analytics.google.com *.akamaihd.net px.ads.linkedin.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thoughtco.com; upgrade-insecure-requests; 1
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellmind.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thespruce.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.instyle.com; upgrade-insecure-requests; 1
frame-ancestors 'self' *.boursorama.com *.boursobank.com 1
frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1
default-src 'self' *.destatis.de *.bewacherregister.de; base-uri 'self' *.bewacherregister.de; connect-src 'self' *.destatis.de interamt.de piwik.itzbund.de *.bewacherregister.de; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de *.bewacherregister.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.destatis.de piwik.itzbund.de doo.net *.bundesbots.de *.bewacherregister.de;font-src 'self' 'unsafe-eval' 'unsafe-inline' *.destatis.de *.bundesbots.de *.bewacherregister.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de *.bundesbots.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org *.destatis.de piwik.itzbund.de *.bundesbots.de ; child-src blob: *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ *.bundesbots.de www9.idev.nrw.de www.idev.nrw.de storymaps.arcgis.com stba.maps.arcgis.com *.dashboard-deutschland.de shinymikrosimapp.azurewebsites.net start.video-stream-hosting.de data: ; img-src 'self' data: blob: *.destatis.de piwik.itzbund.de *.bundesbots.de *.bewacherregister.de; frame-ancestors 'self' *.destatis.de statistikportal.bwl.doi-de.net *.statistikportal.de ; upgrade-insecure-requests; 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com vimeo.com *.vimeo.com *.youtube.com cdn.bokeh.org *.bokeh.org *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com vimeo.com *.vimeo.com *.youtube.com; worker-src *.twitter.com blob:; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellfit.com; upgrade-insecure-requests; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman.co www.postman.com; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com client-proxy.pstmn.io chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.loom.com/embed/ https://connect.us.integrations.postmancloud.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://postman.zendesk.com/ https://runtime-assets.pstmn.io/ https://www.postman.com/complete-checkout; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/ https://runtime-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-vdfTXwwxBcbXyd+4hLA+QyoU3W3sHz6dFiRF7DHss/qWzEFE'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.brides.com; upgrade-insecure-requests; 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.byrdie.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.shape.com; upgrade-insecure-requests; 1
default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com code.jquery.com *.pinterest.com *.pinimg.com *.knotch-cdn.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com *.virtualearth.net cdn.ckeditor.com *.google.com *.evergage.com code.jquery.com *.pinterest.com *.pinimg.com *.knotch-cdn.com; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com *.googletagmanager.com *.pinterest.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com 1
default-src 'none'; connect-src 'self' kraken.rambler.ru wss://messenger.online.sberbank.ru stat.tildacdn.com sysstat.tildacdn.com mc.yandex.ru mc.yandex.com gist.githubusercontent.com feeds.tildacdn.com api-maps.yandex.ru www.sfn-am.ru sfn-am.ru forms.tildaapi.com stat.tildaapi.com dmp.sbermarketing.ru dmp-profiles.sbermarketing.ru mc.yandex.ru ext.clickstream.sberbank.ru visor.sberbank.ru wss://mc.yandex.ru privacy-cs.mail.ru; font-src 'self' data: fonts.gstatic.com static.tildacdn.com www.sfn-am.ru sfn-am.ru; frame-src 'self' youtube.com rutube.ru api-maps.yandex.ru my.mail.ru vk.com mc.yandex.ru mc.yandex.com e.infogram.com www.sfn-am.ru sfn-am.ru https://yandex.ru http://yandex.ru; img-src 'self' data: 'unsafe-inline' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net kraken.rambler.ru mc.yandex.ru www.sfn-am.ru sfn-am.ru tilda.ws adservings.ru bs.serving-sys.ru yastatic.net top-fwz1.mail.ru/counter top-fwz1.mail.ru/tracker vk.com/rtrg static.tildacdn.com; manifest-src 'self' www.sfn-am.ru sfn-am.ru; media-src 'self' www.sfn-am.ru sfn-am.ru; script-src 'self' googleads.g.doubleclick.net api-maps.yandex.ru mc.yandex.ru mc.yandex.com 'unsafe-inline' yastatic.net st.top100.ru core-renderer-tiles.maps.yandex.net 'unsafe-eval' static.tildacdn.com unpkg.com cdnjs.cloudflare.com e.infogram.com www.sfn-am.ru sfn-am.ru stmtag.ru unpkg.com/gsap@3/dist/gsap.min.js unpkg.co/gsap@3/dist/gsap.min.js ad.adriver.ru vk.com/js/api/openapi.js top-fwz1.mail.ru/js/code.js top-fwz1.mail.ru/js/dyn-goal-config.js privacy-cs.mail.ru/static/sync-loader.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.sfn-am.ru sfn-am.ru; report-uri /nelmio/csp/report 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.tripsavvy.com; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js https://platform.twitter.com https://challenges.cloudflare.com https://cdn.mouseflow.com https://cdn.jsdelivr.net/npm/search-insights@2.17.3 https://cdn.matomo.cloud https://googleads.g.doubleclick.net https://a.usbrowserspeed.com https://d-code.liadm.com https://googleads.g.doubleclick.net https://mises.matomo.cloud https://cdnjs.cloudflare.com; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com  https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/ https://www.googletagmanager.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; upgrade-insecure-requests 1
default-src https:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' http: www.google-analytics.com ajax.googleapis.com; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 1
frame-ancestors 'self' *.boursobank.com; object-src *.boursorama.com *.boursobank.com *.brsimg.com 1
connect-src * 'self' 1
object-src none 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thesprucepets.com; upgrade-insecure-requests; 1
frame-ancestors 'self' bam.harri.com harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com new.harri.com fr.new.harri.com es.new.harri.com ru.new.harri.com de.new.harri.com pl.new.harri.com ar.new.harri.com tr.new.harri.com internal-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com internal-temp-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com live.harri.com liveschedule.harri.com corporate.harri.com; 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.myrecipes.com; upgrade-insecure-requests; 1
frame-ancestors 'self' *.iza.org; 1
frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.treehugger.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://cdn.popupsmart.com  https://cdnjs.cloudflare.com https://cbpfgms.github.io https://connect.facebook.net https://partner.googleadservices.com https://www.googleadservices.com  https://googleads.g.doubleclick.net https://*.clarity.ms https://c.bing.com https://pol.is/embed.js; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com fonts.googleapis.com https://www.google.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://cdn.popupsmart.com https://use.fontawesome.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data: https://mvsfservicefabricusva.blob.core.windows.net; frame-src 'self' https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://embed.mediavalet.com *.un.org https://cdnapisec.kaltura.com  https://datawrapper.dwcdn.net https://pol.is https://app.powerbi.com https://vimeo.com https://player.vimeo.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://*; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-wGg0bAGxU4Vso2lT204XzQ==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
frame-ancestors 'self' *.chilis.com 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se klimatanpassningsradet.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.liquor.com; upgrade-insecure-requests; 1
frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com nbcolympics.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.agriculture.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.peopleenespanol.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.learnreligions.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' https://youtube.com/ https://cnes.matomo.cloud/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://www.tiktok.com https://www.instagram.com/ https://platform.twitter.com/ https://www.myadvent.net/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ https://*.cnes.fr; object-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://*.cnes.fr; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io/css/ cdn.tarteaucitron.io/css/ https://fonts.googleapis.com/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/; img-src 'self' data: https://i.ytimg.com https://*.tile.openstreetmap.fr 'unsafe-inline' https://tarteaucitron.io/log/ tarteaucitron.io/log/ https://content.milibris.com/ https://*.cnes.fr; media-src 'self' https://podcast.cnes.fr/ https://www.podcast.cnes.fr/ https://*.cnes.fr; frame-src 'self' https://youtube.com https://www.youtube.com player.vimeo.com  youtube.com www.youtube.com https://youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://videotheque.cnes.fr/ https://app.myadvent.net/ https://www.facebook.com/ https://www.linkedin.com/  https://www.instagram.com/ https://platform.twitter.com/  https://www.tiktok.com/ https://open.spotify.com/ https://*.twitch.tv https://*.cnes.fr; frame-ancestors 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://tarteaucitron.io/ tarteaucitron.io https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://*.cnes.fr; child-src 'self'  https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://cdn.cafeyn.co; connect-src 'self' 'unsafe-inline' https://cnes.matomo.cloud/ https://cdn.matomo.cloud/cnes.matomo.cloud/ https://tags.data-driven.fr cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://content.milibris.com/ https://www.tiktok.com  https://*.cnes.fr 1
default-src 'self' *.medimpact.com data:;; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com cdnjs.cloudflare.com *.google-analytics.com *.vimeo.com  *.youtube.com  *.medimpact.com *.unpkg.com unpkg.com *.recaptcha.net use.typekit.net *.typekit.net www.recaptcha.net *.google.com *.gstatic.com medimpact.my.salesforce.com; object-src 'self' *.medimpact.com data:;; style-src 'self' 'unsafe-inline' *.unpkg.com unpkg.com use.typekit.net *.typekit.net  fonts.googleapis.com; img-src 'self' *.google-analytics.com  *.medimpact.com *.googletagmanager.com data:;; media-src 'self'  *.medimpact.com data:;; frame-src *.vimeo.com *.youtube.com  *.medimpact.com *.recaptcha.net *.gstatic.com *.google.com medimpact.my.salesforce.com; frame-ancestors  *.medimpact.com; font-src 'self' * data:; use.typekit.net *.typekit.net; connect-src 'self' *.google-analytics.com *.vimeocdn.com  *.medimpact.com *.recaptcha.net *.gstatic.com use.typekit.net *.typekit.net medimpact.my.salesforce.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://cloudsecurityalliance.org https://training.cloudsecurityalliance.org 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.mydomaine.com; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' data: blob: https://prod.acquia-sites.com https://*.prod.acquia-sites.com auc.arkdev.net *.auc.arkdev.net https://aucegypt.edu https://*.aucegypt.edu https://openweathermap.org https://*.openweathermap.org https://youvisit.com https://*.youvisit.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://nr-data.net https://*.nr-data.net https://newrelic.com https://*.newrelic.com https://cloudflare.com https://googleusercontent.com https://*.cloudflare.com https://*.googleusercontent.com https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be https://gstatic.com https://*.gstatic.com https://ytimg.com https://*.ytimg.com https://ggpht.com https://*.ggpht.com https://*.campusgroups.com https://calendar.google.com https://interviewexchange.com https://*.interviewexchange.com https://auc.cloud.panopto.eu https://datawrapper.dwcdn.net https://*.watson.appdomain.cloud https://datastudio.google.com https://*.datastudio.google.com https://crazyegg.com https://*.crazyegg.com https://myjotform.com https://*.myjotform.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://stats.g.doubleclick.net https://*.g.doubleclick.net https://addthis.com https://*.addthis.com 'unsafe-eval' https://moatads.com https://*.moatads.com https://addthisedge.com https://*.addthisedge.com https://px.ads.linkedin.com https://*.ads.linkedin.com https://*.linkedin.com https://www.googleadservices.com https://www.google.com https://*.googleadservices.com https://*.google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://snap.licdn.com https://*.snap.licdn.com https://*.licdn.com https://p.adsymptotic.com https://*.adsymptotic.com https://*.googlesyndication.com https://googlesyndication.com https://cdn.linkedin.oribi.io https://www.google.com.eg https://*.google.com.eg https://*.mainstay.com https://addtoany.com https://*.addtoany.com https://googleapis.com https://*.googleapis.com https://noembed.com https://*.noembed.com https://plyr.io https://*.plyr.io https://cdn.jsdelivr.net https://*.clarity.ms https://surveymonkey.com https://*.surveymonkey.com https://*.consentmanager.net https://*.cookieinformation.com https://*.cookieyes.com https://cdn-cookieyes.com https://copilotstudio.preview.microsoft.com https://*.copilotstudio.preview.microsoft.com https://preview.microsoft.com https://*.preview.microsoft.com https://cdn.cookielaw.org https://alcdn.msauth.net https://*.m365.cloud.microsoft https://copilotstudio.preview.microsoft.com/ https://login.microsoftonline.com https://*.powerplatform.com https://*.dynamics.com https://*.powerapps.com https://copilotstudio.microsoft.com https://cdn.botframework.com https://*.botframework.com https://*.office.com https://113dcdde89f2eaa1ba7a0b2ca605fe.08.environment.api.powerplatform.com wss://*.powerplatform.com wss://*.botframework.com wss://*.cloud.microsoft; frame-ancestors 'self' https://aucegypt.edu https://*.aucegypt.edu; report-uri /report-csp-violation 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com https://download1.pornbox.com download1.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://*.1ka.com *.1ka.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://*.agego.com *.agego.com https://*.yoti.com *.yoti.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.agego.com *.agego.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect https://*.googleapis.com *.googleapis.com https://*.firebaseio.com *.firebaseio.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://fonts.gstatic.com fonts.gstatic.com data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://accounts.google.com accounts.google.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com apis.google.com https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi cdn.askem.com customer.cludo.com; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai boost-files-general-eu-west-1-test.s3-eu-west-1.amazonaws.com boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com cdn.askem.com; media-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai cdn.askem.com *.monitor.azure.com *.cdn.applicationinsights.io customer.cludo.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai youtube.com feedback.askem.com *.in.applicationinsights.azure.com js.monitor.azure.com api.cludo.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
X-Content-Security-Policy 1
child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com https://*.qualified.com; connect-src 'self' *.googletagmanager.com *.googlesyndication.com pi.pardot.com go.jaggaer.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self'  *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self' www.slideshare.net *.facebook.com *.doubleclick.net *.google.com blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com www.googletagmanager.com promo.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self' pi.pardot.com *.googlesyndication.com *.youtube.com match.adsrvr.org go.jaggaer.com wec-assets.terminus.services *.ytimg.com *.bing.com *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms https://*.qualified.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self'  s.w.org app.qualified.com mediastream:; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' *.usbrowserspeed.com *.googlesyndication.com wec-assets.terminus.services tracking.intentsify.io https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net  js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr  'unsafe-inline' ; style-src 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com  cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self'  blob: *.qualified.com;  upgrade-insecure-requests; 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-94KT9IDcWuKQJT4EinwoqQ==' 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com bat.bing.net *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com *.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de *.moviexchange.com unpkg.com *.adtrafficquality.google ad.turn.com *.clarity.ms; block-all-mixed-content 1
frame-src 'self' 1
frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1
frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.hlisb.com.my https://www.hlb.com.kh https://www.hlbank.com.sg https://www.hlbank.com.vn https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my  https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my https://10.103.8.91 wss://10.103.8.91 1
frame-ancestors https://*.omantel.om 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.dailypaws.com; upgrade-insecure-requests; 1
script-src 'nonce-5322ecd7-c2db-444e-a425-20cc68b9a0de' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
default-src 'self'; img-src 'self' 1
frame-ancestors https://*.randstad.es; 1
default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org testingn5u3c8k7g4-dsn.algolia.net cloud.response.certainteed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com www.googleadservices.com googleads.g.doubleclick.net *.tags.srv.stackadapt.com tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com cdn.userway.org tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com  s.yimg.com sp.analytics.yahoo.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net ad.doubleclick.net *.google.ca *.gstatic.com *.googletagmanager.com tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com alb.reddit.com  s.yimg.com sp.analytics.yahoo.com *.googleadservices.com *.facebook.net pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com; media-src 'self' 'unsafe-inline' youtube.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com  onelink-edge.com  googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com bid.g.doubleclick.net *.company-target.com youtu.be tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com  s.yimg.com sp.analytics.yahoo.com *.pub.sfmc-content.com px.ads.linkedin.com  *.ads.linkedin.com *.linkedin.com *.doubleclick.net *.simpli.fi *.adsrvr.org *.podbean.com www.podbean.com cloud.response.certainteed.com; child-src 'self' blob: dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com *.userway.org *.simpli.fi *.adsrvr.org cloud.response.certainteed.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com config.reddit.com www.redditstatic.com conversions-config.reddit.com ct.pinterest.com s.yimg.com analytics.google.com *.reddit.com *.tiktokw.us test-drive-11-s6uit34pua-uc.a.run.app *.facebook.com *.doubleclick.net *.googleadservices.com pixel-config.reddit.com google.com *.simpli.fi *.adsrvr.org testingn5u3c8k7g4-dsn.algolia.net cloud.response.certainteed.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
base-uri 'self';child-src blob:;connect-src 'self' sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com webpack: *.algolia.net *.algolianet.com *.adnxs.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io api.widget.botmind.ai privacyportal-fr.onetrust.com bat.bing.com bat.bing.net geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com *.googleadservices.com *.facebook.com googleads.g.doubleclick.net *.hotjar.io *.google-analytics.com metrics.relaischateaux.com *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com mapsresources-pa.googleapis.com ct.pinterest.com log.pinterest.com *.contentsquare.net *.contentsquare.com;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self' *.adyen.com *.adyenpayments.com;frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com recaptcha.net www.google.com www.googletagmanager.com *.adyen.com *.relaischateaux.com ct.pinterest.com;img-src 'self' data: blob: *.relaischateaux.com *.gstatic.com *.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com bat.bing.net www.facebook.com ib.adnxs.com *.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com *.googletraveladservices.com *.googletagmanager.com googleads.g.doubleclick.net *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com relay-t.io *.relay-t.io secure-relay.com *.secure-relay.com secure-hotel-tracker.com *.secure-hotel-tracker.com *.cloudfront.net assets.relaischateaux.com static.tacdn.com www.tripadvisor.com ct.pinterest.com log.pinterest.com *.contentsquare.net;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com recaptcha.net www.gstatic.com www.google.com *.adyen.com *.actito.be secure-hotel-tracker.com *.googleadservices.com *.yahoo.com *.yahoodns.net *.yimg.com s.pinimg.com ct.pinterest.com t.contentsquare.net app.contentsquare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com *.googletagmanager.com;worker-src 'self' blob:;upgrade-insecure-requests ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.spd.de https://api.spendino.de https://maps.googleapis.com https://altruja.de https://www.verbavoice.net https://*.raisenow.com https://cdn.jsdelivr.net https://*.datatrans.com ; img-src 'self' data: https://*.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://*.openstreetmap.de https://images.admiralcloud.com https://*.micropayment.de https://cdn.jsdelivr.net ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://*.spd.de https://dpa-electionslive.s3.amazonaws.com https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://www.youtube.com https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://www.verbavoice.ne https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://*.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://t3prod.admiralcloud.com https://player.admiralcloud.com https://gateway.spendino.de https://*.datatrans.com https://tamaro.raisenow.com ; style-src 'self' 'unsafe-inline' https://*.spd.de https://fonts.googleapis.com https://assets.raisenow.io https://cdn.jsdelivr.net ; connect-src 'self' https://*.spd.de https://altruja.de wss://ws-eu.pusher.com https://*.raisenow.io https://*.raisenow.com ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' data: https://*.spd.de https://fonts.gstatic.com https://assets.raisenow.io ; 1
frame-ancestors 'self' cmsv2.zebrix.net 1
connect-src 'self' 1
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob: https: 'unsafe-inline' 'unsafe-eval' 1
default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://thirdiron-assets.s3.amazonaws.com/ https://assets.thirdiron.com/ https://maps.googleapis.com https://www.youtube.com/ https://www.google.com https://www.gstatic.com/; img-src 'self' https://thirdiron.com https://thirdiron-assets.s3.amazonaws.com https://thirdiron.com https://assets.thirdiron.com https://secure.gravatar.com; object-src 'self' https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com https://player.vimeo.com https://vimeo.com; frame-src 'self' https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com https://player.vimeo.com https://vimeo.com; 1
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org https://player.vimeo.com/ https://www.recaptcha.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onelogin.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/;; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:;; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com;; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.youtube.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com youtu.be *.youtube.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-src 'self' player.vimeo.com *.youtube.com *.youtube-nocookie.com youtu.be *.youtube.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com youtu.be *.youtube.com *.ytimg.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de  www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://static.cloudflareinsights.com; 1
base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://*.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-lvb02dx09-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com fonts.googleapis.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio https://www.sanity.io;frame-src 'self' https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1
default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data:; frame-ancestors 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; font-src 'self' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' cdn.pendo.io; img-src 'self' https://purecatamphetamine.github.io; object-src 'none'; frame-src 'self'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-downloads; connect-src 'self' https://localhost:7279; navigate-to 'self' https:; base-uri 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' https://www.facebook.com https://www.google.com https://www.google.com.ar https://www.google-analytics.com https://analytics.google.com http://static.ads-twitter.com http://script.crazyegg.com http://onelinksmartscript.appsflyer.com https://*.amplitude.com https://www.googletagmanager.com https://facebook.net https://analytics.tiktok.com https://map-handler.qa.playdigital.com.ar https://stats.g.doubleclick.net https://tracking.crazyegg.com https://*.crazyegg.com https://go.botmaker.com https://cdn.freshbots.ai https://www.freshbots.ai https://m-infra.appspot.com wss://ws.botmaker.com *.freshbots.ai *.crazyegg.com *.botmaker.com *.googleapis.com *.playdigital.com.ar *.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;form-action 'self';frame-ancestors *;frame-src 'self' https://*.doubleclick.net https://*.modo.com.ar https://www.googletagmanager.com/ https://maps.googleapis.com https://www.google.com;img-src 'self' data: www.afip.gob.ar www.argentina.gob.ar modo.onelink.me *.playdigital.com.ar https://t.co https://analytics.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://assets.mobile.preprod.playdigital.com.ar https://assets.mobile.qa.playdigital.com.ar https://assets.mobile.develop.playdigital.com.ar https://assets.mobile.playdigital.com.ar https://s3.amazonaws.com https://www.google.com a.storyblok.com www.google.com.ar www.facebook.com storage.googleapis.com www.googletagmanager.com *.doubleclick.net;manifest-src 'self';media-src https://storage.googleapis.com *.playdigital.com.ar *.googleapis.com;object-src https://amplitude.com;prefetch-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://connect.facebook.net https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com https://www.googleadservices.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.freshbots.ai;worker-src 'self' *.modo.com.ar blob:;script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com;report-uri /api/reporting;report-to /api/reporting; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; object-src *; style-src * 'self' 'unsafe-inline' https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; img-src * 'self' data: https:; https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; media-src *; frame-src * https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; connect-src * 'self' https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com 1
default-src 'self' *.crazyegg.com https://www.clarity.ms https://*.clarity.ms https://brandfolder.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.videojet.com https://js.zi-scripts.com https://js.zi-scripts.com/zi-tag.js https://scripts.clarity.ms http://scripts.clarity.ms  https://www.gstatic.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://93903118.adoric-om.com/adoric.js cdn.pushcrew.com *.crazyegg.com https://brandfolder.com https://script.crazyegg.com https://www.youtube.com https://bat.bing.com https://pages.videojet.com https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__en.js https://www.google.com/recaptcha/api.js https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com https://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js https://play.vidyard.com https://play.vidyard.com https://connect.facebook.net https://app-sj04.marketo.com https://munchkin.marketo.net https://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com https://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://www.googletagmanager.com blob:; style-src 'self' 'unsafe-inline' https://pages.videojet.com/js/forms2/css/forms2.css https://pages.videojet.com/js/forms2/css/forms2-theme-simple.css https://brandfolder.com https://static.adoric.com/adoric.v9.11.min.css *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://dev.visualwebsiteoptimizer.com/static/latest/styles/themes/light-1975c1b85dd0e3c2ab714e934485e6dc.css https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com https://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' wss://mwu9p4bdfa.execute-api.us-west-2.amazonaws.com/prod/ https://ws.zoominfo.com https://js.zi-scripts.com https://o.clarity.ms/collect https://f.clarity.ms/collect https://fbo-b.flippingbook.com https://090-bzj-603.mktoutil.com https://o.clarity.ms/collect https://n.clarity.ms/collect https://brandfolder.com *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://e.clarity.ms/collect https://app.adoric-om.com https://www.google.com https://r3.visualwebsiteoptimizer.com https://s.clarity.ms/collect https://u.clarity.ms/collect https://q.clarity.ms/collect https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://script.crazyegg.com https://v.clarity.ms/collect https://z.clarity.ms/collect https://i.clarity.ms/collect https://bat.bing.com https://pagead2.googlesyndication.com https://r.clarity.ms/collect https://d.clarity.ms/collect https://h.clarity.ms/collect https://api.nelioabtesting.com https://googleads.g.doubleclick.net/pagead/landing https://b.clarity.ms/collect https://www.google.com/pagead/landing https://l.clarity.ms/collect https://k.clarity.ms/collect https://j.clarity.ms/collect https://a.clarity.ms/collect https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://play.vidyard.com https://play.vidyard.com https://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://090-bzj-603.mktoresp.com https://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com https://online.flippingbook.com https://brandfolder.com https://aurora.videojet.com https://sketchfab.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com https://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com https://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: https://videojet-preprod.go-vip.net https://videogif.bfldr.com https://sketchfab.com https://connect.facebook.net https://online.flippingbook.com https://googleads.g.doubleclick.net https://app-sj04.marketo.com https://storage-us-gcs.bfldr.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.crazyegg.com https://cdn.jsdelivr.net/npm/emoji-datasource-google@7.0.2/img/google/64/1f449.png https://ce-user-images.s3.amazonaws.com https://fonts.gstatic.com https://r3.visualwebsiteoptimizer.com https://cdn.videojet.com https://bat.bing.com https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org https://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com https://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com  https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://2.gravatar.com https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.videojet.com https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' blob: 'self' https://www.videojet.com/2542450f-ca39-4b31-a4fe-b3a44bdf7414 https://www.videojet.com https://www.videojet.com/7b2fcfc1-d4e5-4136-806c-06352297e50b https://www.videojet.com/2a2994b2-69bb-468c-9f92-05d4a4c16a3e https://www.videojet.com/14f827d5-abfb-4e4e-9a4c-895f5b02a2fd https://www.videojet.com/64bbf2dc-fdf3-4751-ba9d-a2a2b246a44f https://www.videojet.com/78280bef-49f4-4385-a2de-9e7323188caa https://www.videojet.com/8a155a4c-c61c-4378-b005-8ffe276fcc45 https://www.videojet.com/62e4c7d6-2f09-4a3e-b2a3-52cafc05d9da https://www.videojet.com/bec2d58e-d5cf-468a-887a-e370709be634 https://www.videojet.com/c781ff3d-603d-4687-89f0-3a3d6a328219 https://www.videojet.com/74fce793-ed04-4dbc-a6f5-3a63cad3cea0 https://www.videojet.com/fee32f17-de59-4310-bfbf-e12ae23e77ce https://www.videojet.com/f1d8c577-4487-4b24-869c-7f8d14253245 https://www.videojet.com/7fcb0737-1eb0-4e93-8b92-93857452a662 https://www.videojet.com/f6a8f6b8-767b-42dc-b442-b6652594efd8 https://www.videojet.com/503b8add-9b01-4c08-9ecd-5b2ad4b061ed https://www.videojet.com/9d7d8042-f3a8-4aed-9dcb-766aae5a5211 https://www.videojet.com/edfede1b-259f-4197-aa6a-ec54bb13032e https://www.videojet.com/011c1447-c96d-47ff-997b-464ac7eaa5d0 https://www.videojet.com/8006d16d-a330-4f76-962f-5ee56bd312ea https://www.videojet.com/aa59bbca-6826-445f-b147-adf7e4a18cb7 https://www.videojet.com/a67567ac-8759-457f-8f2a-8de5d2891a3d https://www.videojet.com/b9b2cba9-9085-4a35-9042-c631bc0edd95 https://www.videojet.com/57c18b2b-ebfb-44b8-9fa8-6f3ab8cbd77f https://www.videojet.com/c65fa58a-32e8-4dda-9081-b23fcb28a983; 1
base-uri 'none';child-src 'self' https://*.twitch.tv https://*.youtube.com;connect-src *;default-src 'self';font-src * data:;form-action 'self' *;frame-ancestors 'self' http://localhost:1337 https://*.gam3s.gg https://*.polkastarter.gg https://farcaster.xyz https://thumbgen.gam3s.gg;frame-src *;img-src * data: blob:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src * data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vast.gg https://static.ads-twitter.com https://www.redditstatic.com https://connect.facebook.net https://gleam.io https://widget.gleamjs.io https://*.google-analytics.com https://vercel.live https://*.hotjar.com https://*.cookie3.co https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://cdn.blockpass.org https://do.featurebase.app https://metrics.gam3s.gg https://us.i.posthog.com https://us-assets.i.posthog.com https://*.posthog.com https://insights.gam3s.gg https://challenges.cloudflare.com https://ads.adthrive.com https://*.adthrive.com https://*.3lift.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googletagservices.com https://www.googleadservices.com https://*.googletagmanager.com https://ep2.adtrafficquality.google https://imasdk.googleapis.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://cdn.id5-sync.com https://*.cdn.optable.co https://ads.pubmatic.com https://*.sharethrough.com https://groundcontrol.rendering.sharethrough.com https://d9.flashtalking.com https://servedby.flashtalking.com https://*.flashtalking.com https://sb.scorecardresearch.com https://cdn.brandmetrics.com https://collector.brandmetrics.com https://cdn.confiant-integrations.net https://*.adform.net https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io https://*.consentmanager.net https://choices.truste.com https://*.rubiconproject.com https://fastlane.rubiconproject.com https://*.lkqd.net https://cs.lkqd.net https://c.aps.amazon-adsystem.com https://config.aps.amazon-adsystem.com https://static.cloudflareinsights.com https://pixel.adsafeprotected.com https://content.quantcount.com https://creative-measurement.quantcount.com https://pghub.io https://s0.2mdn.net https://*.safeframe.googlesyndication.com/ https://*.yahoo.com https://*.ybp.yahoo.com https://*.adsrvr.org https://*.criteo.com https://*.criteo.net https://*.indexexchange.com https://*.casalemedia.com https://*.openx.net https://*.openx.com https://*.sovrn.com https://*.lijit.com https://*.aidemsrv.com https://*.33across.com https://*.yieldmo.com https://*.medianet.com https://*.contextweb.com https://*.improvedigital.com https://*.smartadserver.com https://*.teads.tv https://*.outbrain.com https://*.taboola.com https://*.smaato.net https://*.bidswitch.com https://*.admixer.net https://*.adsafeprotected.com https://*.moatads.com https://*.doubleverify.com https://*.fwmrm.net https://*.serving-sys.com https://*.undertone.com https://*.advertising.com https://*.adtech.de https://*.quantserve.com https://*.com https://*.net https://*.io;style-src 'self' 'unsafe-inline' *;worker-src 'self' blob:;report-uri posthog-csp;report-to posthog-csp; 1
frame-ancestors 'self' https://www.genau-lotto.de https://genau-lotto.de https://*.etracker.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://gateway.mobbeel.com/ mobbeel.com *.mobbeel.com 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://gtm.zone-secure.net https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com *.zone-secure.net *.clarity.ms sdk.privacy-center.org region1.google-analytics.com;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com *.zone-secure.net *.clarity.ms sdk.privacy-center.org region1.google-analytics.com;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/ *.woosmap.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.googletagmanager.com *.google.com *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.zone-secure.net *.clarity.ms sdk.privacy-center.org region1.google-analytics.com;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com *.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com *.centrakor.com https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io *.woosmap.com https://purecatamphetamine.github.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.zone-secure.net *.clarity.ms sdk.privacy-center.org region1.google-analytics.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com *.google.com *.googletagmanager.com *.zone-secure.net *.clarity.ms sdk.privacy-center.org region1.google-analytics.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/ https://service.zone-secure.net/ *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.googletagmanager.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com *.zone-secure.net *.clarity.ms sdk.privacy-center.org region1.google-analytics.com;base-uri 'self';media-src 'self' data: *.flbx.io;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mista.ua https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.adtrafficquality.google *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com  https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org https://polyfill.io/ wikimapia.org https://*.jsdelivr.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com syndicatedsearch.goog *.googletagservices.com *.adtrafficquality.google *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org *.adsensecustomsearchads.com https://www.tiktok.com/; 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-ilgJOb0wrfJ0vdhhDfuYpw=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com cdn.tailwindcss.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com www.googletagmanager.com *.upviral.com ;connect-src 'self' bd1.zortrax.com stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com zortrax.us14.list-manage.com *.list-manage.com  *.wistia.com *.litix.io 3dprint.zortrax.com *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com www.google.com *.facebook.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.woodmagazine.com; upgrade-insecure-requests; 1
default-src 'self';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline';connect-src 'self';font-src 'self';style-src 'self' 'unsafe-inline'; 1
default-src *;script-src 'self' 'nonce-LC3nYJh6TmXrw2JDc3dJu/vmKVy9W0pj8r5fbCmy+4o='; 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1
frame-ancestors 'self' vidaworld.com *.vidaworld.com heromotocorp3--dev.sandbox.my.salesforce.com heromotocorp3--dev.sandbox.lightning.force.com vidaworld--sit.sandbox.lightning.force.com vidaworld.lightning.force.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.industowers.com/ https://*.industowers.com/ http://*.industowers.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/ https://s.tradingview.com/; img-src 'self' data: blob: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://goo.gle/ https://www.industowers.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googletagmanager.com; object-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; frame-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; form-action 'self' data: blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.midwestliving.com; upgrade-insecure-requests; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-7255bb3616a053c19bfdfc9b4aa7af4f' 'nonce-a42db68c55d6a631ada1af236ff23be4' 'nonce-0fd7aa9a29cbd27f6bece69447a7bbc5' 'nonce-7231da312330c0a9a3c7124197436be6' 'nonce-78e55ae88c86004a8c4b0431a24c61df' 'nonce-bf9c45bd8c802060fa0f7eb15b11f8f6' 'nonce-e6c4dc1920e39f9df1538b691b3f17f1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7255bb3616a053c19bfdfc9b4aa7af4f' 'nonce-a42db68c55d6a631ada1af236ff23be4' 'nonce-0fd7aa9a29cbd27f6bece69447a7bbc5' 'nonce-7231da312330c0a9a3c7124197436be6' 'nonce-78e55ae88c86004a8c4b0431a24c61df' 'nonce-bf9c45bd8c802060fa0f7eb15b11f8f6' 'nonce-e6c4dc1920e39f9df1538b691b3f17f1' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' forms.saib.com.sa *.saib.com.sa; report-uri /report-csp-violation 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
allow *; options inline-script eval-script; frame-ancestors 'self' 1
script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com  *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' bitrix.info uaas.yandex.ru vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' bitrix.info abt.s3.yandex.net api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; font-src 'self' fonts.googleapis.com; 1
 default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval' https://feedback.gov.de; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de https://feedback.gov.de/; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1
frame-ancestors https://*.holman.com *.holmancadillac.com *.holmanhondacentennial.com *.holmanhonda.com *.audisandiego.com *.audiflatirons.com *.audiboulderservice.com *.audipembrokepines.com *.audifortwashington.com *.holmanfordmapleshade.com *.holmanfordturnersville.com *.holmanlincolnmapleshade.com *.princetonbmw.com *.bmwofmtlaurel.com *.bmwoffortlauderdale.com *.bmwofpembrokepines.com *.bmwtigard.com *.kuniautocenter.com *.jaguarsandiego.com *.landroversandiego.com *.landroverdenver.com *.landroverlynnwood.com *.lexusofportland.com *.lexusofportland.com *.lexusofseattle.com *.holmaninfiniti.com *.holmantoyota.com *.lauderdalemini.com *.miniofmtlaurel.com *.porschesandiego.com *.mbvansmapleshade.com *.holmanmotorcars.com *.holmanauto.com *.holmancollision.com *.riskpartners.com *.holmancollision.com *.holmantransportationrrg.com *.holmanvinfastfortlauderdale.com *.holmanineosgranider.com *.studio.porschesandiego.com *.audisandiegofashionvalley.com *.lexusofgreenwoodvillage.com *.holmanineosgrenadier.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com *.imaginativeenterprising-intelligent.com *.mouseflow.com *.clarity.ms *.publuu.com *.buzzsprout.com *.lfeeder.com cdn.ckeditor.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com *.cloudflare.com *.avl-marketing.com *.clarity.ms *.amazonaws.com *.lfeeder.com *.kununu.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at *.publuu.com publuu.com *.buzzsprout.com publications.avl.com www.googletagmanager.com; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com *.mouseflow.com *.cloudflare.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com *.mouseflow.com *.clarity.ms bat.bing.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.gsb.bund.de; media-src 'self' *.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com datawrapper.dwcdn.net *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 1
default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1
img-src 'self' norma.omq.de *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://app.usercentrics.eu https://accelerator.extern.hmmh.io https://piwik.norma-online.de https://*.clarity.ms https://www.facebook.com/ https://c.bing.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' norma.omq.de *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://piwik.norma-online.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://*.clarity.ms https://connect.facebook.net/ https://c.bing.com blob:; object-src 'none'; font-src norma.omq.de 'self'; 1
base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.foodandwine.com; upgrade-insecure-requests; 1
frame-src spasibosberbank.ru new.spasibosberbank.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net *.sentry-cdn.com *.adobedtm.com https://*.qualtrics.com api.wire.spbx.app blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com *.wistia.com; img-src 'self' www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms id.rlcdn.com segments.company-target.com tags.srv.stackadapt.com ad.doubleclick.net www.google.co.in *.prod.acquia-sites.com *.apple.com *.advanceinsurance.com https://*.qualtrics.com *.mdhv.io api.wire.spbx.app *.adsrvr.org data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com www.kff.org s.company-target.com https://*.qualtrics.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.wistia.net *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com bcbsks.data.adobedc.net adobedc.demdex.net https://*.qualtrics.com *.sentry-cdn.com *.adsrvr.org; upgrade-insecure-requests 1
default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src 'self'; child-src blob:; connect-src 'self' data https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.googleadservices.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://js.zi-scripts.com https://analytics.inzynk.io https://collector4.leadinfo.net https://collector.leadinfo.net https://api.leadinfo.com https://ws.zoominfo.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; font-src 'self' data: data fonts.gstatic.com; frame-src https://*.youtube.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://prod1.solutions.webfg.ch https://*.google.com https://td.doubleclick.net https://www.coface.fr https://pwm-image.trendmicro.com https://edge.media-server.com; img-src 'self' data: data blob https://tr.line.me https://*.lfeeder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://*.hsforms.com https://*.hubspot.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; object-src 'none'; script-src 'self' blob 'sha256-r5XNBZKG5SuRALRop397WzCpL6A7PPnVeJHjxu4dYoM=' 'sha256-PvjejqLYd3NWAQbuI5ztPkrH0+NbIyvfHcohUy/cDgY=' 'sha256-ixt9cJSW7l/TjcAHQwIkthvmNXKVhbctw0KIBmfT3vI=' 'sha256-TBFB22YzPYBT6rIyeICABgKnf6AS2XlCon7PlKpqwx0=' 'sha256-Mdr7Elzu0r9o/uLCgHaqqkGF/Cjybl8xHE3xxAJOpvE=' 'sha256-Fac3ZJh9Y/mUcXMm30RrYwSt3wFvJ7dvzNvifF3wz9o=' 'sha256-j7hX0Eb40FknxDtJlw+/vJUvnDRI62XPkRyAgR5yDPs=' 'sha256-7vg2+gdz1/ftFJq3ZBimCuYwW04BTLPk0Z8E7kVeGHY=' 'sha256-VyY8SEWR8lMYk6OETYa7fhiLcLnQwdZtN03ECJL48t0=' 'sha256-XbnphNbfccFW7zQZOKk1NECfmmjWeq0cg1FwHrMZZ3A=' 'sha256-nVZbCRzRQSuWk+9W2ls61mQODCppOVf74kz9tIVcvD8=' 'sha256-oIOkXW3jJVB3WzdBAFDW1Y+ploUa4qVp1mqHQeZ7U+Q=' 'sha256-uILB4C9XYyBWeOx5+XQDrAjrU4EsdqN9Ms3lKdPVl58=' 'sha256-fEneWIDmgpMHym15EtxErZC6ZUMtKxivpJeC0XmqQGc=' 'sha256-tAWD8lytuBP8gEXDAj+ZibUssoc3mxK0Qpx5aFn8TT4=' https://*.lfeeder.com https://tags.inzynk.io https://cdn.leadinfo.net https://plugin.sopro.io https://d.line-scdn.net https://js.zi-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://googleads.g.doubleclick.net https://*.gstatic.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hs-scripts.com https://*.linkedin.com https://*.licdn.com https://*.google.com https://*.google.fr https://*.upsun-eu-5.observability-pipeline.blackfire.io; style-src 'self' 'unsafe-inline'; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com cdn.jsdelivr.net *.akamaihd.net *.ceros.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net *.facebook.com *.ceros.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com www.kununu.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
default-src 'self';  style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.ckeditor.com *.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.cookielaw.org; object-src 'none'; style-src 'self' 'unsafe-inline' *.mailchimp.com; img-src 'self' data: blob: *.youtube.com *.google.com *.google.ro *.googletagmanager.com *.shortpixel.ai; media-src 'self' blob: *.youtube.com *.google.ro *.shortpixel.ai; frame-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.etapestry.com etapestry.sky.blackbaud.com *.vercel.app; font-src 'self'; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self'; block-all-mixed-content; connect-src 'self' go.metering.diehl.com go.controls.diehl.com analytics.diehl.com geolocation.onetrust.com *.onetrust.com cdn.cookielaw.org *.youtube-nocookie.com https://*.googleapis.com *.google.com https://*.gstatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://v.qq.com *.canto.de *.cloudfront.net *.google.com brandsonspeed.pageflow.io *.youtube-nocookie.com *.youtube.com; img-src 'self' cdn.cookielaw.org https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com img.youtube.com *.ytimg.com data: analytics.diehl.com; media-src 'self' blob:; script-src 'self' analytics.diehl.com *.onetrust.com cdn.cookielaw.org pi.pardot.com go.metering.diehl.com go.controls.diehl.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.typekit.net *.youtube-nocookie.com *.ytimg.com cdn.syndication.twimg.com 'nonce-OG9M473FkBTZWO50OmeEsg=='; style-src 'self' analytics.diehl.com https://fonts.googleapis.com *.typekit.net 'nonce-OG9M473FkBTZWO50OmeEsg==' 1
default-src blob: https: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com  https://www.googleadservices.com  https://googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.googleapis.com https://cdn.addevent.com https://platform.twitter.com embed.aidaform.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://partner.googleadservices.com https://*.list-manage.com https://*.clarity.ms https://c.bing.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.google.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net https://cdn-images.mailchimp.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://flo.uri.sh https://api.mapbox.com https://app.powerbi.com https://data.humdata.org https://drive.google.com calendar.google.com https://www.youtube.com https://datawrapper.dwcdn.net https://teamup.com https://lookerstudio.google.com https://experience.arcgis.com https://public.tableau.com https://rrmniger.azurewebsites.net/ *.unocha.org https://*.addevent.com https://cdn.knightlab.com https://dashboards.impact-initiatives.org https://docs.google.com https://e.infogram.com https://jmmi-northernsyria.shinyapps.io https://logie.logcluster.org https://m.facebook.com https://miro.com https://spxih.mjt.lu https://turkiyeeq.thedeep.io https://ukraine.servicesadvisor.net https://unhcr.carto.com https://www.arcgis.com https://www.facebook.com https://rwsupport.aidaform.com https://analytics.wfp.org *.un.org https://cdnapisec.kaltura.com https://vimeo.com https://player.vimeo.com https://ukraine.servicesadvisor.net https://*.kobotoolbox.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://fonts.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://stats.g.doubleclick.net https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
default-src 'self';               frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com https://forms.hsforms.com https://www.googletagmanager.com https://tags.austinregionalclinic.com;               frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://vmecharttest3 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://maps.googleapis.com               https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com                https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai               https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://vmecharttest3 https://snap.licdn.com https://www.googletagmanager.com https://tags.austinregionalclinic.com;              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com https://www.googletagmanager.com;               font-src 'self' https://fonts.gstatic.com https://code.jquery.com;               form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com;               img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://maps.gstatic.com               https://hyropublic.blob.core.windows.net https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com               https://www.google.com https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.googletagmanager.com;              connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net               wss://web.hyro.ws/widget-client https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://app.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com https://tags.austinregionalclinic.com;              object-src 'none';              base-uri 'self';              media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1
default-src 'self' *.google-analytics.com *.jsdelivr.net *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com/ns.html *.cookielaw.org *.licdn.com *.ads-twitter.com *.facebook.net https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://www.youtube.com https://cdnjs.cloudflare.com *.gstatic.com https://incyte.piwik.pro; style-src 'unsafe-inline' 'self' *.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' *.google-analytics.com *.facebook.com *.linkedin.com *.blob.core.windows.net *.azureedge.net *.cookielaw.org *.google.com *.google.co.in analytics.twitter.com t.co px.ads.linkedin.com px.ads.linkedin.com.x cdn.incyte.com data: *.googletagmanager.com *.opendns.com; media-src 'self' *.google-analytics.com *.blob.core.windows.net *.azureedge.net https://cdn.incyte.com; frame-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com *.facebook.com *.facebook.net; frame-ancestors 'self'; child-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de *.synology.me:5001; frame-ancestors 'self'; font-src 'self' data:; 1
default-src 'self' localhost static.formstack.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: siteimproveanalytics.com js-agent.newrelic.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com *.formstack.com www.google.com www.gstatic.com web2.production.gyantts.com challenges.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.com fonts.googleapis.com s3.amazonaws.com *.typekit.net; img-src * data:; media-src assets.gyant.com; form-action 'self' *.formstack.com https://www.gundersenhealth.org http://ghs.docksal.site:8080; frame-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com maps.google.com challenges.cloudflare.com secure.gundersenhealth.org; frame-ancestors 'self'; child-src 'self' blob: www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com maps.google.com; font-src 'self' data: fonts.gstatic.com *.typekit.net s3.amazonaws.com *.formstack.com; connect-src 'self' bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com *.formstack.com wss://web2.production.gyantts.com web2.production.gyantts.com; base-uri 'self'; report-uri /report-csp-violation 1
script-src https://counter.simplybook.me https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-67aaf781e49af4a0ca1473f9c919c4ef'; child-src blob: ; frame-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://api.tiles.mapbox.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://bam.nr-data.net http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org  https://cas.zma.gs/5406ddafe4b098fb1ee80a84/ssr/containers/20f59a2b-d9fe-4355-8530-33c659597e30/init.js https://static.klaviyo.com https://static-tracking.klaviyo.com https://cas.zma.gs https://apps.bazaarvoice.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://mpsnare.iesnare.com/snare.js https://mpsnare.iesnare.com/script/logo.js https://snap.licdn.com https://www.upsellit.com https://googleads.g.doubleclick.net  https://d.impactradius-event.com https://googleads.g.doubleclick.net https://app.upsellit.com cdn.pricespider.com https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://px.ads.linkedin.com https://analytics.tiktok.com https://tr.snapchat.com https://connect.letslinc.com https://bat.bing.com; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://privacyportal.onetrust.com https://stage.brandsitedata.mars.com/orchard_vr/vr.html https://td.doubleclick.net https://ct.pinterest.com  https://care.letslinc.com; child-src blob: 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.marthastewart.com; upgrade-insecure-requests; 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.google.com/ads/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://b.6sc.co/ https://app-sj27.marketo.com/ https://go.scaledagile.com/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://static.smartrecruiters.com/ https://*.company-target.com/ https://www.smartrecruiters.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://s.company-target.com/ https://scaledagilenetwork.com/; img-src 'self' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://www.google.com/ https://www.google.com/ads/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://cdn.vidyard.com/ https://cdn.vidyard.com/thumbnails/18287566/TcTilRh6vhdyHxZi9F4VIQ.png https://play.vidyard.com/ https://id.rlcdn.com/ https://b.6sc.co/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.linkedin.com/* https://go.scaledagile.com/ https://www.googletagmanager.com/ https://segments.company-target.com/ https://scaledagile.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://scaledagilenetwork.com/ https://safe.scaledagile.com/ https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; object-src 'self' blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; frame-src 'self' blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; 1
frame-ancestors 'self' https://cms.c2ccertified.org https://api.c2ccertified.org 1
allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1
block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.google.fr *.googleadservices.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io calendly.com *.calendly.com *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com  *.privacy-center.org *.helo-activation.fr *.blackfire.io google.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr  *.youtube.com  *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.vectary.com  *.instagram.com *.facebook.com *.cdninstagram.com *.googletagmanager.com *.pinterest.com calendly.com *.calendly.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com  *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.calendly.com  *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com  *.privacy-center.org *.google.fr *.googleadservices.com; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com  *.privacy-center.org *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com  *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.pinterest.com *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com  *.contentsquare.net *.contentsquare.com  *.contentsquare.fr  *.google-analytics.com  *.soyooz.com  *.mxpnl.com  code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com  *.blackfire.io  googleads.g.doubleclick.net  *.facebook.net  *.tradelab.fr  *.pinimg.com *.inbenta.services *.inbenta.io calendly.com *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com  *.privacy-center.org ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com  *.soyooz.com  *.atlantic.fr  *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.calendly.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com  *.privacy-center.org 1
frame-ancestors https://deejay.de https://*.deejay.de  https://vinylfuture.com https://*.vinylfuture.com; 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo-data.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' *.npo-data.nl cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com app.privacybee.ch app.privacybee.io *.googleapis.com *.google.com *.google.ch; font-src 'self' fonts.gstatic.com cdn.scaleflex.it; frame-src player.vimeo.com www.googletagmanager.com challenges.cloudflare.com; img-src 'self' data: region1.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.google.ch maps.gstatic.com; script-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.privacybee.ch app.privacybee.ch app.privacybee.io challenges.cloudflare.com 'nonce-+xWK1ZCjpI1up3BEQc5gCQ=='; style-src 'self' fonts.googleapis.com app.privacybee.ch app.privacybee.io 'unsafe-inline'; upgrade-insecure-requests; report-uri /nelmio/csp/report; worker-src 'self' blob: 1
frame-ancestors 'self' https://twitter.com; 1
default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com fonts.googleapis.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com papi.hobex.at; navigate-to 'self' https: 1
default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org;  style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/*; connect-src 'self'  *.thelinuxfoundation.org *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net  *.google-analytics.com *.gstatic.com *.google.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com *.youtube.com 1
default-src 'self';img-src *; script-src *; 1
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 1
allow 'self'; options inline-script eval-script 1
default-src 'unsafe-inline'  'unsafe-eval' 'self'  *.sessioncam.com *.cloudfront.net *.snapchat.com *.cookielaw.org *.tintup.com *.snapchat.com *.amazon-adsystem.com https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.googleapis.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.betrad.com *.youtube.com *.evidon.com *.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net *.doubleclick.net *.hypemarks.com *.gstatic.com *.krxd.net *.adimo.co *.bazaarvoice.com *.iesnare.com  *.googleadservices.com *.hotjar.com *.pricespider.com *.yahoo.com *.doubleclick.net *.hotjar.com *.nestle.co.uk *.google.com *.googleoptimize.com *.adsrvr.org *.gbqofs.com *.usabilla.com:* *.fusepump.com:* bam.nr-data.net:* *.locate.com:* *.mapbox.com:* *.pricespider.com:* *.sc-static.net *.snapchat.com *.tintup.com *.sc-static.net tintup.com:* sc-static.net:* *.cookielaw.org *.googletagmanager.com:* *.amazon-adsystem.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.addtoany.com *.jsdelivr.net *.cloudflare.com *.pinterest.com *.pinimg.com *.brightcove.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://*.qualtrics.com;; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com *.typography.com *.google.com *.fontawesome.com *.nestle.co.uk *.pricespider.com:* *.mapbox.com:* *.cloudfront.net *.salesforce.com *.bazaarvoice.com *.adimo.co *.salesforce-sites.com; img-src  'self' 'unsafe-inline' https: data: blob: *.googleapis.com *.gstatic.com *.cloudflare.com *.semasio.net *.sessioncam.com *.cloudfront.net *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.krxd.net *.starbucksathome.com *.adimo.co *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com *.google.co.in google-analytics.com *.google.com *.pantheonsite.io *.cookielaw.org *.pricespider.com:* *.adsrvr.org:* *.google.com *.google-analytics.com *.usabilla.com *.demdex.net *.yahoo.com *.bluekai.com *.imrworldwide.com *.sharethrough.com *.truoptik.com *.dotomi.com *.insightexpressai.com *.ml314.com *.amazon-adsystem.com *.googletagmanager.com *.eb2.3lift.com *.dr.mookie1.com *.track2.securedvisit.com *.mid.rkdms.com *.eb2.3lift.com https://app.optimizely.com https://cdn.optimizely.com https://siteintercept.qualtrics.com/;; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; frame-src 'self' *.addtoany.com *.youtube.com *.evidon.com *.fls.doubleclick.net *.youtube-nocookie.com *.hypemarks.com *.fusepump.com *.google.com *.krxd.net l3.evidon.com *.adimo.co *.bazaarvoice.com *.netsuite.com *.hotjar.com *.doubleclick.net *.netsuite.com *.flashtalking.com *.google.com *.tintup.com *.amazon-adsystem.com *.facebook.com *.adsrvr.org *.salesforce.com *.snapchat.com *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.pinterest.com *.adsrvr.org *.googletagmanager.com *.usabilla.com https://starbucks.jebbit.com/ https://a5763127292198912.cdn.optimizely.com https://a5763127292198912.cdn-pci.optimizely.com *.salesforce-sites.com https://*.qualtrics.com;; frame-ancestors 'self' *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us  *.hypemarks.com *.usabilla.com https://starbucks.jebbit.com/ *.salesforce-sites.com; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com http://live-dig0028606-coffee-starbucks-usa.pantheonsite.io https://live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io https.live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io blob:; https://*.optimizely.com;; font-src  'self' data: *.gstatic.com *.fontawesome.com *.cloudflare.com; connect-src 'self' *.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.analyze.ly *.serving-sys.com *.doubleclick.net *.iriworldwide.com *.bazaarvoice.com *.hotjar.io *.nr-data.net *.bing.com *.nestle.gbqofs.io *.pricespider.com:* *.mapbox.com:* *.usabilla.com *.google-analytics.com *.clarity.ms *.tintup.com *.amazonaws.com *.snapchat.com *.cookielaw.org *.onetrust.com *.bam.nr-data.net bam.nr-data.net:* *.pinterest.com *.google.com *.google-analytics.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com https://*.optimizely.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://*.qualtrics.com; 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com www.googleadservices.com crmweb.burkert.com cloud.ccm19.de *.snitcher.com sst.burkert.com googleads.g.doubleclick.net; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com googleads.g.doubleclick.net cloud.ccm19.de; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com cloud.ccm19.de; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net crmweb.burkert.com cloud.ccm19.de *.snitcher.com sst.burkert.com scnem.com scnem2.com; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.googletagmanager.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com scnem2.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1
default-src 'self'; frame-src 'self' https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://studio.eu.screencloud.com/ https://screencloud.com/ https://cdn.tickettailor.com/js/widgets/min/widget.js *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.webspellchecker.net/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline'  https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://studio.eu.screencloud.com/ https://screencloud.com/ *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://translate-pa.googleapis.com/ https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.analytics.google.com/ https://www.doctify.com/ *.webspellchecker.net/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
base-uri 'none';connect-src 'self' http://localhost:3001 http://127.0.0.1:3001 *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se *.oresundsbron.com *.adnxs.com *.bing.com *.bing.net *.clarity.ms *.facebook.com;font-src 'self' *.hotjar.com https://fonts.gstatic.com data:;form-action 'self' https://www.facebook.com;frame-ancestors 'none';img-src 'self' data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net https://stats.g.doubleclick.net *.bing.com *.bing.net *.clarity.ms;manifest-src 'self';media-src 'self' data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com *.bing.com *.bing.net *.clarity.ms *.strossle.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com *.bing.com *.bing.net *.clarity.ms;worker-src 'self'; 1
default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-scripts.com https://app.privally.global; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com https://www.googletagmanager.com/; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-a1224cfdc5c0b95c8c07fb90d49c9e7b' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a1224cfdc5c0b95c8c07fb90d49c9e7b' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.luckyorange.com https://*.googleapis.com; style-src *; img-src *; data:; connect-src https://*.luckyorange.com https://*.googleapis.com https://*.cloudflare.com https://*.mailchimp.com wss://*.visitors.live https://*.book4time.com https://*.salesforce.com https://*.googletagmanager.com https://*.boomtrain.com/ https://*.gstatic.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.chimpstatic.com https://*.list-manage.com;font-src * data: https://*.luckyorange.com; frame-src https://*.luckyorange.com https://*.book4time.com; worker-src blob:; media-src * data:; 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com d2hxmxr8sknmfu.cloudfront.net; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com wss://*.ca-central-1.amazonaws.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com  *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; font-src 'self' data:; report-uri /hec-report-csp-violation 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com *.x.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com cdnjs.cloudflare.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com rumble.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com *.jwplayer.com cdnjs.cloudflare.com stats.addtoany.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https://data.fiawec.com https://storage.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com http://fiawec.lmem-pp.6tm.eu https://fiawec.com https://hatscripts.github.io https://static.rolex.com https://www.youtube.com https://storage.googleapis.com https://www.fiawec.com https://i.ytimg.com https://www.youtube.com http://www.youtube.com https://play.google.com data: https://*.cdninstagram.com https://www.googletagmanager.com https://sdk.privacy-center.org https://api.privacy-center.org http://0.0.0.0:9008 https://www.google.com; block-all-mixed-content; connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com https://storage.googleapis.com https://data.wec-master.6tm.eu/ https://data.fiawec.com ws://fiawec.lan:9008 ws://teamarea.lan:9008 http://0.0.0.0:9008 https://www.google.com https://analytics.lmem.com; font-src 'self' data: http://0.0.0.0:9008 https://fonts.cdnfonts.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-ancestors 'self'; img-src 'self' https://www.youtube.com http://www.youtube.com https://play.google.com https://www.facebook.com https://sdk.privacy-center.org https://api.privacy-center.org https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' https://i.ytimg.com https://storage.googleapis.com https://*.cdninstagram.com data: https://hatscripts.github.io http://0.0.0.0:9008; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://connect.facebook.net https://cdnjs.cloudflare.com https://connect.facebook.net https://www.youtube.com http://www.youtube.com https://play.google.com https://sdk.privacy-center.org https://api.privacy-center.org https://www.googletagmanager.com https://www.google-analytics.com http://0.0.0.0:9008 https://app-worker.visitor-analytics.io https://visits.visitor-analytics.io https://www.gstatic.com https://www.google.com https://analytics.lmem.com; style-src 'self' 'unsafe-inline' https://fonts.cdnfonts.com http://0.0.0.0:9008 https://fonts.googleapis.com 1
default-src 'self'; child-src data: blob:; connect-src 'self' *.aticdn.net *.cdnbasket.net *.cookiebot.com *.googleapis.com *.hotjar.com *.hotjar.io *.onconnect-coach.3slab.fr *.payline.com *.suez.com *.xiti.com apisimulator.toutsurmoneau.test bam.eu01.nr-data.net bam.nr-data.net data.gouv.nc ids.cdnwidget.com payline.com smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net stats.g.doubleclick.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com wss://*.hotjar.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.jsdelivr.net *.jsdelivr.net general-runtime.voiceflow.com *.voiceflow.com runtime-api.voiceflow.com suez-search-engine.baker-park.com wss://*.voiceflow.com; font-src 'self' data: *.hotjar.com *.payline.com *.suez.com fonts.gstatic.com maxcdn.bootstrapcdn.com payline.com smartsolution-onconnectcoach.azureedge.net *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com suez-search-engine.baker-park.com; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-ancestors 'self' https://eco-gagnant-recette.stellio.io/ https://eco-gagnant.cud.fr https://seleniumbase.io/; frame-src 'self' data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com *.qualtrics.com *.cloudflare.com *.voiceflow.com suez-search-engine.baker-park.com; img-src 'self' data: blob: *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.hotjar.com *.payline.com *.suez.com *.youtube-nocookie.com *.youtube.com api.cabestan.com cdn1.iconfinder.com cloudfront.net maps.googleapis.com maps.gstatic.com payline.com smartsolution-onconnectcoach.azureedge.net www.googletagmanager.com *.suez.com *.cookiebot.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.voiceflow.com general-runtime.voiceflow.com cm4-production-assets.s3.amazonaws.com suez-search-engine.baker-park.com; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net suez-search-engine.baker-park.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ati-host.net *.aticdn.net *.atinternet-solutions.com *.atinternet.com *.atinternet.io *.bootstrapcdn.com *.capadresse.com *.capadresse.com:2814 *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.google.com *.google.com/maps *.hotjar.com *.js-agent.newrelic.com *.newrelic.com *.onconnect-coach.3slab.fr *.payline.com *.piano.io *.suez.com *.xiti.com ajax.cloudflare.com api.cabestan.com apisimulator.toutsurmoneau.test bam.nr-data.net capadresse.apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 code.jquery.com maps.googleapis.com payline.com smartsolution-smartcoach.azureedge.net suez-eau-france.dimelochat.com ws.livingactor.com www.googletagmanager.com www.gstatic.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test *.cloudflare.com cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com general-runtime.voiceflow.com runtime-api.voiceflow.com blob: suez-search-engine.baker-park.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.hotjar.com *.payline.com *.suez.com fonts.googleapis.com payline.com smartsolution-smartcoach.azureedge.net www.gstatic.com *.googleapis.com *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com suez-search-engine.baker-park.com; worker-src blob: 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1
frame-ancestors 'self' bewerbung.jobs 1
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
object-src 'none'; frame-ancestors *; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com;  1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.aboutespanol.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com analytics.mbda-systems.com static.addtoany.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.epresspack.online analytics.mbda-systems.com; img-src 'self' data: *.epresspack.online newsroom.mbda-systems.com analytics.mbda-systems.com; media-src 'self' about: data:; frame-src 'self' *.youtube.com static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' analytics.mbda-systems.com static.addtoany.com stats.addtoany.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
frame-ancestors 'self' https://weiterbildung.snv.ch/ 1
frame-ancestors https://*.posylka.de 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-eu.purina.fr; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.fr 1
default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com analytics.imirwin.com partner.googleservices.com partner.googleadservices.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com *.gstatic.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.google.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com td.doubleclick.net syndicatedsearch.goog;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com analytics.imirwin.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1
default-src 'self' data: https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self' https://ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: https://*.ckeditor.com https://*.hotjar.com https://*.hotjar.io https://*.teads.tv https://aax-eu.amazon-adsystem.com https://ams.creativecdn.com https://ara.paa-reporting-advertising.amazon https://c.amazon-adsystem.com https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://insight.adsrvr.org https://maps.googleapis.com https://p1.outbrain.com https://p1.zemanta.com https://region1.analytics.google.com https://region1.google-analytics.com https://static1.r66net.com https://stats.g.doubleclick.net https://www.google.com; frame-src 'self' https://*.doubleclick.net https://*.greenconnected.fr https://aax-eu.amazon-adsystem.com https://ams.creativecdn.com https://bonusqualirepar.ecosystem.eco https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://ecosystemfrance.qualtrics.com https://extranet.corepile.net https://form.jotform.com https://insight.adsrvr.org https://match.adsrvr.org https://page.ecosystem.eco https://portail-reparateurs.ecosystem.eco https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.adveris.dev https://*.doubleclick.net https://*.ecosystem.eco https://*.teads.tv https://*.tracker.adotmob.com https://ads-engagement.presage.io https://ads-engagement.presage.io https://adservice.google.com https://cm.creativecdn.com https://ib.adnxs.com https://ih.adscale.de https://img.youtube.com https://imgsct.cookiebot.com https://insight.adsrvr.org https://jedonnemontelephone.fr https://ks1.b26net.com https://ks1.invibes.com https://maps.googleapis.com https://maps.gstatic.com https://p1.zemanta.com https://pixel.rubiconproject.com https://r.phywi.org https://rt.udmserve.net https://secure.adnxs.com https://track.adform.net https://www.img-static.com https://www.google.fr https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://*.ecosystem.eco; object-src 'none'; script-src 'unsafe-inline' 'self' https://*.hotjar.com https://ads-engagement.presage.io https://c.amazon-adsystem.com https://cdn.datatables.net https://cdn.matomo.cloud https://cdn.powerspace.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://fonts.googleapis.com https://insight.adsrvr.org https://js-tag.zemanta.com https://js.adsrvr.org https://k.r66net.com https://maps.googleapis.com https://p.teads.tv https://s2.adform.net https://static.r66net.net https://tags.creativecdn.com https://track.adform.net https://www.googletagmanager.com https://www.youtube.com; style-src 'unsafe-inline' 'self' https://cdn.datatables.net https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://www.googleadservices.com https://*.feefo.com https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://login.microsoftonline.com https://*.google-analytics.com https://*.analytics.google.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.venturonet.com https://cloudflareinsights.com https://*.googlesyndication.com; font-src 'self' cdnjs.cloudflare.com https://fonts.gstatic.com data: https://*.venturonet.com https://*.feefo.com https://*.googlesyndication.com; frame-src 'self' https://*.google.com/recaptcha https://*.google.com https://google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.venturonet.com https://*.googlesyndication.com; img-src 'self' data: https://*.feefo.com https://*.googlesyndication.com https://*.disabledholidays.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://google.com https://*.google.com https://*.google.co.uk https://*.venturonet.com; script-src 'self' 'unsafe-inline' https://*.feefo.com https://unpkg.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.googleadservices.com https://*.google.com https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://*.venturonet.com https://*.googlesyndication.com 'nonce-fD7dvJjpTTgBPxOosr8kuw=='; style-src 'self' https://*.feefo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://*.venturonet.com https://*.googlesyndication.com 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.polkastarter.com https://*.cookie3.co https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://*.bnbchain.org https://*.bnbchain.org:8545/ https://rpc.ankr.com/bsc https://*.binance.org https://testnet.omni.network https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.base.org https://sepolia.base.org https://forno.celo.org https://alfajores-forno.celo-testnet.org https://mainnet.mode.network https://sepolia.mode.network https://goerli.optimism.io https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc.ankr.com/polygon_mumbai https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://rpc.ankr.com https://rpc.ankr.com/eth https://rough-lingering-pine.bsc.quiknode.pro https://little-intensive-wildflower.quiknode.pro https://rpc.mainnet.sui.io/ https://httpbin.org/ https://evm-rpc.sei-apis.com/ https://evm-rpc-testnet.sei-apis.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'none';frame-src https://in.sumsub.com/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live https://www.tradingview-widget.com https://s.tradingview.com https://*.facebook.net https://*.facebook.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co https://www.youtube.com https://unpkg.com https://s3.tradingview.com https://*.facebook.net https://*.facebook.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1
default-src 'self' https://ajax.aspnetcdn.com https://mozaikportail.ca/;object-src 'none';frame-ancestors 'none';base-uri 'self';style-src 'self' 'unsafe-inline' https://ajax.aspnetcdn.com https://www.gstatic.com/recaptcha/ https://mozaikportail.ca/;script-src 'self' 'unsafe-inline'  https://www.google.com/recaptcha/ https://ajax.aspnetcdn.com  https://www.gstatic.com/recaptcha/  https://mozaikportail.ca/;frame-src *;img-src *;upgrade-insecure-requests; 1
default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src 'self' data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.analytics.google.com https://www.google.com https://checkout.stripe.com https://api.stripe.com https://*.ads.linkedin.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net r2cdn.perplexity.ai; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com https://px.ads.linkedin.com https://www.linkedin.com/px; object-src https://s3-eu-west-1.amazonaws.com/catapush-cdn/; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://js.stripe.com https://js.hsforms.net/forms/v2.js https://snap.licdn.com https://*.ads.linkedin.com 'report-sample' 'unsafe-inline' 'nonce-xQHVx5i4zXsybLzNC/4Xvg=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: * 1
allow *; options inline-script eval-script; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.technipenergies.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://d3js.org https://cdn.jsdelivr.net https://*.ten.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com https://d3js.org; img-src 'self' data: *; frame-src 'self' https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com https://tools.eurolandir.com https://fr.zone-secure.net https://*.ten.com https://*.technipenergies.com https://sdk.companywebcast.com; frame-ancestors 'self' https://*.ten.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com https://www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-eval' 'nonce-ab84529838966a18841e61fca703c106' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de https://*.trustedshops.com https://*.etrusted.com; style-src 'self' 'nonce-ab84529838966a18841e61fca703c106' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U='  'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU='  'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4='  'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o='  'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A='  'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0='  'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg='  'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0='  'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8='  'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='  'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk='  'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k='  'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g='  'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM='  'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc='  'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA='  'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw='  'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs='  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='  'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA='  'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8='  'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM='  'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60='  'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk='  'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA='  'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4='  'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA='  'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0='  'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo='  'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg='  'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8='  'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk='  'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4='  'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y='  https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.abtasty.com *.bing.com *.bing.net *.clarity.ms *.google.com *.google.fr *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.infra-hellowork.com *.nr-data.net *.regionsjob.com *.twitter.com api.typeform.eu cdn.jsdelivr.net/gh/magma-app/magma-widget@latest/src/widget-v3.min.js googleads.g.doubleclick.net vimeo.com *.mixpanel.com; font-src 'self' fonts.cdnfonts.com/s/14903/ *.abtasty.com; frame-ancestors 'self'; frame-src 'self' *.abtasty.com *.francetv.fr *.frcapi.com *.googletagmanager.com *.instagram.com *.linkedin.com *.magma.app *.podcasts.apple.com *.slideshare.net *.soundcloud.com *.tiktok.com *.ttwstatic.com *.twitter.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.youtube.br *.youtube.com form.typeform.eu td.doubleclick.net datawrapper.dwcdn.net; img-src 'self' data: *.abtasty.com *.bing.com *.bing.net *.facebook.com *.google.com *.google.fr *.googleadservices.com *.googletagmanager.com *.hellowork.com *.osm.org *.tile.openstreetmap.fr tile.openstreetmap.org *.twitter.com *.vimeocdn.com diplomeo.com https://i.hellowork.com diplomeo-static.com googleads.g.doubleclick.net *.googlesyndication.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' embed.typeform.com *.abtasty.com *.aticdn.net *.bing.com *.bing.net *.clarity.ms *.dev-hellowork.com *.facebook.com *.google.com *.google.fr *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.infra-hellowork.com *.instagram.com *.regionsjob.com *.tiktok.com *.ttwstatic.com *.twitter.com *.youtube-nocookie.com *.youtube.br *.youtube.com googleads.g.doubleclick.net *.mixpanel.com 'unsafe-inline' 'nonce-fML5PY61v+f1aGcWR7uNOg=='; style-src 'self' 'unsafe-inline' *.abtasty.com *.hellowork.com *.ttwstatic.com embed.typeform.com fonts.cdnfonts.com/css/sofia-pro; report-uri /nelmio/csp/report 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.allpeoplequilt.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self'  https://cdn.ckeditor.com data: ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net d3rxaij56vjege.cloudfront.net googleads.g.doubleclick.net snap.licdn.com sourcepoint.activehosted.com static.hsappstatic.net https://tag.demandbase.com trackcmp.net www.google.com www.googleadservices.com www.google-analytics.com https://*.googletagmanager.com www.gstatic.com https://www.influ2.com https://sc.lfeeder.com https://*.hsforms.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hubspot.com https://*.hs-scripts.com cdn.jsdelivr.net https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.simplecast.com https://*.clarity.ms https://static.ads-twitter.com  https://*.onetrust.com 'sha256-/RJ8NoT76/a8Ofw1yEJbkar6uEejOHUvY4mRxpEg6BA=' 'sha256-CcQPEGIn1YFID9D2udl6b+ZuRUOHqrMxSQP9xHz1pMY=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo='; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com fonts.bunny.net js.hsforms.net js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net cdn.jsdelivr.net  https://cdn.ckeditor.com ; img-src data: *; media-src 'self'; frame-src 'self' td.doubleclick.net s.company-target.com www.google.com player.vimeo.com gateway.zscalerthree.net www.googletagmanager.com block.opendns.com https://*.hsforms.com https://www.youtube-nocookie.com https://www.youtube.com https://player.simplecast.com/ https://www.slideshare.net https://ga.firstsource.com; frame-ancestors https:; font-src 'self' data: fonts.gstatic.com static.zip.co fonts.bunny.net; connect-src 'self' https://*.google.com https://adservice.google.com api.company-target.com px.ads.linkedin.com segments.company-target.com stats.g.doubleclick.net t.influ2.com tag-logger.demandbase.com www.google-analytics.com www.influ2.com https://*.hsforms.com https://*.hscollectedforms.net  https://www.googleadservices.com https://*.hubspot.com https://www.youtube-nocookie.com https://www.youtube.com https://*.clarity.ms  https://www.facebook.com https://connect.facebook.net https://ga.firstsource.com  https://*.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com cdn.jsdelivr.net; report-uri /report-csp-violation 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' 'wasm-unsafe-eval' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://meruscase-application-assets-production.s3.us-west-1.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tour.klapty.com/; 1
default-src 'self'; connect-src 'self' www.google-analytics.com *.analytics.google.com *.google-analytics.com wss://www.joa.fr stats.g.doubleclick.net maps.googleapis.com www.novaresa.net www.joa.fr consentcdn.cookiebot.com www.facebook.com cxppusa1formui01cdnsa01-endpoint.azureedge.net *.dynamics.com; font-src 'self' fonts.gstatic.com data:; frame-ancestors https://enplug.com https://*.enplug.com cxppusa1formui01cdnsa01-endpoint.azureedge.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com module.lafourchette.com widget.thefork.com *.weezevent.com ubishaker.com t.regionsjob.com *.gaming1.com www.google.com widget.fanzo.com www.facebook.com consentcdn.cookiebot.com *.paperform.co; img-src 'self' www.googletagmanager.com media.joa.fr www.google-analytics.com ytimg.com i.ytimg.com img.youtube.com www.facebook.com www.google.com www.google.fr maps.googleapis.com *.gstatic.com data: blob: www.novaresa.net novaresa.net icons.batch.com www.google.ch www.google.hr www.google.lu www.joa.fr www.tripadvisor.fr via.batch.com apply.indeed.com brand.joa.fr media.ffycdn.net assets-fra.mkt.dynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com www.youtube.com connect.facebook.net maps.googleapis.com www.novaresa.net www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.joa.fr www.weezevent.com t.regionsjob.com paperform.co static.cloudflareinsights.com cdnjs.cloudflare.com cxppusa1formui01cdnsa01-endpoint.azureedge.net brand.joa.fr; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.novaresa.net www.googletagmanager.com; upgrade-insecure-requests; report-uri /csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' * blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://goloadup.com 1
default-src 'self'; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://connectwidgets.sutherlandconnect.com newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://ckf02.lancsd.org https://bam.nr-data.net https://js-agent.newrelic.com http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdn.sutherland.ai/messenger/twix/build/js/sgs-bundle.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://challenges.cloudflare.com/turnstile/v0/api.js https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://marspulse.my.site.com/ESWMWEinsteinBotGeneri1749101303349/assets/js/bootstrap.min.js https://analytics.tiktok.com https://analytics.tiktok.com/* https://tr.snapchat.com/* https://tr.snapchat.com; object-src 'none'; frame-src 'self' blob: https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://challenges.cloudflare.com/ https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://analytics.tiktok.com https://www.youtube-nocookie.com/; child-src blob: 1
frame-ancestors 'self' *.leoncountyfl.gov  leoncmsinternet-new.azurewebsites.net; object-src 'none' https:; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com www.googletagmanager.com www.gstatic.com adservice.google.ru adservice.google.com.ua *.google.com *.mail.ru vk.com vk.ru *.buzzoola.com ajax.googleapis.com *.doubleclick.net cackle.me *.cackle.me *.sape.ru code.createjs.com ad.slickjump.com slickjump.com sjsmartcontent.ru googletagmanager.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru cdn.al-adtech.com *.al-adtech.com *.botfaqtor.ru www.acint.net; connect-src 'self' an.yandex.ru strm.yandex.ru mc.yandex.ru mc.yandex.com wss://mc.yandex.com yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru sjsmartcontent.ru *.al-adtech.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com www.cloudflare.com secureads.increaserev.com *.botfaqtor.ru 1
"default-src *" 1
https://client.libertydentalplan.com; https://libertydentalplan.com 1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rollbar.com *.nrich.ai *.cookiebot.eu *.usemessages.com *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src  *.nrich.ai *.usercentrics.eu *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.googletagmanager.com *.cookiebot.eu *.hubspot.com td.doubleclick.net ad.doubleclick.net  *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.ithemes.com *.hsappstatic.net *.run.app *.conversionsapigateway.com *.bing.com *.bing.net *.nrich.ai *.cookiebot.eu google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
default-src 'self'; script-src 'self'; img-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
frame-ancestors 'self' aviloo--uat.sandbox.my.site.com site.com checkjeaccu.nl www.checkjeaccu.nl 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.tiktokw.us https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://www.buymusic.club wss://ws.hotjar.com https://*.hcaptcha.com https://www.google.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors 'none'; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com https://www.googletagmanager.com/ https://td.doubleclick.net/ https://wdgt.slinger.to https://global.frcapi.com; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com https://*.licdn.com https://*.snapchat.com https://widget.slinger.to https://analytics.tiktok.com https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk@0.1.31/site.min.js 'nonce-77JOWzxi6XLFGSCqarPGUQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com https://widget.slinger.to; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' oppwa.com *.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.snapchat.com snapchat.com *.medallia.eu medallia.eu *.tealiumiq.com tealiumiq.com *.outbrain.com outbrain.com *.paypal.com paypal.com; frame-src 'self' directus.br.extranet.addmore.cloud oppwa.com *.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com *.snapchat.com snapchat.com *.googletagmanager.com googletagmanager.com *.paypal.com paypal.com; img-src 'self' data: 'unsafe-inline' oppwa.com *.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com *.bing.net bing.net maps.gstatic.com *.googletagmanager.com googletagmanager.com *.outbrain.com outbrain.com *.paypalobjects.com paypalobjects.com; media-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' oppwa.com *.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com *.sc-static.net sc-static.net *.snapchat.com snapchat.com *.outbrain.com outbrain.com *.paypal.com paypal.com; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1
default-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.victoria.ca *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recollect.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com tagmanager.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recaptcha.net *.recollect.net translate-pa.googleapis.com addsearch.com *.jsdelivr.net *.ecdev.org *.facebook.net googleads.g.doubleclick.net; object-src 'self' *.googlesyndication.com https://cityofvictoria.perfectmind.com; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.typekit.net *.fontawesome.com fonts.googleapis.com translate.googleapis.com unpkg.com *.gstatic.com *.googletagmanager.com *.fastly.net *.addsearch.com *.ecdev.org; img-src 'self' data: blob: *.google.com *.google.ca *.googleadservices.com *.fastly.net *.ytimg.com *.recollect.net *.gstatic.com *.openstreetmap.org *.addsearch.com *.cloudfront.net *.googletagmanager.com addsearch.com *.googleapis.com *.cloudfront.net *.arcgisonline.com *.victoria.ca; frame-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net  azurewebsites.net *.azurewebsites.net *.ecdev.org *.escribemeetings.com alertable.ca; frame-ancestors 'self' *.facebook.com *.bsky.app *.linkedin.com *.instagram.com *.cdninstagram.com *threads.net ; child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net azurewebsites.net *.azurewebsites.net; font-src 'self' *.gstatic.com *.fontawesome.com data: *.typekit.net fastly.net *.global.ssl.fastly.net *.fastly.net recollect-us.global.ssl.fastly.net *.scite.ai; connect-src 'self' https://*.victoria.ca *.fontawesome.com *.google.com *.google-analytics.com *.fontawesome.com *.googleadservices.com *.googleapis.com *.azurewebsites.net *.recaptcha.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://*.fbcdn.net https://*.cdninstagram.com; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com https://connect.facebook.net https://www.facebook.com https://audio7.audima.co blob: data:; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com https://api.cvortex.com https://backmenu.audima.co https://ka-f.fontawesome.com https://cdn.privacytools.com.br https://pt.wiktionary.org https://en.wiktionary.org https://es.wiktionary.org https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://cdn.jsdelivr.net https://www.google.com https://myminerva.minervafoods.com https://raw.githubusercontent.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://menu.audima.co https://ka-f.fontawesome.com https://vlibras.gov.br https://cdn.jsdelivr.net https://fonts.bunny.net data:; form-action 'self' https://www.facebook.com https://wpmudev.com data:; frame-ancestors 'none'; frame-src https://www.gstatic.com https://www.google.com https://audio7.audima.co https://www.youtube.com https://open.spotify.com https://clarity.microsoft.com https://td.doubleclick.net/ blob:; img-src 'self' https://minervafoods.com https://vlibras.gov.br https://www.google.com.br https://myminerva.minervafoods.com https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net https://s.w.org https://claritystatic.blob.core.windows.net https://menu.audima.co https://2.gravatar.com https://*.cdninstagram.com data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://menu.audima.co https://audio7.audima.co https://kit.fontawesome.com https://www.youtube.com https://cdn.privacytools.com.br https://www.vlibras.gov.br https://unpkg.com https://clarity.microsoft.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.privacytools.com.br https://fonts.bunny.net 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data: 1
default-src 'self' 'unsafe-inline' *.demdex.net *.jsdelivr.net *.mapbox.com *.linkedin.com *.demdex.net *.app.powerbi.com jquery.min.js ; script-src 'self' 'unsafe-inline' blob: *.adobedtm.com *.jsdelivr.net  'unsafe-inline' *.licdn.com *.facebook.net *.mapbox.com *.omtrdc.net *.newrelic.com *.youtube.com *.omtrdc.net   *.googletagmanager.com *.dwcdn.net *.vimeo.com 'unsafe-eval' youtube-nocookie.com https://app.powerbi.com/* ; style-src 'self' 'unsafe-inline' *.googleapis.com *.jsdelivr.net *.mapbox.com *.youtube.com *.vimeo.com  *.dwcdn.net  *.nocookie.com jquery.min.js ; img-src 'self' data: blob: *.linkedin.com *.omtrdc.net *.ytimg.com https://app.powerbi.com/*; frame-src 'self'  *.youtube.com *.vimeo.com https://www.youtube-nocookie.com https://app.powerbi.com/* https://app.powerbi.com/reportEmbed/* https://app.powerbi.com ; child-src https://app.powerbi.com/* https://app.powerbi.com/reportEmbed/* blob:; font-src 'self' *.gstatic.com *.googleusercontent.com ; connect-src 'self' *.jsdelivr.net *.mapbox.com *.linkedin.com *.nr-data.net *.youtube.com *.omtrdc.net  *.dwcdn.net  google-analytics.com youtube-nocookie.com jquery.min.js *.demdex.net 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com *.typeform.com; fullscreen *.typeform.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net code.highcharts.com googleapis.com script.crazyegg.com unpkg.com *.google-analytics.com www.google.com/recaptcha/ www.googletagmanager.com www.gstatic.com app.powerbi.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com googleapis.com script.crazyegg.com unpkg.com; img-src 'self' data: googleapis.com *.google-analytics.com www.googletagmanager.com www.gstatic.com; frame-src 'self' *.domoapps.prod101.domo.com aibc.pandemicoversight.gov blob: domoapps.prod101.domo.com public.domo.com static.pandemicoversight.gov storymaps.arcgis.com www.arcgis.com www.google.com app.powerbi.com; frame-ancestors 'self' *.domo.com *.domoapps.prod101.domo.com cigie-gov.domo.com domoapps.prod101.domo.com; child-src blob: app.powerbi.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com *.google-analytics.com www.google.com/recaptcha/ app.powerbi.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://piwik.bioeg.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/ ; frame-src *.frcapi.com 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/; img-src 'self' data: https://www.google.com/ https://www.gstatic.com/; object-src 'self' data: https://www.google.com/ https://www.gstatic.com/; frame-src 'self' data: https://www.google.com/ https://www.gstatic.com/; 1
frame-ancestors t.signalplus.com fi.signalplus.com t.signalplus.net fi.signalplus.net  falconx.signalplus.com falconx.signalplus.net t-pre.signalplus.com; 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io  https://s.pinimg.com  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.taboola.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://www.googletagmanager.com https://player.captivate.fm https://crelan-selfservice-qa.web.opercredits.com https://crelan-selfservice-production.web.opercredits.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com  https://ct.pinterest.com *.fontawesome.com https://*.cookiepro.com https://*.taboola.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.ew.com; upgrade-insecure-requests; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.geoportal-bw.de *.leo-bw.de *.youtube-nocookie.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de *.podigee.io *.podigee-cdn.net *.interamt.de; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; report-uri /security/csp/report 1
default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org piwik.bzga.de eu.frcapi.com; style-src 'self' 'unsafe-inline';font-src 'self' data:; media-src 'self' *.stage.bio; connect-src 'self' nominatim.openstreetmap.org ws://socket.stage.bio *.stage.bio piwik.bzga.de; img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de *.stage.bio; frame-ancestors 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 1
report-to 'self' ; child-src 'self' ; connect-src 'self' *.opentech.fund *.wpengine.com *.yoast.com *.cloudflareaccess.com *.googleapis.com; default-src 'self' ; font-src 'self'  'unsafe-inline'  'unsafe-eval'  *.opentech.fund *.gstatic.com *.bootstrapcdn.com 'self' data: *.cloudflareaccess.com; form-action 'self' ; frame-src 'self' *.opentech.fund *.youtube.com *.hrmdirect.com *.cloudflareaccess.com; frame-ancestors 'self' ; img-src 'self' 'self' data: *.w.org *.gravatar.com *.gstatic.com *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.google.com *.googleapis.com; manifest-src 'self' ; media-src 'self' 'self' data: *.opentech.fund; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' 'self' data:  *.gstatic.com *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.google.com *.googleapis.com; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' 'self' data: *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.google.com *.googleapis.com; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' 'self' data: *.opentech.fund *.google.com *.googleapis.com; style-src 'self'  'unsafe-inline'  'unsafe-eval' 'self' data: *.gstatic.com *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.googleapis.com; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' 'self' data: *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.googleapis.com *.gstatic.com; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' 'self' data: *.cloudflareaccess.com *.opentech.fund *.googleapis.com *.gstatic.com; worker-src 'self' ; 1
default-src 'self' https://cdn.tailwindcss.com; script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com; style-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com; 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://teach.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1
base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; connect-src 'self' https://www.googletagmanager.com/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://api.cloud.247-inc.net/ https://stg-tie.cloud.247-inc.net/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://d1af033869koo7.cloudfront.net http://d1af033869koo7.cloudfront.net https://dpm.demdex.net/ https://adobedc.demdex.net/ https://edge.adobedc.net https://privacyportal-eu.onetrust.com/ wss://127.0.0.1:2045; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://fonts.gstatic.com/ https://cm.everesttech.net/ data: blob:; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Oh%2F3T4vErB0jrrzaerRlHoP%2B8qNVSSCWRgglLRnfUVFYoyJ0bD%2FolOL07vpmqU%2BfBY4bCrgdi4DkoitWivCU%2FA%3D%3D;  1
base-uri 'self'; child-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.feefo.com/ https://*.google.com/ https://www.googleadservices.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbankinggroup.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://ict.infinity-tracking.net/ https://insights.sitesearch360.com/ https://stats.g.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.co.uk/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' https://*.feefo.com/ https://*.paragonbankinggroup.co.uk/ https://*.surveymonkey.com/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://ict.infinity-tracking.net/ https://pagead2.googlesyndication.com/ https://snap.licdn.com/ https://unpkg.com/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://dev.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://register.feefo.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self' https://*.surveymonkey.com/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=RIYxYCuh7m%2FkYpIm9wAqTFA1KMgyKLvv%2FOY1RNI4LDxEGaguO4IesA1T0bZAAT7fgPCRIDxKTcHdAmH31WHUXQ%3D%3D; 1
frame-ancestors *.scaledrone.com 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com https://*.juicer.io ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.sc-static.net https://*.bing.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com https://online.flippingbook.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.monitor.azure.com https://monitor.azure.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://bat.bing.com https://bat.bing.net ;connect-src 'self' https://docs.google.com https://www.google.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://bat.bing.com https://bat.bing.net ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://t.co https://*.muchloved.com https://bat.bing.com https://bat.bing.net ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.issuu.com https://*.hotjar.com ;frame-src 'self' https://docs.google.com https://static.addtoany.com https://td.doubleclick.net https://www.googletagmanager.com https://forms.office.com https://customervoice.microsoft.com https://crohnsandcolitis.org.uk https://www.google.com https://app.postermaker.io https://www.muchloved.com https://e.issuu.com https://www.youtube.com https://www.youtube-nocookie.com https://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com https://chats.landbot.io https://online.flippingbook.com https://player.vimeo.com https://accounts.google.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' 'unsafe-inline' data: ; 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl blob:; worker-src blob:; frame-ancestors 'self' *.ufg.pl; 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://*.spotify.com https://archiv.yourvideo.tv https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://*.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at wss://*.onlim.com https://*.googleapis.com https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com https://*.onlim.com; media-src https://* 1
default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com pagead2.googlesyndication.com www.google.com www.googletagmanager.com www.googleadservices.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.sentry.io browser.sentry-cdn.com *.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io d.impct.site https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com surveys-static.survicate.com pixels.spotify.com pixel.byspotify.com evnt.byspotify.com *.reddit.com www.redditstatic.com *.eppo.cloud prod-clickandboat-private-bucket.s3.eu-central-1.amazonaws.com; font-src 'self' data: static3.clickandboat.com https://assets.nautal.com/frontend-assets/master/ assets.nautal.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com bytedance: sslocal:; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com prod-clickandboat-private-bucket.s3.eu-central-1.amazonaws.com *.doubleclick.net secure.adnxs.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com www.google.ae www.google.am www.google.at www.google.az www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.jp www.google.co.ke www.google.co.nz www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.zm www.google.co.zw www.google.com www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.kh www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.na www.google.com.pa www.google.com.pk www.google.com.qa www.google.com.sv www.google.com.tr www.google.com.ua www.google.ci www.google.cz www.google.de www.google.dk www.google.dz www.google.es www.google.fr www.google.fi www.google.ga www.google.ge www.google.gp www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.it www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mg www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.sn *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com x.bidswitch.net r.casalemedia.com id5-sync.com ad.360yield.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ad.yieldlab.net sync.1rx.io wjzjfj.clickandboat.com gum.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com csm.fr3.eu.criteo.net *.reddit.com www.redditstatic.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com browser.sentry-cdn.com fast.ssqt.io pixel.byspotify.com *.reddit.com www.redditstatic.com 'unsafe-inline' 'nonce-azUR35a9UNmw8noaOdetGQ=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com www.gstatic.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; report-uri https://o417216.ingest.us.sentry.io/api/4506020607492097/security/?sentry_key=3c14ba189cc8cb536d95fb1b6fe67298&sentry_environment=prod 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net www.canva.com *.youtube.com view.genial.ly view.genially.com climatefarmdemo.eu *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
default-src 'self' https://*.energylink.com wss://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net 'unsafe-eval' 'unsafe-inline'; font-src 'self' blob: data: https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us https://fonts.googleapis.com https://fonts.google.com https://fonts.gstatic.com; img-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; object-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; media-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com https://player.vimeo.com; script-src 'self' blob: data: https://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com;  1
default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * https:; 1
frame-ancestors https://*.innovatrics.com 1
frame-ancestors 'self' https://app.signageful.com; script-src 'self' 'unsafe-inline' 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
frame-ancestors khh.travel 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob:;img-src * data: blob:;font-src * data:; 1
frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1
default-src * 'self' *.lpsnmedia.net *.billtrust.com; style-src 'self' http://* 'unsafe-inline' *.lpsnmedia.net *.liveperson.net *.billtrust.com https://*.hotjar.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.liveperson.net https://*.hotjar.com assets.adobedtm.com; img-src * 'self' data: https: *.lpsnmedia.net https://*.hotjar.com; font-src 'self' data: https://smart-ip.net *.kaltura.com https://*.hotjar.com; connect-src 'self' wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.azurewebsites.net wss://*.signalr.net *.signalr.net *.kaltura.com *.walkme.com *.demdex.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.omtrdc.net; frame-src * 'self' *.lpsnmedia.net *.liveperson.net; media-src 'self' blob: *.lpsnmedia.net *.kaltura.com; 1
: default-src 'self' 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; style-src https: 'unsafe-inline' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://www.instagram.com https://static.cdninstagram.com; frame-src 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de https://www.youtube-nocookie.com https://www.youtube.com https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; frame-ancestors 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de; 1
frame-ancestors * 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com *.licdn.com https://translate.google.com https://translate.googleapis.com *.typekit.net; manifest-src 'self' https://www.wefact.nl; img-src 'self' data: *.wefact.ai *.taggrs.io *.analytics.google.com *.gstatic.com https://maps.googleapis.com https://www.mijnwefact.nl *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://www.google.com https://www.google.be https://www.google.nl https://www.googleadservices.com https://googleads.g.doubleclick.net https://webstream.wefact.com https://webfiles.wefact.com https://googletagmanager.com *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.clarity.ms *.bing.com https://bat.bing.net https://www.mollie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wefact.ai https://flow.wefact.nl https://www.mijnwefact.nl https://www.youtube.com http://www.youtube.com/iframe_api *.ytimg.com *.facebook.com *.facebook.net *.linkedin.com *.licdn.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://developers.google.com https://maps.googleapis.com *.gstatic.com https://tagmanager.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com *.clarity.ms *.bing.com *.bing.net https://secure.adnxs.com *.googletagmanager.com *.cookiebot.com; font-src 'self' data: https://www.mijnwefact.nl *.typekit.net https://fonts.gstatic.com; connect-src 'self' *.open.cx *.wefact.ai https://flow.wefact.nl https://maps.googleapis.com https://places.googleapis.com https://www.mijnwefact.nl https://graphql.prepr.io *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.clarity.ms *.bing.com *.bing.net https://translate.googleapis.com https://translate-pa.googleapis.com *.cookiebot.com https://www.wefact.nl https://webstream.wefact.com https://webfiles.wefact.com; frame-src 'self' https://flow.wefact.nl https://www.mijnwefact.nl https://www.youtube.com *.facebook.com *.facebook.net *.linkedin.com https://bid.g.doubleclick.net https://td.doubleclick.net https://outlook.office365.com *.googletagmanager.com *.cookiebot.com; frame-ancestors 'self'; object-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://www.wefact.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms *.bing.com *.bing.net; media-src 'self' https://www.mijnwefact.nl https://www.wefact.nl; child-src *.facebook.com *.facebook.net; 1
script-src 'self' 'unsafe-eval' 'nonce-e08ab336423defc4c4d2c1ebdeded6a2' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de https://*.trustedshops.com https://*.etrusted.com; style-src 'self' 'nonce-e08ab336423defc4c4d2c1ebdeded6a2' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U='  'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU='  'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4='  'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o='  'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A='  'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0='  'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg='  'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0='  'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8='  'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='  'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk='  'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k='  'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g='  'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM='  'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc='  'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA='  'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw='  'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs='  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='  'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA='  'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8='  'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM='  'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60='  'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk='  'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA='  'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4='  'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA='  'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0='  'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo='  'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg='  'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8='  'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk='  'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4='  'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y='  https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com google.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com www.linkedin.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net analytics.ahrefs.com *.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live wss://realtime.luckyorange.com/mqtt https://in.visitors.live/ajax  https://storage.googleapis.com/lucky-orange-public/heatmap2/* *.crwdcntrl.net *.doubleclick.net *.adobedtm.com *.segment.io *.segment.com *.momentivesoftware.com blob: 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://*.taboola.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com  https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com https://cdn.ckeditor.com https://static.cloudflareinsights.com https://b.static.lightning.force.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/*; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch *.cablex-germany.de; frame-ancestors *.cablex.test *.cablex.test:18443 *.azurewebsites.net *.prospective.ch *.cablex.ch *.cablex-germany.de *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com *.google.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/* *.youtube.com *.doubleclick.net *.google.com *.gstatic.com; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch *.cablex-germany.de; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self'; 1
default-src https: 'self' blob:;script-src https: 'unsafe-inline' 'unsafe-eval' 'self';script-src-elem https: 'self' 'unsafe-inline';object-src https: 'self' blob:;frame-src 'self' blob: https:;style-src 'unsafe-inline' https: data: 'self';font-src https: data:;img-src * data: 'self';connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://*.usw2.pure.cloud wss://intercept-api.questionpro.com; frame-ancestors https://embed.questionpro.com; 1
base-uri 'self'; default-src 'self' data: *.storck.com; script-src 'self' 'nonce-LIRgf7mAwd9XH8JxksyCDA7gK5WcIMlL2h7wr66zCMJWPsoJbxfkfQ' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' https://finance.sponser.co.il https://rotter.net https://m.sponser.co.il ; 1
script-src 'nonce-5Egf1DLRwHhA2kxOh8LzNdReZ88=' 'strict-dynamic' 'self' 'unsafe-eval'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://tours.ymcagta.org https://ymcatours.madewithcircuit.com; report-uri https://www.ymcagta.org/cdna-api/webhook/csp; 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; connect-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.googletagmanager.com https://*.pega.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mypurecloud.com.au https://*.youtube-nocookie.com https://*.youtube.com https://subscriptions.smartrecruiters.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; img-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://*.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io https://*.google.co.nz *.google.co.nz https://meridian-production-media.s3.ap-southeast-2.amazonaws.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com 'nonce-ZTJhZmI5NDJlODhiYWZhOWRhODdmZTQ5MjFkNGQzMjczNTgyZDE0OGQ4OWE4ODg1OWJhNDZkZWMxYWM1OGVhN2EzODk1Y2MwOGRhMTQzNmIxNzhkODM5ZWQ5ODU3NWUzYjczM2Y0YzNiYjMwMWQxOWNlZWYzOWY2YTk5N2IzZjU=' 'unsafe-eval' blob:; style-src 'self' https://s.swiftypecdn.com https://*.mypurecloud.com.au https://static.smartrecruiters.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6229198/security/?sentry_key=d3383061a5464af09b0da48432305265&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
frame-src 'self' https://accounts.google.com/ https://calendar.google.com/ https://uistream.decentro.tech/ https://staging.uistream.decentro.tech/ https://docs.google.com/  1
default-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' *.cookieyes.com cdn-cookieyes.com *.googleapis.com www.google.com *.analytics.google.com matomo.cerfrance.fr stats.g.doubleclick.net *.google-analytics.com *.tawk.to pagead2.googlesyndication.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.google.com *.businesscomm.fr/ www.googletagmanager.com com.cerfrance.fr semantics-chat.wikit.ai; img-src 'self' cdn-cookieyes.com data: www.google.com www.google.fr storage.gra.cloud.ovh.net www.googletagmanager.com pagead2.googlesyndication.com lafabrique.cerfrance.fr maps.gstatic.com maps.googleapis.com maps.gstatic.com img.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com www.googletagmanager.com www.google.com www.gstatic.com com.cerfrance.fr *.googleapis.com matomo.cerfrance.fr semantics-chat.wikit.ai *.tawk.to; style-src 'self' 'unsafe-inline' com.cerfrance.fr fonts.googleapis.com *.tawk.to 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-a3wF+HroPhApidA42hAiDw=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-a3wF+HroPhApidA42hAiDw=='; upgrade-insecure-requests; report-uri /csp/report 1
frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl https://stsdboneprod.blob.core.windows.net/  https://stsdboneacc.blob.core.windows.net/  https://stsdbonetest.blob.core.windows.net/ https://esm.sh/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js https://esm.sh/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1
default-src 'self' https://learn.founderz.com https://staging.founderz.com http://founderz.test http://founderz.local; img-src *; media-src * data:; 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.creditsafe.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; script-src https://*.axept.io 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.hipay.com *.paypal.com *.static.axept.io 'sha256-Tzsl1EqoO9KsY3ZLwZ/PCkw3WnjUwoiMZoQUR6wG6mw=' 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com *.screeb.app 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-Dzik/WB+gJBcz9UYbbFUYFlTaU4qb0rrolNQQCQBQLU=' 'sha256-t19EsRsyX2bh0qql+yUUtI62N0Lx4bXF/EmD3xAx6B8='; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com *.screeb.app wss://*.screeb.app; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; connect-src 'self' https://client.axept.io https://api.axept.io https://user-api-dot-pi-prod-user-management-api.ew.r.appspot.com https://*.axeptio.eu *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.hipaytech.com *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.run.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com *.screeb.app *.paypalobjects.com twemoji.maxcdn.com https://axeptio.imgix.net https://favicons.axept.io https://*.gstatic.com; frame-src https://authentication.hipay.com; frame-ancestors 'none' 1
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' www.youtube.com *.digiaccess.org feeds.kobo.com 1
default-src 'self'; base-uri 'self'; child-src 'self' blob: data:; connect-src 'self' https://maps.googleapis.com https://legalhelper.eu https://cdn.jsdelivr.net https://unpkg.com https://api.friendlycaptcha.com https://www.auma.com https://aumacloudb2c.b2clogin.com https://*.b2clogin.com https://login.microsoftonline.com blob: data: ws: wss:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net blob:; form-action 'self' https://aumacloudb2c.b2clogin.com https://*.b2clogin.com https://login.microsoftonline.com https://www.auma.com blob: data:; frame-ancestors 'self' https://aumacloudb2c.b2clogin.com https://*.b2clogin.com https://login.microsoftonline.com; frame-src 'self' https://maps.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://www4.auma.com/ blob: data:; img-src 'self' data: https://cdn.jsdelivr.net https://maps.googleapis.com https://legalhelper.eu https://fonts.googleapis.com https://fonts.gstatic.com https://unpkg.com blob:; manifest-src 'self' blob: data:; media-src 'self' blob: data: https://cdn.jsdelivr.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://maps.googleapis.com https://unpkg.com https://legalhelper.eu blob: data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdn.jsdelivr.net https://legalhelper.eu blob: data:; worker-src 'self' blob: data: https://cdn.jsdelivr.net 1
base-uri 'none'; default-src 'self'; child-src https://*.yachtbuyer.com https://www.youtube.com https://www.google.com https://www.facebook.com https://iframe.mediadelivery.net; connect-src 'self' https://a.yachtbuyer.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.facebook.com https://zoom.yachtcast.net https://error.dfusion.com https://*.clarity.ms https://*.b-cdn.net; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://www.facebook.com; frame-ancestors https://*.yachtbuyer.com; img-src 'self' https://*.yachtbuyer.com https://*.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://*.googletagmanager.com https://www.google.com https://www.bugherd.com https://www.facebook.com https://zoom.yachtcast.net https://i.ytimg.com https://img.youtube.com https://*.clarity.ms https://*.b-cdn.net https://i.vimeocdn.com blob: data:; media-src 'self' https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https://*.yachtbuyer.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.youtube.com https://connect.facebook.net https://browser.sentry-cdn.com https://*.clarity.ms https://assets.mediadelivery.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://www.bugherd.com 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
frame-ancestors https://go.cargomatic.com/l/911892/2023-10-10/rzl4f 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-y3A/D1KMZxbg3vzzfYn2dw=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1
frame-ancestors https://*.estratraining.it 1
default-src 'self'; script-src 'self' maps.googleapis.com e.issuu.com/embed.js embed.flickr.com https://js.stripe.com 'strict-dynamic' https: 'unsafe-eval' 'nonce-609c8cc658e4663f7e58761b9b7e6f7f'; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://sentry.issuu.com/api/ https://api.stripe.com data: blob:; img-src * data:; media-src * data:; frame-src e.issuu.com *.google.com player.vimeo.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' https://fonts.googleapis.com 'nonce-431559a63e696c2ee1469521f65b9e13'; font-src * data:; 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/scripttemplates/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://*.gstatic.com ; img-src 'self' https://cdn.cookielaw.org/ https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org/ https://www.jobup.ch https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://privacyportal-ch.onetrust.com/request/v1/consentreceipts https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net/ https://10857799.fls.doubleclick.net/; 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';img-src 'self' data: 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' https://client.rum.us-east-1.amazonaws.com/1.2.1/cwr.js https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.youtube.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/plugins/identity.js https://connect.facebook.net/signals/config/1525576007456708 https://connect.facebook.net/signals/config/1465344211021108 https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://static.hotjar.com https://*.clarity.ms https://c.bing.com https://api.mapbox.com 'unsafe-inline' https://connect.facebook.net/signals/config/undefined; frame-src 'self' bytedance: sslocal: https://webapi.nawy.com https://listing-api.nawy.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://www.google.com.eg; font-src 'self' data: https://fonts.gstatic.com/ *.googleapis.com; img-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com https://s3.eu-central-1.amazonaws.com https://www.google.com https://www.google.com.eg https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://purecatamphetamine.github.io https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; media-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com; connect-src 'self' https://webapi.nawy.com https://listing-api.nawy.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://www.google.com https://www.google.com.eg https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://property-forms-api.cooingestate.com https://platform.cooingestate.com; frame-ancestors 'self' https://partners.nawy.com https://partners.cooingestate.com https://web-sandbox.oaiusercontent.com https://*.web-sandbox.oaiusercontent.com https://chatgpt.com https://*.chatgpt.com https://chat.openai.com https://*.chat.openai.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; manifest-src 'self'; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com unpkg.com cdn.cookielaw.org s2.adform.net browser.sentry-cdn.com js.hubspot.com js.sentry-cdn.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net maps.googleapis.com pagead2.googlesyndication.com server.adform.net *.lytics.io; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css *.lytics.io; img-src 'self' blob: data: cdn.cookielaw.org *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net *.lytics.io; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' player.vimeo.com fast.wistia.net *.hs-sites.com fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net c.lytics.io; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org adservice.google.com px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; child-src blob: 'self' gap: https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/ https://td.doubleclick.net/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/ https://td.doubleclick.net/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbank.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://insights.sitesearch360.com/ https://qfx.tools.investis.com/ https://stats.g.doubleclick.net/ https://www.google.co.uk/ https://www.google.com/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src data: 'self' https://* blob:; media-src data:; script-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://qfx.tools.investis.com/ https://otp.tools.investis.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=GI7w4I47GvRHX6HjNBw5IpiHOVTIUkRvhIiwoxGYyQcndSFPnlbWFa9Kwv%2Bl9aHbe%2FkHgCCZB%2BKE6UYtBaLrVw%3D%3D; 1
default-src https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'self' https://www.google.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src 'self' data: fonts.gstatic.com;frame-src 'self' https://www.google.com; report-uri https://login.microworkcloud.com.br/csp/report 1
sandbox allow-scripts allow-same-origin allow-forms ; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' www.google.com google-analytics.com www.google-analytics.com 127.0.0.1:8005 *.hcaptcha.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://pro.ip-api.com https://a.usbrowserspeed.com https://alocdn.com https://b-code.liadm.com https://idx.liadm.com https://rp.liadm.com; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com *.hcaptcha.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net *.hcaptcha.com https://ddwl4m2hdecbv.cloudfront.net 'unsafe-inline' 'nonce-5mLZVmVqOVwwEzWpsfbqbQ=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com *.hcaptcha.com 'unsafe-inline' 'nonce-5mLZVmVqOVwwEzWpsfbqbQ=='; report-uri /csp/report 1
default-src 'self'; block-all-mixed-content; connect-src 'self' googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com bat.bing.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.at *.cookiebot.eu *.google-analytics.com connect.facebook.net px.ads.linkedin.com px4.ads.linkedin.com stats.g.doubleclick.net *.transgourmet.com *.transgourmet.at svrdntfctn.com analytics.tiktok.com *.googleadservices.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.at *.gstatic.com *.googletagmanager.com *.google-analytics.com bat.bing.com api.mapbox.com *.mindspace.at *.vorauerfriends.com *.usercentrics.eu px.ads.linkedin.com px4.ads.linkedin.com *.transgourmet.com *.transgourmet.at *.facebook.com; script-src 'self' bat.bing.com *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.cookiebot.eu *.googletagmanager.com *.google-analytics.com snap.licdn.com connect.facebook.net svrdntfctn.com analytics.tiktok.com *.googleadservices.com; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; report-uri /csp/report 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://barebells.com/; img-src 'self' blob: https://barebells.com/; object-src 'self' blob: https://barebells.com/; frame-src 'self' blob: https://barebells.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it  mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1
default-src 'self' *.region1.google-analytics.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://api2.abtasty.com try.abtasty.com *.region1.google-analytics.com *.analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gstatic.com z.moatads.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com blob: *.abtasty.com;connect-src 'self' https://measurement-api.criteo.com https://mtmvxcv.pa-cd.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gtm.js wss://*.bing.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;img-src 'self' https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.google.com editor-assets.abtasty.com *.contentsquare.net https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com data: * *.abtasty.com;child-src blob:;worker-src blob:;style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://gum.criteo.com https://qa-assistant.abtasty.com try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com *.abtasty.com;font-src 'self' data: fonts.gstatic.com common-fonts.abtasty.com *.abtasty.com;frame-src 'self' https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://bid.g.doubleclick.net https://qa-assistant.abtasty.com csxd.comptoirdesvoyages.fr *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://player.vimeo.com;object-src 'none' 1
frame-ancestors *; 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1
form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://app.mailjet.com/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://app.mailjet.com/; object-src 'self' https://cdn.joomlacontenteditor.net/ 1
frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1
default-src 'self'; img-src _; media-src _ data:; script-src 'self' https://sc.lfeeder.com https://www.googletagmanager.com https://ws.zoominfo.com https://cdnjs.cloudflare.com; object-src 'none'; 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-4b43ce2b38b32e602cc3eb5f194b3c33' 'nonce-b1bed14c39a4456fad874857bcc38c42' 'nonce-e42005992ff7d183e0d8fb123d587b6b' 'nonce-b2bb357ec4a86548e61e18daca65821a' 'nonce-a4c5abaee412ac4431c246d9fd504a84' 'nonce-9de8d564ebc47838cdf4f024ac6ecc9d' 'nonce-8f1b8b068c6431e36014b8d06e00b96d' 'nonce-0a6b5b468b7e950c03c0a15bcd2a1eb3' 'nonce-9919c92d5a319fbda54212be1743dd69' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-4b43ce2b38b32e602cc3eb5f194b3c33' 'nonce-b1bed14c39a4456fad874857bcc38c42' 'nonce-e42005992ff7d183e0d8fb123d587b6b' 'nonce-b2bb357ec4a86548e61e18daca65821a' 'nonce-a4c5abaee412ac4431c246d9fd504a84' 'nonce-9de8d564ebc47838cdf4f024ac6ecc9d' 'nonce-8f1b8b068c6431e36014b8d06e00b96d' 'nonce-0a6b5b468b7e950c03c0a15bcd2a1eb3' 'nonce-9919c92d5a319fbda54212be1743dd69' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'nonce-abcdefg'; data: blob:; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://embed.podcasts.apple.com https://w.soundcloud.com https://playlist.megaphone.fm; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com 'unsafe-inline' 'nonce-msZcS6TBElEOVpBRyc12sQ=='; style-src 'self' 'unsafe-inline' 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com https://sgtm.deltalight.com; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com sgtm.deltalight.com https://cookie-cdn.cookiepro.com https://www.clarity.ms https://scripts.clarity.ms; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de generalbundesanwalt.ticket.io/iframe.js; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com generalbundesanwalt.ticket.io;Content-Security-Policy: default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/; img-src 'self' data: https://www.paypalobjects.com/ https://i.scdn.co/; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.jackbosch.com/ https://*.paypal.com/ https://*.stripe.com/ https://joinnow.live/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.jackbosch.com/ https://*.paypal.com/ https://*.stripe.com/ https://joinnow.live/; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; object-src https://*.cloudfront.net/; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com *.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.amazonaws.com/ https://*.cloudfront.net/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://unpkg.com https://fonts.googleapis.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; report-uri /report-csp-violation 1
default-src https: ;         form-action https: ;         script-src https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://optimize.google.com 'unsafe-inline' https://js-cdn.dynatrace.com https://*.kespro.fi https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://*.kesko.fi https://*.ksync.fi data: https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://dvkesk.analytics.solteq.solutions https://mktdplp102cdn.azureedge.net https://embed.feedbackly.cloud ;         style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' https://*.kespro.fi 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com https://embed.feedbackly.cloud ;         img-src https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://images.ctfassets.net https://optimize.google.com https://www.googletagmanager.com https://www.google.fi https://public.keskofiles.com https://analytics.google.com https://www.google.com https://*.kespro.fi https://kespro.fi https://*.kesko.fi https://*.ksync.fi data: https://stats.g.doubleclick.net https://www.kespro.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://www.facebook.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://resources.paytrail.com https://embed.feedbackly.cloud ;         font-src https://fonts.gstatic.com https://*.kesko.fi https://*.kespro.fi https://fonts.gstatic.com https://*.hotjar.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.ksync.fi data: https://*.feedbackly.com https://feedbackly.com https://embed.feedbackly.cloud ;         connect-src https://*.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://stats.g.doubleclick.net https://js-cdn.dynatrace.com https://*.kespro.fi https://www.kespro.com https://analytics.google.com https://*.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com https://www.facebook.com https://dvkesp.deepvision.cloud.solteq.com  https://*.hotjar.io https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://*.kesko.fi https://*.ksync.fi https://www.google.fi https://api.poeditor.com https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://dvkesptest.deepvision.cloud.solteq.com https://embed.feedbackly.cloud ;         frame-src https://optimize.google.com https://*.hotjar.com https://www.facebook.com  https://*.kespro.fi https://sync.ksync.fi https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com https://embed.feedbackly.cloud ;         frame-ancestors https://kespro.fi https://*.kespro.fi https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-raportit-dev.azurewebsites.net https://kespro-raportit-test.azurewebsites.net https://raportit.kespro.com http://kespro-toimitukset-dev.azurewebsites.net http://toimitukset-test.kespro.com https://kespro-reseptit-dev.azurewebsites.net https://reseptit-test.kespro.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com https://tarjooma-qa.kespro.com https://tarjooma.kespro.com http://toimitukset.kespro.com https://reseptit.kespro.com ;         block-all-mixed-content; upgrade-insecure-requests; report-uri https://kespro.report-uri.com/r/d/csp/enforce; report-to default; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://consentcdn.cookiebot.com/; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://stalker2.com https://mailto:dkulik@stalker2.com mailto:dkulik@stalker2.com; frame-src https://consentcdn.cookiebot.com/ https://www.google.com/; img-src 'self' https://www.ssls.com https://imgsct.cookiebot.com/; media-src 'none'; object-src 'none'; script-src 'self' https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js https://cookieinfoscript.com/js/cookieinfo.min.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/ 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' http://*.waff.at https://*.waff.at wss://ws.pusherapp.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net; style-src 'self' 'unsafe-inline' https://*.waff.at https://www.meinechance.at/ https://*.factai.com https://*.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://*.cloudfront.net https://*.twitter.com https:*; child-src 'self' https://www.meinechance.at/ https://contentassistant.eu.siteimprove.com https://id.eu.siteimprove.com https://api.waffchat.at https://www.youtube.com https://www.youtube-nocookie.com https://*.vimeo.com https://*.weiterbildung.at https://*.facebook.com https://*.twitter.com https://*.waff.at https://*.connexcc-hosting.net/ https://*.cybertime.at/ https://*.xfis-it.net/; img-src 'self' data: *; media-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.waff.at https://www.youtube.com https://www.meinechance.at/ https://player.vimeo.com https://vimeo.com http://siteimproveanalytics.com https://id.eu.siteimprove.com https://studio-5e661346b1858.clients.hosted-elasticpress.io https://cdn.siteimprove.net https://*.clients.hosted-elasticpress.io https://*.adform.net https://*.factai.com https://cdnjs.cloudflare.com https://player.twitch.tv https://embed.twitch.tv https://api.waffchat.at https://jobs.ams.at https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.facebook.net https://*.twitter.com https://*.twimg.com https://cdn.siteimprove.net https://my2.siteimprove.com https://*.adform.net https://waff3.hr4you.org/ https://cdn.siteimprove.net/cms/; frame-src 'self' https://*.waff.at https://*.adform.net https://*.twitch.tv https://www.facebook.com https://facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vimeo.com https://waffoaiv.xfis-it.net https://waffoa.xfis-it.net https://*.google.com https://www.google.com https://bzbwonantr.connexcc-hosting.net https://waff.weiterbildung.at https://stp.wien.gv.at https://player.twitch.tv; connect-src 'self' https://*.waff.at https://*.twitter.com https://*.facebook.com https://*.factai.com wss://ws.pusherapp.com https://maps.googleapis.com/ https://*.clients.hosted-elasticpress.io https://bzbwonantr.connexcc-hosting.net https://*.clients.hosted-elasticpress.io https://*.adform.net https://*.adform.net/* https://my2.siteimprove.com https://id.siteimprove.com https://contentassistant.eu.siteimprove.com https://id.eu.siteimprove.com https://waffchat.onrender.com wss://waffchat.onrender.com https://api.waffchat.at wss://api.waffchat.at https://*.factai.com 1
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https: rldb:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1
frame-ancestors https://*.nileyouth.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.quarticon.com/ https://info.quarticon.com/; img-src 'self' data: https://s.w.org/ https://secure.gravatar.com/ https://cdn.pixabay.com/ https://*.quarticon.com/ https://quarticon.com/; object-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; frame-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
script-src blob: https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://d5.gs1.mwsrv.de https://consent.cookiefirst.com https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com https://static.virtualbadge.io; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://consent.cookiefirst.com https://d5.gs1.mwsrv.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' *.frcapi.com https://copilotstudio.microsoft.com https://td.doubleclick.net https://*.googletagmanager.com https://*.gs1-germany.de https://optimize.google.com https://*.walls.io https://consent.cookiefirst.com https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://easy-feedback.com https://*.easy-feedback.com https://ext.nonstoppartner.net https://*.gs1.org https://f5ba538cf0d6445983504cc2cd8ccb42.svc.dynamics.com https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net https://public.virtualbadge.io; frame-ancestors 'self' https://*.dev.mehrwert.de https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1
frame-ancestors https://betway.be https://betway.com https://betway.de https://www.betway.dk https://betway.es https://www.betway.it https://betway.mx https://beyway.se https://betway.ca https://betway.nl https://betwaysatta.com https://betwaysatta1.com https://betwayarabia.com https://betwayarabia1.com https://sports.betway.be https://sports.betway.com https://sports.betway.de https://sports.betway.dk https://sports.betway.es https://sports.betway.it https://sports.betway.mx https://sports.beyway.se https://sports.betway.ca https://sports.betway.nl https://sports.betwaysatta.com https://sports.betwaysatta1.com https://sports.betwayarabia.com https://sports.betwayarabia1.com https://staging.betway.be https://staging.betway.com https://staging.betway.de https://staging.betway.dk https://staging.betway.es https://staging.betway.it https://staging.betway.mx https://staging.beyway.se https://staging.betway.ca https://staging.betway.nl https://staging.betwaysatta.com https://staging.betwaysatta1.com https://staging.betwayarabia.com https://staging.betwayarabia1.com https://sportsbackend.net https://*.sportsbackend.net https://sportsbackend.dev https://*.sportsbackend.dev https://sportsuat.com https://*.sportsuat.com https://uat.betway.com https://*.uat.betway.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none' 1
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1
default-src 'self' ; frame-src  'self' https://by.id.facct.ru https://acs2.bgpb.by https://3ds.alfabank.by https://ipcacs.bps-sberbank.by https://3ds.priorbank.by https://emv3ds.npc.by https://emv3ds.npc.by:8443 https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi2.mtbank.by:8046/ https://ucas.npc.by:8443/ https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com  https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io   https://app.blinger.io https://static.mybank.by data: blob:  https://www.google-analytics.com  https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1
base-uri 'none';connect-src 'self' wss://*.fuelrats.com https://dev.api.fuelrats.com ;default-src 'self' *.fuelrats.com;font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://js.stripe.com;img-src 'self' *.wp.com blob: data:;manifest-src 'self';object-src 'self' data:;script-src 'self' *.stripe.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com;style-src 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'none'; connect-src 'self' https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://api.privacy-center.org https://bat.bing.com https://bat.bing.net https://pagead2.googlesyndication.com https://srnllpf.pa-cd.com https://tagassistant.google.com https://topics.avads.net https://trackster.avads.net https://www.facebook.com https://www.google.com https://www.google.fr https://www.googleadservices.com https://analytics.google.com https://*.analytics.google.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://privacy.telethon.fr https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube-nocookie.com https://ps.avads.net; img-src 'self' data: https://x.bidswitch.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://ads.avads.net https://bat.bing.com https://googletagmanager.com https://nocookie.avads.net https://pagead2.googlesyndication.com https://www.afm-telethon.fr https://www.facebook.com https://www.google.com https://www.google.fr https://www.googleadservices.com https://analytics.google.com https://*.analytics.google.com; media-src 'self' data:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://analytics.tiktok.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://googletagmanager.com https://pagead2.googlesyndication.com https://sdk.privacy-center.org https://srnllpf.pa-cd.com https://static.avads.net https://tag.aticdn.net https://tagassistant.google.com https://tagmanager.google.com https://www.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://googletagmanager.com https://tagassistant.google.com https://tagmanager.google.com https://www.googletagmanager.com; worker-src 'none' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.algolia.net *.algolianet.com *.bing.com *.facebook.net *.facebook.com *.mgtmod01.com trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinterest.com *.pinimg.com snap.licdn.com www.google.fr www.googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.googleadservices.com pagead2.googlesyndication.com *.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com *.direct.worldline-solutions.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;frame-src 'self' *.openstreetmap.org *.facebook.com *.youtube-nocookie.com *.youtube.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com widget.eu.criteo.com *.pinterest.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr td.doubleclick.net *.doubleclick.net *.ogone.com secure.ogone.com ogone.test.v-psp.com *.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com *.v2-sim.preprod.psp-solutions.com v2-sim.preprod.psp-solutions.com *.psp-solutions.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;style-src 'self' 'unsafe-inline' *.googletagmanager.com tagmanager.google.com fonts.googleapis.com;img-src 'self' data: https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr *.youtube-nocookie.com *.ytimg.com secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.criteo.com e1.emxdgt.com rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com *.yahoo.net *.postrelease.com *.pinterest.com *.pinimg.com *.adform.net *.facebook.net sync.1rx.io jadserve.postrelease.com *.unrulymedia.com bat.bing.net px.ads.linkedin.com aa.agkn.com www.google.com www.google.fr ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net *.g.doubleclick.net pagead2.googlesyndication.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com google.com *.ogone.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;font-src 'self' data:;connect-src 'self' *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com noembed.com bat.bing.com *.criteo.com *.taboola.com *.outbrain.com *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.pinterest.com *.facebook.com *.outbrain.com bat.bing.com bat.bing.net px.ads.linkedin.com www.google.fr www.google.com google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.g.doubleclick.net *.analytics.google.com *.google-analytics.com pagead2.googlesyndication.com *.googlesyndication.com *.ogone.com *.direct.worldline-solutions.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;base-uri 'self';media-src 'self' data:;report-uri /csp/report 1
default-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com develop-ms-business.immodvisor.digital ms-business.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital; block-all-mixed-content; connect-src https://mato.immodvisor.com https://*.immodvisor.com https://develop-ms-business.immodvisor.digital https://ms-business.immodvisor.com http://localhost https://localhost https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha/api2/clr www.google.com/recaptcha/api/siteverify *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; font-src 'self' fonts.gstatic.com *.immodvisor.doc *.immodvisor.digital; frame-src 'self' www.youtube.com www.dailymotion.com geo.dailymotion.com my.matterport.com public-site-wp.immodvisor.com https://www.google.com *.immodvisor.doc *.immodvisor.digital; img-src 'self' data: public-site-wp.immodvisor.com placehold.co secure.gravatar.com public-staging.immodvisor.com develop-www.immodvisor.digital http://localhost:8080 staging-pro-photo.s3.rbx.io.cloud.ovh.net pro-photo.s3.rbx.io.cloud.ovh.net *.tile.openstreetmap.org tile.openstreetmap.org *.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com *.youtube.com; script-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com www.immodvisor.com immodvisor.com develop-ms-business.immodvisor.digital www.gstatic.com www.google.com *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com 'nonce-XrzzH3VJRZYrVPFYbJIdSQ=='; style-src 'self' 'unsafe-inline' public-site-wp.immodvisor.com *.immodvisor.doc *.immodvisor.digital; upgrade-insecure-requests 1
reflected-xss block 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-46fbfca9733b36064aa390cd03ca6c5c' 'nonce-d70712a2519d6ec9e31ef8ed578283fe' 'nonce-3f7f04fe1c2c696165c753d02cdc7bd2' 'nonce-12dde7de92620b5ac71e9950f887857a' 'nonce-de3bd65a7a6d47d1c055563090b1d9a6' 'nonce-c1f6537858f1ea6705f4e61847eb8f83' 'nonce-1ee0c7b0b7399773c965f01e2accd2db' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-46fbfca9733b36064aa390cd03ca6c5c' 'nonce-d70712a2519d6ec9e31ef8ed578283fe' 'nonce-3f7f04fe1c2c696165c753d02cdc7bd2' 'nonce-12dde7de92620b5ac71e9950f887857a' 'nonce-de3bd65a7a6d47d1c055563090b1d9a6' 'nonce-c1f6537858f1ea6705f4e61847eb8f83' 'nonce-1ee0c7b0b7399773c965f01e2accd2db' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'nonce-T3FrVbJPDB71AsEvxL9iF27CJts=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-a5427c9dcd48a6665dd5e748ccaea519' 'nonce-da2033ce35d8d33f063a48efc117d240' 'nonce-faae1edc3a9ad5dbbe1857c3f91031ed' 'nonce-0d2bc9941e4ad18d26c04ea05bf3d5e2' 'nonce-d615d4a62bcf7ad188404b263af6464b' 'nonce-7f4f43fa572c6bc584e73f91a5be8dd9' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a5427c9dcd48a6665dd5e748ccaea519' 'nonce-da2033ce35d8d33f063a48efc117d240' 'nonce-faae1edc3a9ad5dbbe1857c3f91031ed' 'nonce-0d2bc9941e4ad18d26c04ea05bf3d5e2' 'nonce-d615d4a62bcf7ad188404b263af6464b' 'nonce-7f4f43fa572c6bc584e73f91a5be8dd9' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://cdn.cookielaw.org https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com sky.blackbaudcdn.net www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com connect.facebook.net *.facebook.com *.facebook.net host.nxt.blackbaud.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs static.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com sky.blackbaudcdn.net widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com connect.facebook.net *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net feeds.trac.jobs static.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io connect.facebook.net *.facebook.com *.facebook.net; img-src 'self' data: blob: imgsct.cookiebot.com www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs static.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io connect.facebook.net *.facebook.com *.facebook.net; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com use.typekit.net connect.facebook.net *.facebook.com *.facebook.net; connect-src 'self' *.browsealoud.com feeds.trac.jobs static.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com sky.blackbaudcdn.net payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io connect.facebook.net *.facebook.com *.facebook.net; worker-src 'self' blob:; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com wireframe.cc cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-9e6fff00b15d0a49f610258b00681ea9' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none'; frame-ancestors 'self' 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-ec45df07f44017c7821b27ee47f61ed2' 'nonce-d8caa0fd83c46014a57b1dc43a9b3fd4' 'nonce-dcdf82a7b7a3d1bf658fd37ca9ed1853' 'nonce-bd3c1926c123f7af71cd37eeb2745376' 'nonce-b879f004820c45070e21638b7a4d7108' 'nonce-240a9234d7c4e254df201a4d4d895d02' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ec45df07f44017c7821b27ee47f61ed2' 'nonce-d8caa0fd83c46014a57b1dc43a9b3fd4' 'nonce-dcdf82a7b7a3d1bf658fd37ca9ed1853' 'nonce-bd3c1926c123f7af71cd37eeb2745376' 'nonce-b879f004820c45070e21638b7a4d7108' 'nonce-240a9234d7c4e254df201a4d4d895d02' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://kit.fontawesome.com/; img-src 'self' blob: https://secure.gravatar.com/; object-src 'self' blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://covesa.global/; frame-src 'self' blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://covesa.global/; 1
object-src none; frame-src *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com https://pagead2.googlesyndication.com; frame-ancestors *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com https://pagead2.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net https://login.microsoftonline.com/ recognition.asdastars.com recognitionapi.asdastars.com; img-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net https://login.microsoftonline.com/ recognition.asdastars.com recognitionapi.asdastars.com data:; object-src 'none'; frame-ancestors ; base-uri 'self'; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.seznam.cz *linkedin.com *lfeeder.com c.bing.com snap.licdn.com *.analytics.google.com *.hotjar.com *.doubleclick.net www.gstatic.com www.google.com  apis.google.com maps.googleapis.com googleadservices.com www.xart.cz fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.ccvision.de www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.cz connect.facebook.net giphy.com *.facebook.com akamaihd.net fbcdn.net fb.me fbsbx.com api.mapy.cz mapserver.mapy.cz tagmanager.google.com ssl.gstatic.com fe.marketingovalista.cz sc.lfeeder.com tr.lfeeder.com static.userback.io api.userback.io www.googleadservices.com app.marketingovalista.cz accounts.google.com *.clarity.ms *.google-analytics.com *.googlesyndication.com 1
frame-ancestors 'self' decisely.com *.decisely.com 1
default-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.un.org; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com cdn.jsdelivr.net *.un.org; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' *.google-analytics.com *.google.it *.googletagmanager.com data:;; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com *.un.org unitednations.sharepoint.com cdnapisec.kaltura.com; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com unitednations.sharepoint.com cdnapisec.kaltura.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' *.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1
default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1
frame-ancestors https://*.cloudfront.net https://*.streavent.de https://*.dwa.de https://*.dwa-bayern.de https://*.dwa-bw.de https://*.dwa-hrps.de https://*.dwa-mitte.de https://*.dwa-nord.de https://*.dwa-no.de https://*.dwa-nrw.de https://*.dwa-st.de https://*.gfa-news.de 1
default-src 'self'; script-src 'self' blob: *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com https://seatmap.vivenu.com https://vivenu.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com https://*.adnxs.com *.adnxs.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com/ 'unsafe-eval' connect.facebook.net graph.facebook.com js.facebook.com *.taboola.com; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudfront.net tagmanager.google.com *.googletagmanager.com googletagmanager.com *.google.com *.analytics.google.com analytics.google.com https://seatmap.vivenu.com https://vivenu.com rsms.me https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.simplybook.me https://seatmap.vivenu.com https://vivenu.com s3.eu-central-1.amazonaws.com lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com *.mappedin.net mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com www.googletagmanager.com *.adnxs.com https://ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://www.gstatic.com https://vcx-centre-websites-stripe-logo.s3.ap-southeast-2.amazonaws.com; font-src 'self' *.amazonaws.com *.cloudfront.net *.storyblok.com *.googleapis.com *.gstatic.com rsms.me https://seatmap.vivenu.com https://vivenu.com https://fonts.gstatic.com data: data:; connect-src 'self' wss://seatmap.vivenu.com stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.sentry.io *.simplybook.me https://seatmap.vivenu.com https://vivenu.com *.vicinity.com.au *.trackjs.com *.stripe.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://fonts.gstatic.com https://*.google.com https://*.google.com.au https://*.analytics.google.com https://*.google.com.au about: *.facebook.com connect.facebook.net *.taboola.com; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com connect.facebook.net *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com bytedance sslocal *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://seatmap.vivenu.com https://vivenu.com *.taboola.com https://*.adsrvr.org; object-src *.googlesyndication.com; media-src dai.google.com *.storyblok.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net; form-action *.google.com *.facebook.com connect.facebook.net; worker-src blob: *.google.com; frame-ancestors https://app.storyblok.com 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.recaptcha.net/ https://cdn.trustindex.io/loader.js https://www.google.com/recaptcha/api.js; img-src 'self' data: blob: https://cdn.trustindex.io https://lh3.googleusercontent.com; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1
frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
default-src 'self' 'unsafe-inline' ; img-src https://*; script-src 'self' 'unsafe-inline' https://sibforms.com/forms/end-form/build/main.js https://kit.fontawesome.com/51c52a1f48.js https://code.jquery.com/jquery-3.6.0.min.js; style-src 'self' 'unsafe-inline' http://sibforms.com/forms/end-form/build/sib-styles.css ; 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-473a46b058411e7b27871f91182b9cc7' 'nonce-e0a566a6f57c8a96eb9965c66e08b36e' 'nonce-f3903ee56015d6b0271eb3cc7fc71968' 'nonce-87ee3fe1db9b83742f22bf9190b644e6' 'nonce-f297080fb0f3db5ce6a4264810e2c696' 'nonce-1d4524bef8e17369fcf34802d3303ea7' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-473a46b058411e7b27871f91182b9cc7' 'nonce-e0a566a6f57c8a96eb9965c66e08b36e' 'nonce-f3903ee56015d6b0271eb3cc7fc71968' 'nonce-87ee3fe1db9b83742f22bf9190b644e6' 'nonce-f297080fb0f3db5ce6a4264810e2c696' 'nonce-1d4524bef8e17369fcf34802d3303ea7' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://*.slinger.to/ https://*.doubleclick.net/ https://hcaptcha.com https://*.hcaptcha.com wss://webchat-api.digitalcx.com https://flackr.github.io; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://mmc.cdn.cm.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-SbpVCfopgUcChICgPOIuaQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/ blob:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1
frame-ancestors 'none'; upgrade-insecure-requests; default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.affirm.com *.app-us1.com *.bing.com *.clarity.ms *.doubleclick.net *.files-text.com *.fontawesome.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.typekit.com *.venmo.com *.visualwebsiteoptimizer.com *.vwo.com *.youtube.com ccint.activehosted.com cdn.ckeditor.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net fonts.bunny.net i.ytimg.com stackpath.bootstrapcdn.com trackcmp.net unpkg.com www.facebook.com; 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' blob: https://secure.gravatar.com; object-src 'self' blob: ; frame-src 'self' blob: ; worker-src 'self' 'unsafe-inline' 'unsafe-eval'  blob:; 1
default-src 'self'; script-src *.corp *.parceirosantander.com.br https://fve.paas.santanderbr.pre.corp *.santander.com.br *.go-mpulse.net go-mpulse.net https://s.go-mpulse.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googleoptimize.com 'self' 'unsafe-inline' https:; style-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' 'unsafe-inline'; child-src *.corp *.parceirosantander.com.br *.santander.com.br 'self'; img-src *.corp *.parceirosantander.com.br *.santander.com.br https://*.akstat.io 'self' data:; connect-src *.corp *.parceirosantander.com.br *.bs.br.bsch *.blob.core.windows.net *.santander.com.br https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://www.google.com 'self'; object-src 'self' blob:; media-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' blob:; frame-src https://www.google.com *.corp *.parceirosantander.com.br *.santander.com.br 'self'; font-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' data:; frame-ancestors 'self' https://www.google.com *.corp *.parceirosantander.com.br *.santander.com.br 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be 1
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.soundcloud.com https://*.instagram.com https://*.tiktok.com https://forms.office.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://analytics.tiktok.com https://*.doubleclick.net https://widget.tablefever.com https://www.facebook.com https://fonts.gstatic.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.gstatic.com https://www.facebook.com https://*.google.be https://*.google.nl https://*.googlesyndication.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com 'nonce-xbGRMQYtlVVQ+K+0JN3oeA=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1
default-src blob: https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' *.google-analytics.com *.analytics.google.com; img-src data: https://* 'self' *.google-analytics.com *.analytics.google.com 1
script-src 'self'; object-src 'none'; https://xhmaster.com 1
default-src https://*.google-analytics.com https://*.googletagmanager.com; block-all-mixed-content; connect-src 'self' https://*.google.com https://*.googlesyndication.com https://*.google-analytics.com https://*.facebook.com https://*.sentry.io; font-src 'self'; frame-src https://www.youtube.com https://calendly.com https://www.montareturns.com https://www.googletagmanager.com https://td.doubleclick.net https://*.facebook.com https://view.publitas.com; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://www.mollie.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.googlesyndication.com https://*.facebook.com; manifest-src 'self'; object-src https://www.youtube.com; script-src 'self' https://www.youtube.com https://*.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.net https://*.facebook.com https://browser.sentry-cdn.com 'nonce-yi6Xd8jL923HmH7F+l1fvQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; frame-ancestors 'self' 1
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1
frame-ancestors 'self' https://*.etracker.com 1
default-src 'self'; connect-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.googleapis.com https://*.acsbapp.com https://acsbapp.com https://*.analytics.google.com; font-src 'self' https://kit.fontawesome.com https://ka-p.fontawesome.com https://acsbapp.com https://*.acsbapp.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://online.flippingbook.com https://*.googletagmanager.com https://www.google.com; img-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://acsbapp.com https://*.acsbapp.com https://secure.gravatar.com; script-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://kit.fontawesome.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://acsbapp.com https://*.acsbapp.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://tagmanager.google.com https://acsbapp.com https://*.acsbapp.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; frame-ancestors 'self'; frame-src 'self' https://login.microsoftonline.com/ https://challenges.cloudflare.com/ https://forms.office.com https://www.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net/2.3.4/js/dataTables.js https://challenges.cloudflare.com/ https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.datatables.net/2.3.4/css/dataTables.dataTables.css https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://challenges.cloudflare.com/ https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; manifest-src 'self'; base-uri 'none'; form-action 'self' https://search.ebscohost.com https://logon.ebsco.zone https://research.ebsco.com 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com data-eu.purina.pl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.pl; report-uri /report-csp-violation 1
default-src 'self' data: https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://i.ytimg.com https://images-secure.pixibox.com https://www.instagram.com https://instagram.com https://capig.stape.cloud https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com; font-src 'self' data: https://cloud.typography.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://www.youtube.com https://www.instagram.com https://maps.google.com/; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.elle-et-vire.com https://fonts.googleapis.com; report-uri /nelmio/csp/report 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self' blob:; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self' https://md-scp.kampyle.com;upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://*.worldpay.com https://*.lowell.co.uk https://lowell.co.uk https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net   https://*.decibelinsight.net https://*.decibelinsight.com https://pay.google.com https://www.googleanalytics.com  https://bat.bing.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://widget.trustpilot.com https://www.youtube.com api.reciteme.com events.reciteme.com linguistics.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://*.tiktokads.com https://pagead2.googlesyndication.com https://analytics-fe.digital-cloud-uk.medallia.eu https://tags.srv.stackadapt.comhttps://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.lowell.co.uk https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://stats.g.doubleclick.net https://google.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com wss://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://ubt-lb.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://ubt-lb.digital-cloud.medallia.com https://uk.cc.avayacloud.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://noembed.com https://cdn.plyr.io https://api.reciteme.com https://events.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://*.tiktokads.com https://www.googleadservices.com https://analytics-fe.digital-cloud-uk.medallia.eu https://analytics-ipv6.tiktokw.us https://www.facebook.com https://bat.bing.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;frame-ancestors https://*.cardinalcommerce.com https://applepay.cdn-apple.com https://*.lowell.co.uk https://lowell.co.uk https://www.fisglobal.com https://pay.google.com https://*.lowellgroup.co.uk;style-src 'self' 'unsafe-inline' https://*.lowell.co.uk https://lowell.co.uk https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://www.googleanalytics.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://resources.digital-cloud-uk.medallia.eu https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://googletagmanager.com api.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://www.googletagmanager.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com  https://*.lowell.co.uk https://lowell.co.uk https://*.google-analytics.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com  https://www.facebook.com https://connect.facebook.net data: https://bat.bing.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://i.ytimg.com https://tools.applemediaservices.com https://toolbox.marketingtools.apple.com api.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://*.tiktokads.com https://*.tiktokv.com data: https://www.googleadservices.com https://fonts.gstatic.com https://analytics-fe.digital-cloud-uk.medallia.eu https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;object-src data: 'unsafe-eval' https://*.lowell.co.uk;frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://*.doubleclick.net  https://www.googletagmanager.com https://*.lowell.co.uk/ https://*.lowellgroup.co.uk https://pay.google.com app.vwo.com *.visualwebsiteoptimizer.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://www.youtube.com https://widget.trustpilot.com https://*.tiktok.com https://*.tiktokads.com https://*.tiktokv.com https://td.doubleclick.net;font-src 'self' https://*.lowell.co.uk https://lowell.co.uk https://fonts.gstatic.com https://fonts.googleapis.com https://applepay.cdn-apple.com data: https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://td.doubleclick.net api.reciteme.com;worker-src 'self' https://*.decibelinsight.net wss://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.com blob:;media-src https://mpsnare.iesnare.com data: api.reciteme.com; 1
img-src ; media-src  data:; 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1
default-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self'; \
        script-src 'self' https://ajax.googleapis.com; \
        img-src 'self' https://ssl.google-analytics.com 1
frame-ancestors *.carkeys.co.uk 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com static.hotjar.com sc-static.net connect.facebook.net embed.tawk.to *.google-analytics.com *.paypal.com script.hotjar.com ajax.googleapis.com ws.colissimo.fr api.mapbox.com *.axept.io *.tawk.to cdn.jsdelivr.net *.matomo.cloud *.googleapis.com *.snapchat.com *.youtube.com landing.ls.skeepers.io googleads.g.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googleadservices.com *.googlesyndication.com;frame-src 'self' *.snapchat.com vars.hotjar.com *.google.fr *.facebook.com *.tawk.to *.youtube.com *.calameo.com *.vimeo.com td.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' tagmanager.google.com api.mapbox.com ws.colissimo.fr embed.tawk.to cdn.jsdelivr.net fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googletagmanager.com;img-src 'self' data: tr.snapchat.com *.facebook.com *.google.fr *.google.com *.onyourmap.com ws.colissimo.fr *.mapbox.com axeptio.imgix.net *.tawk.to cdn.jsdelivr.net tawk.link script.hotjar.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.be favicons.axept.io googleads.g.doubleclick.net spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.terreseteaux.fr *.mux.com;font-src 'self' data: ws.colissimo.fr *.tawk.to fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net github.com fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com *.mux.com;connect-src 'self' *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne in.hotjar.com stats.g.doubleclick.net ws.colissimo.fr *.hotjar.io *.axept.io tr.snapchat.com *.hotjar.com *.tawk.to wss://*.tawk.to wss://*.hotjar.com api.sandbox.getalma.eu api.getalma.eu maps.googleapis.com terreseteaux.matomo.cloud *.facebook.com *.analytics.google.com *.google.com *.snapchat.com *.googlesyndication.com spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.mux.com *.litix.io stream.mux.com *.skeepers.io googleads.g.doubleclick.net *.googleadservices.com *.google.fr mpc-prod-17-s6uit34pua-wl.a.run.app demo-1.conversionsapigateway.com;base-uri 'self';media-src 'self' data: *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com stream-mux.com *.mux.com blob:;report-uri /csp/report;form-action secure.payzen.eu *.tawk.to *.facebook.com ls-prd-cdn.s3.eu-west-1.amazonaws.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; img-src 'self' data: blob: https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; object-src 'self' data: blob: https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; frame-src 'self' data: blob: https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; 1
frame-ancestors 'self' 'hackintosh-olarila.com'; 1
script-src 'self' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-eCFMYDHxzEu592GwJx3X1hrBpe1CzZhT'; report-uri /report-csp-violation 1
none 1
font-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
default-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; script-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; style-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; font-src 'self' https: http://www.portaleamministrazionetrasparente.it/ 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.allrecipes.com; upgrade-insecure-requests; 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-5f8e8042d2e3b94fedacae9ec8e4ae76' 'nonce-edeac04cb9907d6dcc179d33066fb442' 'nonce-382dfa085976d0b43dc0b604c3246786' 'nonce-f1175632972c604f3ad980b6c059459f' 'nonce-d267f51d49f657a816c8808f1830f461' 'nonce-94d218f64d2b17bb451cef83967dfe25' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-5f8e8042d2e3b94fedacae9ec8e4ae76' 'nonce-edeac04cb9907d6dcc179d33066fb442' 'nonce-382dfa085976d0b43dc0b604c3246786' 'nonce-f1175632972c604f3ad980b6c059459f' 'nonce-d267f51d49f657a816c8808f1830f461' 'nonce-94d218f64d2b17bb451cef83967dfe25' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://maps.googleapis.com/ https://maps.google.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://*.calendly.com/ https://calendly.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://*.googlesyndication.com/ https://partner.googleadservices.com/ https://adservice.google.ca/ https://adservice.google.co.in/ https://adservice.google.co.kr/ https://adservice.google.co.uk/ https://adservice.google.co.za/ https://adservice.google.com/ https://adservice.google.com.ar/ https://adservice.google.com.au/ https://adservice.google.com.br/ https://adservice.google.com.co/ https://adservice.google.com.gt/ https://adservice.google.com.mx/ https://adservice.google.com.pe/ https://adservice.google.com.ph/ https://adservice.google.com.pk/ https://adservice.google.com.tr/ https://adservice.google.com.tw/ https://adservice.google.com.vn/ https://adservice.google.de/ https://adservice.google.dk/ https://adservice.google.es/ https://adservice.google.fr/ https://adservice.google.nl/ https://adservice.google.no/ https://adservice.google.ru/ https://adservice.google.vg/ https://www.google.com/ https://*.googlesyndication.com/ https://connect.facebook.net/ https://snap.licdn.com/; img-src 'self' http://* https://google-analytics.com/ https://*.google-analytics.com/ https://facebook.com/ https://time.ly https://events.timely.fun https://*.giphy.com https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://*.ytimg.com/ https://*.twimg.com/ https://*.twitter.com/ https://*.cdninstagram.com/ https://*.giphy.com https://www.facebook.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://*.googlesyndication.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/; object-src 'self' https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/ https://time.ly/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.calendly.com/ https://calendly.com/ https://docs.google.com/ https://*.vimeo.com/ https://*.spotify.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/; frame-src 'self' https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/ https://time.ly/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.calendly.com/ https://calendly.com/ https://docs.google.com/ https://*.vimeo.com/ https://*.spotify.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/; 1
default-src 'self'; img-src 'self'; media-src 'self' data:; 1
default-src: none; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de https://googleads.g.doubleclick.net; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com  *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com https://www.googletagmanager.com; connect-src 'self' *.commerce-connector.com https://privacyportal-de.onetrust.com https://www.google.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com https://www.google.de https://www.googleadservices.com 1
X-Content-Security-Policy script-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://www.general-security.gov.lb 'unsafe-inline'; connect-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 1
frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
frame-src https://platform.twitter.com https://www.eucpn.org https://eucpn.org  https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.youtube.com; report-uri /report-csp-violation 1
default-src 'self' unpkg.com *.gstatic.com *.clarity.ms maps.googleapis.com google-analytics.com *.google-analytics.com *.analytics.google.com *.doubleclick.net www.google.com google.com *.clickonometrics.pl www.awin1.com static.criteo.net welovedata.go2cloud.org *.bing.com *.cookiebot.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com *.stbuttons.click *.sharethis.com *.googleapis.com maps.google.com cke4.ckeditor.com; font-src 'self' *.gstatic.com bat.bing.com *.sovendus.com data:; frame-src 'self' *.google.com google.com *.youtube.com *.cookiebot.com *.clickonometrics.pl www.awin1.com bat.bing.com www.mainadv.com www.googletagmanager.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com data:; img-src 'self' data: *.google-analytics.com maps.gstatic.com maps.googleapis.com *.clickonometrics.pl *.google.com *.clarity.ms www.google.pl www.awin1.com welovedata.go2cloud.org bat.bing.com www.facebook.com *.roeye.com *.cookiebot.com *.bing.com *.sovendus.com *.sharethis.com 'unsafe-inline' *.tpay.com tpay.com; media-src *; script-src 'self' www.google.com *.gstatic.com developers.google.com www.googletagmanager.com clarity.microsoft.com *.clarity.ms *.cookiebot.com *.clickonometrics.pl www.dwin1.com connect.facebook.net *.roeyecdn.com *.cloudflareinsights.com *.bing.com *.doubleclick.net *.sovendus.com *.sharethis.com 'unsafe-eval' 'unsafe-inline' *.googleapis.com maps.google.com cke4.ckeditor.com; style-src 'self' *.googleapis.com *.clarity.ms *.cookiebot.com *.clickonometrics.pl *.sovendus.com bat.bing.com 'unsafe-inline' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline' https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://service.force.com; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://*.static.lightning.force.com https://*.salesforceliveagent.com 'self' 'unsafe-eval' 'nonce-66b38cc2504d4b94815c864e2e9e5143'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.newforma.com/ https://bimtrack.co https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://service.force.com/ 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://konekt.help.newforma.com https://storbtqa.blob.core.windows.net/staticcontentcontainer/ https://www.newforma.com data: https://bt03storage.blob.core.windows.net/; 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-OqEkxgAuY16JyIhFUBvZuw=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' https://www.paypalobjects.com/; object-src 'self' https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' https://*.paypal.com/ https://*.stripe.com/; 1
default-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://youtube.com https://youtu.be https://*.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.facebook.net https://*.typekit.net https://*.google.be https://*.google.nl https://*.google.com https://*.googletagmanager.com https://*.analytics.google.com https://*.doubleclick.net https://m16.mailplus.nl https://flackr.github.io https://*.google-analytics.com https://region1.google-analytics.com https://mpc2-prod-1-is5qnl632q-uc.a.run.app https://demo-1.conversionsapigateway.com https://squeezely.tech https://*.squeezely.tech https://*.googlesyndication.com; block-all-mixed-content; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-TujajhwZ3Ca+/Hs/fCgW7Q=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://static.mailplus.nl blob:; upgrade-insecure-requests 1
img-src * data: 1
frame-ancestors 'self' https://appwizzy.com 1
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
frame-ancestors https://*.communaute-paysbasque.fr 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' ; object-src 'self' https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.pencom.gov.ng/; frame-src 'self' https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.pencom.gov.ng/; 1
default-src 'unsafe-inline' 'self' https:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' https:; frame-src 'self' https:; frame-ancestors 'self' https:; child-src https: 'self'; base-uri https:; form-action 'self'; object-src 'self'; connect-src https: 'self'; font-src 'self' 1
allow *; options inline-script eval-script; 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self'; 1
default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com https://instapi.s3.rbx.io.cloud.ovh.net *.imagino.com https://metrics.fabriquedestyles.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.pinterest.com *.pinterest.net *.pinterest.fr *.analytics.google.com sdk.privacy-center.org privacy-center.org;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com sdk.privacy-center.org privacy-center.org;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1
worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1
default-src 'self' data:; block-all-mixed-content; connect-src http: https: ws: blob: 'self' *.tinymce.com *.tiny.cloud blob:; font-src 'self' data: fonts.gstatic.com *.tinymce.com *.tiny.cloud *.fontawesome.com; frame-src 'self' data: *.stonly.com; img-src 'self' data: http: https: *.tinymce.com *.tiny.cloud data: blob:; script-src 'self' 'unsafe-inline' js-agent.newrelic.com static.zdassets.com *.zendesk.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com *.posthog.com stonly.com *.stonly.com *.tinymce.com *.tiny.cloud unpkg.com 'nonce-6EQ1zJxECsXVSJJUsLHgtg=='; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com stonly.com *.stonly.com *.tinymce.com *.tiny.cloud; upgrade-insecure-requests; worker-src 'self' blob: 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://*.google.be https://*.google.nl https://*.youtube-nocookie.com https://*.monday.com https://*.doubleclick.net https://*.slinger.to/ https://fonts.bunny.net/ https://forms.monday.com https://*.sibforms.com https://*.brevo.com https://*.tiktokw.us; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.google.be https://*.google.nl https://*.brevo.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-KZQBml8RfJ6Xto0aUFcaCw=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/ https://fonts.bunny.net/ https://sibforms.com; upgrade-insecure-requests 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
frame-src https://www.olisnet.com/ https://olisnet.com/ https://www.fa.olisnet.com/ https://www.tableau.olisnet.com/ https://www.edr.olisnet.com/ https://ebanking-auth.edmond-de-rothschild.eu/ 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-+NN6tVHyC875SxxugWcxeA=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1
default-src 'self' http://*.hotjar.com:*  https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://static.zdassets.com/ https://vplus.com.bo https://vplus.sbnt.ssidevops.com/ ;script-src 'self' 'unsafe-inline'  'unsafe-eval' https://static.ads-twitter.com/ https://maps.googleapis.com https://helios-ads-core.oyealva.com/ https://static.ads-twitter.com/uwt.jsuwt.js https://helios-ads-core.oyealva.com/track/px/ https://helios-ads-core.oyealva.com/scripts/heliospx.js https://cdnjs.cloudflare.com/ https://*.inconcertcc.com https://code.jquery.com/ https://helios-ads-core.oyealva.com/js/ https://cdn.datatables.net https://static.zdassets.com https://v2.zopim.com https://unpkg.com https://unpkg.com/ionicons@5.1.2/dist/ionicons/p-4372c4bc.js https://static.customersaas.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/  https://widget-mediator.zopim.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://connect.facebook.net https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://vplus.com.bo https://vplus.sbnt.ssidevops.com/ ;connect-src 'self' https://helios-hub.nuevatel.com/ https://helios-hub.nuevatel.com/api/create_lead_latitude_log https://odoo-dev.nuevatel.com/api/create_lead_wow_plan https://helios-hub.nuevatel.com/api/create_lead_latitude_log_with_plan https://gateway-dev-vivabo.ssidevops.com/integration/checkFeasibility https://gateway.viva.bo/integration/checkFeasibility https://kc-core.oyealva.com:8443/realms/core/protocol/openid-connect/token  https://odoo-dev.nuevatel.com/api/create_lead_latitude_log_with_plan https://odoo-dev.nuevatel.com/api/create_lead_latitude_log https://helios-ads-core.oyealva.com/track/px/ https://ekr.zdassets.com https://tracker.customersaas.com/ https://api.customersaas.com https://maps.googleapis.com https://www.google-analytics.com/ https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://in.hotjar.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io/ https://helios-ads-core.oyealva.com/decision/native https://stats.g.doubleclick.net/ https://vivabolivia.zendesk.com/ https://c2c-vivabo.inconcertcc.com/Nuevatel/InsertDataOffLead_C2C/ https://mas-nuevatel.inconcertcc.com/public/integration/process/  https://helios-ads-core.oyealva.com/js/ https://device-api.indigitall.com/  https://www.google-analytics.com/ https://vplus.com.bo https://vplus.sbnt.ssidevops.com/ https://cdn.linkedin.oribi.io/* https://analytics.google.com/* ;img-src 'self' 'unsafe-inline' https://developers.google.com   https://www.viva.com.bo https://viva.com.bo https://helios-ads-core.oyealva.com/ https://minio-core.oyealva.com/ https://www.google.com https://www.google.com.bo https://www.google-analytics.com https://www.facebook.com https://www.linkedin.com  https://px4.ads.linkedin.com https://p.adsymptotic.com/ https://secure.gravatar.com https://v2assets.zopim.io/ https://v2.zopim.com/ https://maps.gstatic.com https://maps.googleapis.com https://d35v9wsdymy32b.cloudfront.net https://static.customersaas.com https://px.ads.linkedin.com https://d3mwk3f7r8fv9u.cloudfront.net data: ;style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css https://mas-nuevatel.inconcertcc.com https://cdn.datatables.net https://d1r5etm691cejh.cloudfront.net https://static.customersaas.com https://fonts.googleapis.com/* ;font-src 'self'  https://fonts.gstatic.com https://cdnjs.cloudflare.com/ https://*.inconcertcc.com https://v2.zopim.com/ https://static.customersaas.com data: ;frame-src https://drive.google.com/ https://www.google.com/ https://www.youtube.com/ https://helios-hub.nuevatel.com/ https://*.inconcertcc.com https://vars.hotjar.com/ https://www.facebook.com https://*.viva.com.bo/ ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net dc.services.visualstudio.com oss.maxcdn.com *.fastway.org *.fastway.co.nz *.fastwayenquiries.com www.fastwayfms.com *.api.fastway.org *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com  *.gstatic.com https://*.googleusercontent.com *.googleusercontent.com *.google.com googleadservices.com youtube.com *.fastway.com.au https://*.messagebird.com localhost:44399 wss://localhost:44399; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com/ https://www.facebook.com/ https://www.google.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://games.tactic.net/; img-src 'self' https://games.tactic.net https://tactic.net https://img.youtube.com http://dev.tactic.net/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net; object-src 'self' https://*.youtube.com/ https://www.recaptcha.net/ https://www.google.com/ https://games.tactic.net/; frame-src 'self' https://*.youtube.com/ https://www.recaptcha.net/ https://www.google.com/ https://games.tactic.net/; 1
object-src none; report-uri /report-csp-violation 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com letsgoeasy-koop.de; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-QbSm8TltEWSYsaWRo84KDg=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1
frame-ancestors 'self' https://shopproxy.p-s-s.de ; style-src 'self' localhost:* https://fonts.googleapis.com  https://test.vr-pay-ecommerce.de  http://oxomi.com 'unsafe-inline' 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.cookiebot.eu *.teamtailor-cdn.com *.facebook.net *.bokabord.se *.bidtheatre.com chat.hotelchat.ai; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com *.cookiebot.com backend.chatbase.co *.usercentrics.eu *.cookiebot.eu; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com *.doubleclick.net chat.hotelchat.ai *.cookiebot.eu; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net *.chatbase.co *.cookiebot.eu *.facebook.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https:; base-uri 'self'; block-all-mixed-content; connect-src https:; font-src https: data:; form-action 'self'; frame-ancestors 'none'; frame-src https://affimvip.baidu.com https://ai.cloudpense.com; worker-src 'none'; img-src https: data: blob:; media-src https:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
base-uri  'self' ; child-src  'self' blob: ; connect-src  'self' *.ads.linkedin.com *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com payments.blackbaud.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src  'self' blob: *.crazyegg.com *.constantcontact.com; font-src  'self' *.gstatic.com *.bootstrapcdn.com data:  fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action  'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src  'self' td.doubleclick.net tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  blob: www.google.com www.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors  'self' ; img-src  'self'  'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com  ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src  'self' ; media-src  'self' *.medtronic.com s.w.org ; object-src  'self' ; script-src  'self'  'unsafe-inline' payments.blackbaud.com tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem  'self'  'unsafe-inline' payments.blackbaud.com tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr  'self'  'unsafe-inline'  'unsafe-eval' ; style-src  'self'  'unsafe-inline' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem  'self'  'unsafe-inline' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr  'self'  'unsafe-inline' ; worker-src  'self' blob: ;  upgrade-insecure-requests; 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src *.sibelga.be *.youtube.com *.youtube-nocookie.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net prod.sibelga2.marlon.be *.google.com https://playplay.com www.google.com www.gstatic.com; img-src * 'self' data: cdn-cookieyes.com *.cookieyes.com; manifest-src prod.sibelga2.marlon.be 'self'; script-src *.sibelga.be 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com *.youtube.com *.youtube-nocookie.com tagmanager.google.com snap.licdn.com cdn.matomo.cloud *.matomo.cloud www.google.com www.gstatic.com corsproxy.io *.cookieyes.com cdn-cookieyes.com; style-src prod.sibelga2.marlon.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
default-src 'none'; connect-src 'self' cdn.plyr.io www.google.com; font-src 'self' data:; form-action 'self' annuaire.group.gca; frame-ancestors 'self'; frame-src 'self' www.google.com; img-src 'self' xiti.com *.xiti.com server.arcgisonline.com data:; media-src 'self'; script-src 'self' 'unsafe-inline' www.youtube.com tag.aticdn.net xiti.com www.google.com www.gstatic.com leaflet.github.io unpkg.com/leaflet@1.6.0/dist/leaflet.js; style-src 'self' 'unsafe-inline' leaflet.github.io unpkg.com/leaflet@1.6.0/dist/leaflet.css 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com blob: https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://cdn.jsdelivr.net https://*.surveymonkey.com https://js.stripe.com/v3/ https://player.vimeo.com https://unpkg.com; img-src 'self' https://nzmca.s3.ap-southeast-2.amazonaws.com https://d1o3mhf2l0m2f4.cloudfront.net blob: https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://i.ytimg.com https://*.facebook.com https://*.surveymonkey.com; frame-src *.google.com https://*.doubleclick.net youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.stripe.com player.vimeo.com; connect-src 'self' https://d1o3mhf2l0m2f4.cloudfront.net https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.surveymonkey.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com; worker-src blob: 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com https://staticcdn.co.nz https://www.youtube-nocookie.com/; img-src 'self' https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://staticcdn.co.nz https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-OWUzMTJkNTkyZTc4YWRjZDc0MWYzZmE1OGRiYmFhMjBlOWM1NzljYWVmM2QwYmIxNjU1NzJjMDA2ZTMxNzdhZGE2MWQ4ZGYxNjNiOGM5NDMxNDJiZWFkOWU3YzZkM2I3ZjliYTNlMmNhYTBhNWI3M2EyNGFhOGRmZDRjODM0ZTc=' 'unsafe-eval' blob:; style-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google.com www.google.com *.analytics.google.com nr-data.net *.nr-data.net *.smartsuppchat.com *.clarity.ms *.smartsuppcdn.com bat.bing.com consentcdn.cookiebot.com wss://websocket-visitors.smartsupp.com cdn.jsdelivr.net googlesyndication.com *.googlesyndication.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net manager.eu.smartlook.cloud google.cz www.google.cz *.seznam.cz analytics.tiktok.com www.analytics.tiktok.com *.elfsight.com analytics-ipv6.tiktokw.us www.analytics-ipv6.tiktokw.us *.metricool.com *.boldem.cz facebook.com www.facebook.com; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net; img-src 'self' w3.org data: xdigr.cz facebook.com *.facebook.com bat.bing.com *.seznam.cz *.cookiebot.com www.google.com www.google.cz files.smartsuppcdn.com c.clarity.ms *.bing.com www.googletagmanager.com *.cdninstagram.com *.fbcdn.net *.googleusercontent.com *.elfsightcdn.com *.metricool.com; media-src 'self' *.smartsuppcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google.com www.gstatic.com js-agent.newrelic.com consent.cookiebot.com consentcdn.cookiebot.com smartsuppchat.com *.smartsuppchat.com clarity.ms scripts.clarity.ms www.clarity.ms smartlook.com *.smartlook.com seznam.cz *.seznam.cz bing.com *.bing.com www.smartsuppchat.com facebook.net *.facebook.net *.smartsuppcdn.com googleads.g.doubleclick.net www.googleadservices.com ajax.cloudflare.com www.ajax.cloudflare.com static.cloudflareinsights.com www.static.cloudflareinsights.com analytics.tiktok.com www.analytics.tiktok.com analytics-ipv6.tiktokw.us analytics-ipv6.tiktokw.us *.elfsight.com universe-static.elfsightcdn.com *.metricool.com *.boldem.cz; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.smartsuppcdn.com *.boldem.cz; worker-src 'self' blob: 1
allow 'self' data: blob; 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com www.creativecomputerconsulting.ca *.tiktok.com *.ttwstatic.com;  1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-36b8f52d28cdf709fbefaa17dffc35c1' 'nonce-061e1bf7a89997593ee85bfefe36a741' 'nonce-92633a51f0172c9d303219eb2abf9003' 'nonce-11463fc61443c5fecaee86e7e3b7ec3b' 'nonce-a88fdaa67896774347f29d3b895812df' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-36b8f52d28cdf709fbefaa17dffc35c1' 'nonce-061e1bf7a89997593ee85bfefe36a741' 'nonce-92633a51f0172c9d303219eb2abf9003' 'nonce-11463fc61443c5fecaee86e7e3b7ec3b' 'nonce-a88fdaa67896774347f29d3b895812df' 'self' 'unsafe-inline' https: 'report-sample' 1
report-uri https://abgtr7ca.uriports.com/reports/enforce; report-to default; script-src 'self' 'unsafe-eval' 'strict-dynamic' https: 'unsafe-inline' 'sha256-+fsADJWa9MyrXlBLM2PX6RmxUf1a+BSrAOHLOVH7QrU=' 'sha256-kJSetDBewtVAhs/ZALDDMc8OxygoKufBG+OOatdJYJU=' 'nonce-rpM/uhpPIrJDaM9afETVUw=='; object-src 'none'; base-uri 'none'; frame-ancestors 'self' https://weddybird.com/; upgrade-insecure-requests 1
script-src 'self' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'unsafe-eval' https://siteimproveanalytics.com https://*.mouseflow.com https://www.youtube.com https://*.app.cookieinformation.com 'nonce-1ee3702cddbc4622be0aeb27f89e2ac2de5c39c7975b4622960c066615262df0a7d54abcdf3841bba071167cd26d6f1c'; frame-ancestors *.commentor.dk https://pensure.dk https://drb.bankdata.dk https://*.bankdata.dk https://*.jyskebank.dk https://*.pension.dk *.bec.dk http://pbuapp.ngrok.io https://portal.pfa.dk https://mit.pfa.dk https://mitpfa.dk https://www.industrienspension.dk https://Pka.dk https://Pbu.dk https://Lppension.dk *.danicapension.dk *.appension.dk *.pensure.dk https://mppension.dk *.pka.dk *.pbu.dk *.lppension.dk drb://drb.jyskebank.dk https://drb.jyskebank.dk https://localhost:44337/* https://akademikerpension.dk https://*.sydbank.dk https://*.almbrand.dk drb://drb.sydbank.dk drb://drb.almbrand.dk https://staging.pengeprofilen.dk https://min.pengeprofilen.dk https://app.kreditdata.dk *.mitotium.dk *.pensure.dk https://drb.nordfynsbank.dk drb://drb.nordfynsbank.dk https://drb.skjernbank.dk drb://drb.skjernbank.dk https://drb.djurslandsbank.dk drb://drb.djurslandsbank.dk https://drb.kreditbanken.dk drb://drb.kreditbanken.dk https://drb.landbobanken.dk drb://drb.landbobanken.dk https://drb.spks.dk drb://drb.spks.dk https://netpension.velliv.dk 1
frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
base-uri 'none'; frame-ancestors 'none'; object-src 'none'; script-src https: http: 'unsafe-eval' 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.zoho.com/crm/WebFormServeServlet?rid=8642a64b1c21195bf713c28a80605c6f2507a2a2eb4359ee5a0428a9de2e552cfd42f3d466f86752265f952f3047b388gidea310b11c447e231eee93092fd255267e4750bc464751bfb4e62646e44e9f470&script=$sYG https://crm.zohopublic.com/crm/WebFormAnalyticsServeServlet?rid=55677bca693089bc8ec43b0348834f19c3689269c83539f4ed462233135f5cdbcca151d8772858e742172267c549080agid2cf8427b76257b04eff22a77ec9666f5e42fbdd5ddf192f23fbe063c55778510gidf41a30b1077f8002ce3a48600e4d09ecde122ce8d2310f6c6d19c5e87eb733ebgide42d7ba99e6bb4d9e880da6aca964a652a52f14aee38e895f519bfd1c84c529b&tw=1ac272354d3510a6b8812ae3068f7081cb9cbb1fec256d2bbcd30b9df748a866 https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js https://jwgcv-zgph.maillist-manage.net/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z3bb553a28bf9b6355af3365287fbd01316130673a7be55e2021a8d41b198ffc6&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fsorteio-2%2F https://jwgcv-zgph.maillist-manage.net/ua/* https://jwgcv-zgph.maillist-manage.net/* https://*.maillist-manage.net/* https://jwgcv-zgph.maillist-manage.net/js/dig.js https://ma.zoho.com/js/zc.iframe.js https://maillist-manage.net/ua/TrailEvent?callback=processData&category=updImpression&signupFormIx=3z2b1cad771d6eaeaeb0e2bbf505315985402081f71c4ab3fe1d5eae7d868d04a0&trackingCode=ZCFORMVIEW&action=impression&orgId=3z8781ce729168d79b5c42fdd2785596d8db2e0bf942561fa5e4cecebb6f9cb533&actId=3z4f744b06beaf81bbb0cf226b686d2fdf5f03a74ecf6a3bdd4ddcc94c7f8993e0&custId=3z4f744b06beaf81bbb0cf226b686d2fdfd44ab791b6f2fc3d92b6e7ae4d095678&zx=134d43161&visitorType=0 https://jwgcv-zgpvh.maillist-manage.net/js/dig.js https://jwgcv-zgpvh.maillist-manage.net/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z2b1cad771d6eaeaeb0e2bbf505315985402081f71c4ab3fe1d5eae7d868d04a0&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fcongresso-go%2F%3Fpreview_id%3D27395%26preview_nonce%3D7d6f981372%26preview%3Dtrue&ref=https%3A%2F%2Fmedgrupo.com.br%2Fwp-admin%2Fpost.php%3Fpost%3D27395%26action%3Delementor https://jwgcv-cmpzourl.maillist-manage.com/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z8499bd93ca6649db7c77441daa4d7f1887e91940131bcae0f8525c055ec1b426&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fzoho%2F%3Fpreview_id%3D26836%26preview_nonce%3D69265c5d3c%26preview%3Dtrue&ref=https%3A%2F%2Fmedgrupo.com.br%2Fzoho%2F%3Fpreview_id%3D26836%26preview_nonce%3D69265c5d3c%26preview%3Dtrue https://jwgcv-cmpzourl.maillist-manage.com/js/dig.js https://jwgcv-cmpzourl.maillist-manage.com/* https://ma.zoho.com/js/optin.min.js https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.gstatic.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://cdn.jsdelivr.net https://code.jquery.com/ https://cdnjs.cloudflare.com/; img-src 'self' data: https://jwgcv-zgph.maillist-manage.net/images/spacer.gif https://*.maillist-manage.net/images/* https://*.zoho.com/* https://campaigns.zoho.com/images/challangeiconenable.jpg https://jwgcv-zgpvh.maillist-manage.net/images/spacer.gif https://campaigns.zoho.com/images/challangeiconenable.jpg https://campaigns.zoho.com/images/videoclose.png https://ma.zoho.com/images/videoclose.png https://ma.zoho.com/images/challangeiconenable.jpg https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://www.google.com.br/* https://code.jquery.com/* https://cdnjs.cloudflare.com/*; object-src 'self' data: https://*.maillist-manage.net/ https://jwgcv-cmpzourl.maillist-manage.com/* https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://code.jquery.com/ https://cdnjs.cloudflare.com/; frame-src 'self' data: https://*.maillist-manage.net/ https://jwgcv-cmpzourl.maillist-manage.com/* https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://code.jquery.com/ https://cdnjs.cloudflare.com/; 1
base-uri 'none';child-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com;connect-src 'self' ws: wss: https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://google.com https://google.co.uk https://connect.facebook.net https://www.facebook.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://assets.zuko.io https://api.zuko.io https://b9r8u7pkx0.execute-api.eu-west-1.amazonaws.com/v1/domains/homegroup.org.uk/forms/ https://zuko-session-replay-recordings-prod.s3.amazonaws.com/ webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com https://*.ttwstatic.com https://*.consultationonline.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://www.googletagmanager.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://*.ceros.com https://assets.zuko.io https://api.zuko.io https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://www.googletagmanager.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com *.google.com code.jquery.com chatserver.comm100.com *.comm100.io *.twitter.com *.facebook.net *.facebook.com cdnjs.cloudflare.com; worker-src 'self' blob:; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.typekit.net use.fontawesome.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht *.google.com *.google.co.in *.comm100.io *.comm100.com www.googletagmanager.com i.ytimg.com secure.gravatar.com *.w.org *.twitter.com *.facebook.com *.facebook.net; media-src 'self' *.wikimedia.org; frame-src 'self' blob: *.google.com www.youtube.com www.googletagmanager.com *.twitter.com *.facebook.com *.facebook.net; font-src 'self' data: fonts.gstatic.com *.typekit.net chatserver.comm100.com use.fontawesome.com; connect-src 'self' *.google-analytics.com *.google.com stats.g.doubleclick.net chatserver11.comm100.io yoast.com;frame-ancestors 'self' https://afsiasolar.com https://*.afsiasolar.com https://mesia.com https://*.mesia.com https://mesia.glueup.com; 1
default-src 'none'; connect-src 'self' *.google-analytics.com *.googlesyndication.com *.google.com chatling.ai stats.g.doubleclick.net h.seznam.cz *.seznam.cz *.run.app *.cloudflare.com *.ipify.org *.tiktok.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.typekit.net; frame-src *.google.com *.googletagmanager.com https://www.youtube-nocookie.com/ embed.chatling.ai; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net unpkg.com *.google.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.seznam.cz *.facebook.net lingq.io chatling.ai analytics.tiktok.com *.adform.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net unpkg.com *.cloudflare.com *.googleapis.com *.typekit.net *.seznam.cz *.facebook.net 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com https://*.sentry.io; font-src 'self' https://*.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src *; img-src 'self' https://*.google-analytics.com data:;; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.smooch.io https://*.sentry.io https://*.zdassets.com https://*.zendesk.com https://*.zopim.com 'nonce-8k9pXoSmr/oXJh9pFwCEkA=='; style-src 'self' 'unsafe-hashes' 'unsafe-eval' https://cdn.jsdelivr.net https://*.googleapis.com 'nonce-8k9pXoSmr/oXJh9pFwCEkA=='; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'nonce-vV7TTl9DEMpG7Cg2Q87tmiqzZ61HM/rbC2+8/8MoLZ8=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com https://*.vimeocdn.com;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com https://*.gstatic.com https://*.google.com https://*.google.se data: ;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.se https://*.doubleclick.net;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com https://*.doubleclick.net;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com; 1
font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.productreview.com.au https://fonts.yieldify-production.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com https://sdk.giftflick.com.au https://libraries.unbxdapi.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://ib.adnxs.com https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.eventbrite.com.au https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://bat.bing.com https://sdk.giftflick.com.au https://www.clarity.ms https://googleads.g.doubleclick.net https://cdn.taboola.com https://trc.taboola.com https://wave.outbrain.com https://secure.quantserve.com https://rules.quantcount.com *.retargeted.co https://wisepops.net https://cdn.wisepops.com https://cdn.wisepops.net https://app.getwisp.co https://loader.wisepops.com https://script.crazyegg.com https://ct.pinterest.com https://libraries.unbxdapi.com https://search.unbxdapi.com  *.amazonaws.com https://gateway.pmnts.io https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://static.elfsight.com https://cdn.pmnts.io https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://cdn.jsdelivr.net https://code.jquery.com; default-src 'self' https://images.wineselectors.com.au https://vars.hotjar.com https://www.google.com https://www.facebook.com https://notifications.wisepops.com https://wisepops.net; connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://c.flx1.com wss://ws1.hotjar.com https://bacon.section.io https://in.hotjar.com https://www.facebook.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://tr.outbrain.com https://stats.g.doubleclick.net https://t.clarity.ms https://cds.taboola.com https://pips.taboola.com https://maps.googleapis.com *.retargeted.co  https://cdn.giftflick.com.au/ https://wisepops.net https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://search.unbxd.io https://www.pinterest.com https://*.unbxd.io https://*.s3.amazonaws.com https://tracking.popsplot.com.au https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://www.google.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://centinelapistag.cardinalcommerce.com https://writer.cardinalcommerce.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://gateway.pmnts.io https://centinelapi.cardinalcommerce.com https://*.execute-api.us-east-1.amazonaws.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://a.klaviyo.com https://*.cloudfront.net https://pixel.quantserve.com https://cdn.productreview.com.au https://wineselectors.ipscape.com.au https://www.googleadservices.com https://js.go2sdk.com https://cdn.jsdelivr.net; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au https://phosphor.utils.elfsightcdn.com; object-src 'self' https://images.wineselectors.com.au; child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://www.instagram.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://www.google.com.au https://wineselectors.ipscape.com.au https://www.ojrq.net https://tracking.gopsjump.com.au https://*.yieldify.com https://ct.pinterest.com https://ct.pinterest.com https://td.doubleclick.net https://cdn.taboola.com https://wisepops.net https://tracking.popsplot.com.au https://www.googletagmanager.com https://geostag.cardinalcommerce.com https://*.elf.site/ https://geo.cardinalcommerce.com https://www.rsa3dsauth.co.uk https://centinelapi.cardinalcommerce.com https://mycardsecure.com https://secure7.arcot.com https://authentication.cardinalcommerce.com; frame-src * 1
default-src  'self' *.fg.cz localhost localhost-promo;font-src  'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src  'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com *.clarity.ms *.facebook.com *.seznam.cz;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz *.clarity.ms;form-action  'self' *.fg.cz *.facebook.com;frame-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;worker-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;frame-ancestors  'self' *.fg.cz;img-src  'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz *.clarity.ms *.bing.com;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src  'self' *.fg.cz 1
urbanohio.com 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src * https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl 1
base-uri 'none';child-src 'none';connect-src 'self' nusantaradev.chakra.uno nusantara.chakra.uno be-chilgo-prenagen-dev-d33dgvhu5a-as.a.run.app articlecommunityapi.chakra.uno storage.googleapis.com fastly.jsdelivr.net *.facebook.com www.google-analytics.com revamp-loyalty-bff-wcjse4tjjq-et.a.run.app nusantara.chakrarewards.com analytics.google.com unpkg.com https://*.g.doubleclick.net revamp-loyalty-bff-dev-chdcaf35ya-et.a.run.app be-chilgo-prenagen-dev-chdcaf35ya-et.a.run.app revamp-loyalty-bff-dev-12772865132.asia-southeast2.run.app be-chilgo-prenagen-dev-12772865132.asia-southeast2.run.app analytics.tiktok.com www.google.com www.googleadservices.com www.google.co.id www.googletagmanager.com https://*.useinsider.com https://*.api.useinsider.com https://hb-s3-media-stg.s3.ap-southeast-3.amazonaws.com https://hb-s3-media-prod.s3.ap-southeast-3.amazonaws.com https://analytics-ipv6.tiktokw.us https://cdn.jsdelivr.net wss://*.useinsider.com ws: webpack://*;default-src 'self';font-src 'self' fonts.gstatic.com *.useinsider.com *.api.useinsider.com;form-action 'self';frame-ancestors https://loyalty-teman-prenagen-dev-chdcaf35ya-et.a.run.app https://loyalty-web-chilgo-dev-chdcaf35ya-et.a.run.app https://blackmores-rewards-club-dev-chdcaf35ya-et.a.run.app https://loyalty-kecc-dev-chdcaf35ya-et.a.run.app https://loyalty-entrasol-dev-chdcaf35ya-et.a.run.app https://entrasol2021.dev.rollingglory.com *.prenagen.com https://www.chilgorewardsclub.com https://loyalty.blackmores.co.id https://www.blackmores.co.id https://loyalty.sahabatkecc.com https://sahabatkecc.com https://loyalty.entrasol.com https://kpoin.entrasol.com https://entrasol.com https://www.entrasol.com https://kecc.kalbe.co.id https://kalbe.co.id https://www.kalbe.co.id https://kecc.klikdokter.com https://klikdokter.com https://www.klikdokter.com https://loyalty.morinagaweb.by.rollingglory.com https://morinagaweb.by.rollingglory.com https://loyalty.morinaga.id https://kpoin.morinaga.id https://morinaga.id;frame-src *;img-src 'self' * data: blob:;manifest-src 'self';media-src 'self' * data:;object-src 'self' 'unsafe-inline' *.useinsider.com *.api.useinsider.com;script-src 'self' www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com *.facebook.com connect.facebook.net tinyurl.com cdn.tiny.cloud assets.adobedtm.com analytics.tiktok.com www.googleadservices.com www.google.co.id *.useinsider.com *.api.useinsider.com *.youtube.com https://cdn.jsdelivr.net https://*.g.doubleclick.net 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval';style-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net tinyurl.com www.gstatic.com www.googletagmanager.com cdn.tiny.cloud *.useinsider.com *.api.useinsider.com 'unsafe-inline';worker-src 'self' * data: blob:; 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg www.google.mu www.google.com.tj www.google.com.kw ajax.cloudflare.com www.google.com.pe www.google.li www.google.com.gh www.google.sn www.google.bj www.google.dz www.google.com.jm www.google.com.cu www.google.cd api.wp-rocket.me; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' wss://directline.botframework.com https://directline.botframework.com directline.botframework.com https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://*.algolia.net *.algolia.net https://*.algolianet.com *.algolianet.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://stats.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' https://*.faqbot.nz *.faqbot.nz https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://dnc.us5.list-manage.com dnc.us5.list-manage.com; frame-ancestors 'self'; frame-src 'self' wss://directline.botframework.com https://youtube.com youtube.com https://youtu.be youtu.be https://*.sharethis.mgr.consensu.org *.sharethis.mgr.consensu.org https://www.google.com www.google.com https://public.tableau.com public.tableau.com https://player.vimeo.com player.vimeo.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googleapis.com https://*.s3.ap-southeast-2.amazonaws.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://www.facebook.com www.facebook.com data:; media-src https://youtube.com youtube.com https://www.youtube.com www.youtube.com https://vimeo.com vimeo.com https://youtu.be youtu.be https://i.vimeocdn.com i.vimeocdn.com; object-src 'self'; script-src 'self' https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://sharethis.com sharethis.com https://*.sharethis.com *.sharethis.com https://*.googletagmanager.com *.googletagmanager.com https://www.google.com www.google.com https://gstatic.com gstatic.com https://public.tableau.com public.tableau.com https://code.jquery.com code.jquery.com https://www.google-analytics.com www.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://*.sharethis.js *.sharethis.js https://connect.facebook.net connect.facebook.net https://www.googletagmanager.com www.googletagmanager.com https://www.gstatic.com www.gstatic.com 'nonce-ZWVkNjZlMTBmZGMyMTcwZTIxYWUxYjhjYjIyZWY3ZTJlODZhOTgwMDg4YmY1NzNiZWY5ZjkwNmI4YjIxMWFjNWNlZDQ5ZDY3N2YwNjgwZDI2NjhjOTQ1ZDgyMGJlNzgwNTkxYjliYjc2NGJmZTZjMjk0YWI5ZjBiZmYwOTY3YzM=' 'unsafe-eval'; style-src 'self' https://unsafe-inline unsafe-inline https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.google-analytics.com ssl.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-to csp-endpoint; upgrade-insecure-requests 1
allow 'self'; frame-ancestors dev.togostanza.org 1
default-src 'unsafe-inline' 'self' data: image/* https://google.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://*.gstatic.com https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://*.quantserve.com https://*.quantcount.com https://measurement-api.criteo.com https://bat.bing.com https://*.clarity.ms https://use.fontawesome.com https://player.vimeo.com https://extend.vimeocdn.com https://my.matterport.com https://*.onetrust.com https://cdn.cookielaw.org https://bam.nr-data.net https://web-sandbox.pypestream.com https://*.pype.tech https://*.launchdarkly.com https://cdn.jsdelivr.net https://*.typekit.net https://*.facebook.com https://connect.facebook.net https://*.tiktok.com https://*.linkedin.com; script-src 'unsafe-inline'  'unsafe-eval'  'self'  https://www.googletagmanager.com  https://*.googlesyndication.com  https://maps.googleapis.com  https://www.googleadservices.com  https://www.google-analytics.com  https://*.doubleclick.net  https://secure.quantserve.com  https://rules.quantcount.com  https://*.criteo.com  https://*.criteo.net  https://bat.bing.com  https://*.clarity.ms/  https://use.fontawesome.com  https://*.vimeo.com  https://*.vimeocdn.com  https://static.cloudflareinsights.com  https://cdn.cookielaw.org  https://js-agent.newrelic.com  https://web-sandbox.pypestream.com  https://*.pype.tech  https://*.pypest https://web.pypestream.com  https://*.facebook.net  https://business-api.tiktok.com/  https://analytics.tiktok.com/  https://snap.licdn.com  https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://www.googletagmanager.com/ https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com  https://www.google.com; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' https://secure.livechatinc.com *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com https://api.livechatinc.com https://cdn.livechatinc.com *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com https://api.reciteme.com 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: ; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://weconnect.se/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://weconnect.se/; form-action 'self' data: blob: ; 1
worker-src 'self' blob: data:; default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.usercentrics.eu *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.openstreetmap.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1
base-uri 'self' https://www.pink.test https://www.selesti.com; default-src 'self' https://*.clarity.ms *.clarity.ms https://c.bing.com c.bing.com 'unsafe-inline'; connect-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.facebook.net *.facebook.net https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google-analytics.com *.google-analytics.com https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-growth-metrics.com *.hs-growth-metrics.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsadspixel.net *.hsadspixel.net https://*.hubspot.com *.hubspot.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://api.hubapi.com api.hubapi.com https://apis.google.com apis.google.com https://fonts.googleapis.com fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com https://fpdl.vimeocdn.com fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://googleadservices.com googleadservices.com https://js.hs-banner.com js.hs-banner.com https://js.hsforms.net js.hsforms.net https://player.vimeo.com player.vimeo.com https://poirot.selesti.com poirot.selesti.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net https://*.clarity.ms *.clarity.ms https://*.analytics.google.com *.analytics.google.com https://*.cookiebot.com *.cookiebot.com https://*.googlesyndication.com *.googlesyndication.com https://*.linkedin.oribi.io *.linkedin.oribi.io; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://checkforcloudflare.selesti.com checkforcloudflare.selesti.com https://forms.hsforms.com forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.slideshare.net *.slideshare.net https://*.vimeo.com *.vimeo.com https://*.youtube.com *.youtube.com https://app.hubspot.com app.hubspot.com https://forms.hsforms.com forms.hsforms.com https://*.cookiebot.com *.cookiebot.com; img-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.google-analytics.com *.google-analytics.com https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.jp *.google.co.jp https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.se *.google.se https://*.google.sk *.google.sk https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hsforms.com *.hsforms.com https://*.hsforms.net *.hsforms.net https://*.hubspot.com *.hubspot.com https://*.linkedin.com *.linkedin.com https://cx.atdmt.com cx.atdmt.com blob: data:; media-src https://*.vimeo.com *.vimeo.com https://*.vimeocdn.com *.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://ssl.gstatic.com ssl.gstatic.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.net *.facebook.net https://*.google-analytics.com *.google-analytics.com https://*.google.ae *.google.ae https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.au *.google.com.au https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.de *.google.de https://*.google.fr *.google.fr https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.ru *.google.ru https://*.google.sk *.google.sk https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-banner.com *.hs-banner.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsforms.net *.hsforms.net https://*.hsforms.com *.hsforms.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://js.hsadspixel.net js.hsadspixel.net https://*.clarity.ms *.clarity.ms https://*.cookiebot.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com *.googleapis.com https://*.google.com *.google.com 'unsafe-inline'; worker-src 'self'; report-uri https://poirot.selesti.com/api/violation/selesti; report-to https://poirot.selesti.com/api/violation/selesti; upgrade-insecure-requests 1
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1
default-src 'self' * 'unsafe-inline' data: blob: 1
default-src 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com info.autobooks.co; script-src info.autobooks.co; object-src info.autobooks.co; style-src 'unsafe-inline' 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; img-src data: 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; frame-src info.autobooks.co; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.wereview.com; upgrade-insecure-requests; 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com www.googleadservices.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net https://ajax.googleapis.com bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: *.leadinfo.net *.typekit.net fonts.gstatic.com;img-src 'self' data: *.google.be *.google-analytics.com *.google.com www.google-analytics.com *.omappapi.com i.ytimg.com *.leadinfo.net *.pascogifts.com pascogifts.com *.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.cloudflare.com cdn.jsdelivr.net *.googleapis.com www.youtube.com www.pascogifts.com *.doubleclick.net *.hotjar.com cdn.leadinfo.net *.googletagmanager.com *.omappapi.com consent.cookiefirst.com https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js *.google-analytics.com;style-src 'self' 'unsafe-inline' *.cookiefirst.com *.leadinfo.net *.omappapi.com *.googleapis.com *.typekit.net cdn.jsdelivr.net;report-uri /csp/violation/report;connect-src *.hotjar.com *.google-analytics.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.io *.cookiefirst.com *.leadinfo.com *.leadinfo.net *.pascogifts.com *.omappapi.com consent.cookiefirst.com *.analytics.google.com;frame-src *.doubleclick.net *.teamleader.eu www.youtube.com 1
default-src 'self' www.fotoprofi.de img.fotoprofi.de https://pc-cdn.fra1.cdn.digitaloceanspaces.com/ rmail.fotoprofi.de c.emailsys2a.net apple.com *.apple.com cdn.pay1.de d.ratepay.com d.ratepay.de secure.pay1.de https://www.youtube-nocookie.com img.youtube.com i.ytimg.com analytics.google.com *.analytics.google.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com tagmanager.google.com *.tagmanager.google.com apis.google.com *.apis.google.com www.gstatic.com bat.bing.com bat.bing.net connect.facebook.net facebook.com *.facebook.com facebook.net *.facebook.net *.etrusted.com *.trustedshops.com *.saal-digital.net *.fotodiensteservice.de https://s3.eu-central-1.amazonaws.com/fra-webresources/ https://s3.eu-central-1.amazonaws.com/fra-webpages.shop.saal-digital.net/ fra-webresources.s3.eu-central-1.amazonaws.com photoservice.cloud https://*.loadbee.com/ availability.loadbee.com/v3/EAN/ https://cdn.loadbee.com https://content.syndigo.com/asset/ https://content.syndigo.com/page/ https://content.syndigo.com/site/ https://scontent.webcollage.net https://syndi.webcollage.net/site/xenudo-de-de/tag.js https://*.joomag.com/res_mag/ https://www.gravatar.com media.flixcar.com media.flixfacts.com *.flix360.com media.flixsyndication.net *.flix360.io syndication.flix360.com *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.jwplayer.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com analytics.webgains.io api.webgains.io 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report.php; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee arensburg.ee www.iaa.ie kliimaministeerium.ee konkurents.ee laaneharju.ee images.marinetraffic.com www.konkurents.ee www.google.com.af www.lngconference.eu www.upf-group.dk www.cruiseeurope.com tentea.ec.europa.eu www.google.as www.google.com.et www.google.cf www.google.com.tj www.google.com.om www.google.co.ck www.google.co.zm kit.fontawesome.com ka-p.fontawesome.com; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
default-src 'self'; base-uri 'self'; connect-src 'self' https: http: https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.facebook.com https://*.fbcdn.net https://*.leeloo.ai https://widgets.binotel.com https://*.binotel.com https://www.youtube.com https://s.ytimg.com https://a.plerdy.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.google.com https://www.gstatic.com https://connect.facebook.net https://*.facebook.com https://*.leeloo.ai https://widgets.binotel.com https://*.binotel.com https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: blob: https: https://i.ytimg.com https://s.ytimg.com https://a.plerdy.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.facebook.com https://*.fbcdn.net https://*.leeloo.ai https://widgets.binotel.com https://*.binotel.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.youtube.com https://*.youtube.com https://s.ytimg.com https://a.plerdy.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://s.ytimg.com https://widgets.binotel.com https://*.binotel.com 1
worker-src 'self' blob: data:; default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.usercentrics.eu *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com https://youtu.be *.vimeo.com *.ytimg.com piwik.itzbund.de www.bisp-surf.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com https://youtu.be; frame-src *.google.com *.gstatic.com *.youtube.com https://youtu.be *.vimeo.com www.datawrapper.de datawrapper.dwcdn.net; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com https://youtu.be *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self' www.datawrapper.de datawrapper.dwcdn.net; worker-src 'self'; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-4aVFdGn+AIdMA7dBxnluxwaX' 'nonce-syq3NieMGEofGj1Y1qfeDPet' 'nonce-rGYcx4sKaqRqjKoJ0bgc65yX' 'nonce-b9dwXDLVGmBm4igsQY+OMYmT' 'nonce-dLXwr3U+wgxq1TDZPlbXg3VT' 'nonce-V+smruGRny2eKvXFonmPdQlv' 'nonce-PivtYqS6/xj/A8WGXY2sprAF' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
frame-ancestors https://*.ilnotiziario.net 1
allow 'self'; gtp.com.au 1
default-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://login.microsoftonline.com http://login.microsoftonline.com login.microsoftonline.com https://www.google.com http://www.google.com www.google.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://global.frcapi.com http://global.frcapi.com global.frcapi.com https://www.google.com http://www.google.com www.google.com https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://pro.doctolib.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com http://www.google.com www.google.com https://www.gstatic.com http://www.gstatic.com www.gstatic.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 1
font-src 'self' https://userlike-cdn-umm.b-cdn.net; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self'; script-src 'self' *.th-bingen.de *.b-ite.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://stats.th-bingen.de 'unsafe-inline'; connect-src 'self' *.th-bingen.de *.b-ite.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com wss://umd.userlike.com https://stats.th-bingen.de;  img-src * *.b-ite.com data:; style-src 'self' 'unsafe-inline' *.b-ite.com data:; 1
frame-ancestors 'self' infopoint.kastner.local infopoint.kastner.at *.kastner.at *.biogast.at 1
font-src 'self' data: https://fonts.gstatic.com https://fonts.mailerlite.com https://assets.mlcdn.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/ https://landing.mailerlite.com; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com https://track.mailerlite.com https://assets.mlcdn.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline' https://*.mailerlite.com https://assets.mlcdn.com; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline' https://static.mailerlite.com https://fonts.mailerlite.com https://assets.mlcdn.com; report-uri /v2/csp-violations/report 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com data:; block-all-mixed-content; connect-src 'self' https://region1.google-analytics.com/g/collect https://geolocation.onetrust.com/cookieconsentpub/ https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/logos/ https://www.google.com/recaptcha/api2/; frame-src 'self' https://www.youtube.com www.gstatic.com www.google.com; img-src 'self' data: https:; script-src 'self' https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://unpkg.com https://www.googletagmanager.com/gtag/js https://region1.google-analytics.com/g/collect https://cdn.cookielaw.org/ 'unsafe-inline' 'nonce-tzqJI+vKYLqcShg33Bl8jA=='; style-src 'unsafe-inline' 'self' fonts.googleapis.com fonts.gstatic.com; report-uri /nelmio/csp/report 1
default-src 'self'; object-src 'none'; style-src 'self' https://vud-icons.s3.eu-north-1.amazonaws.com 'unsafe-inline'; img-src https: data:; script-src 'self' https://www.google.com https://www.gstatic.com 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self' https://www.google.com https://aka.ms; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';upgrade-insecure-requests; 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://static.zdassets.com https://gpt.avm.botario.com https://www.gravatar.com ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com wss://widget-mediator.zopim.com wss://pod-28.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com wss://gpt.avm.botario.com ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://widget-mediator.zopim.com https://gpt.avm.botario.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com https://gpt.avm.botario.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com  1
default-src 'none'; img-src 'self'; script-src 'self'; 1
base-uri 'self'; default-src 'self' blob: data: *.storck.com *.wonderlandmovies.de *.stage.sto.adacor.net ar.merci.at ar.merci.pl *.amazonaws.com; script-src 'self' 'nonce-HoBAzq7eC00z0WzDaHD-JIvtwKHIdCyZ8n6mbLD0U9DTRcNaiTzGCA' blob: data: *.storck.com storck.piwik.pro *.googleadservices.com *.pricespider.com *.mapbox.com s3.us-west-2.amazonaws.com click2cart.com *.click2cart.com maps.googleapis.com; img-src 'self' blob: data: *.storck.com storck.piwik.pro *.pricespider.com *.wonderlandmovies.de *.stage.sto.adacor.net staebchen-designer.merci.de *.amazonaws.com *.gstatic.com attach-videos.s3.amazonaws.com *.albertsons-media.com *.media-amazon.com *.walmartimages.com click2cart.com *.click2cart.com maps.gstatic.com maps.googleapis.com c.imedia.cz gdecz.hit.gemius.pl ib.adnxs.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.pricespider.com *.mapbox.com click2cart.com *.click2cart.com maxcdn.bootstrapcdn.com s3.us-west-2.amazonaws.com fonts.googleapis.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mapbox.com *.iriworldwide.com click2cart.com *.click2cart.com maps.googleapis.com; font-src 'self' data: *.storck.com s3.us-west-2.amazonaws.com maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' *.storck.com data: ar.merci.at ar.merci.pl *.stage.sto.adacor.net staebchen-designer.merci.de blob: di.rlcdn.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1
connect-src  'unsafe-inline' irssolutions.com *.unpkg.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.mouseflow.com *.linkedin.com *.hsforms.com *.hubspot.com *.hubapi.com *.hs-analytics.net *.hscollectedforms.net *.calconic.com  *.termly.io *.googlesyndication.com *.reddit.com *.redditstatic.com *.bing.com *.clarity.ms https: ; font-src  'unsafe-inline'  data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com https: *.gstatic.com ; frame-src  'unsafe-inline' irssolutions.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.vimeo.com td.doubleclick.net *.stripe.com *.hs-sites.com *.gartner.com *.termly.io facebook.com datainsights-cdn.dm.aws.gartner.com *.youtube.com *.googletagmanager.com  https: *.youtube.com *.vimeo.com ; img-src  'unsafe-inline' irssolutions.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.irssolutions.com *.linkedin.com www.facebook.com *.reddit.com *.hsforms.com *.hubspot.com *.hsappstatic.net *.doubleclick.net *.bing.com  https: *.gravatar.com *.wordpress.org s.w.org ; media-src 'self' s.w.org ; script-src  'unsafe-inline'  'unsafe-eval' irssolutions.com *.unpkg.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net https://cdn.mouseflow.com https://ipinfo.io *.youtube.com *.termly.io *.googlesyndication.com *.reddit.com *.redditstatic.com *.bing.com *.clarity.ms  https: *.googleapis.com *.gstatic.com ; script-src-elem  'unsafe-inline' irssolutions.com unpkg.com cdn.jsdelivr.net cdn.mouseflow.com *.licdn.com *.hs-scripts.com *.facebook.net *.redditstatic.com *.hsforms.net *.hscollectedforms.net *.hubspot.com *.hs-analytics.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.stripe.com https://cdnjs.cloudflare.com *.calconic.com *.googleadservices.com *.vimeo.com *.termly.io https://ipinfo.io *.youtube.com *.google.com  *.googlesyndication.com *.reddit.com *.bing.com *.clarity.ms https: *.googleapis.com *.gstatic.com ; style-src  'unsafe-inline' irssolutions.com *.unpkg.com *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net  https: *.googleapis.com ; style-src-elem  'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net  https: *.googleapis.com ; style-src-attr  'unsafe-inline' ; worker-src  blob:; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src 'none'; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://siteintercept.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; report-uri /report-csp-violation 1
base-uri 'self'; frame-ancestors 'self' 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://api.getaddress.io https://*.google-analytics.com https://*.googletagmanager.com; font-src https://assets.nurserymilk.co.uk; frame-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; img-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/ data:; object-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; script-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' 'sha256-//t8DN+5PHt8HhW5JH2ig7gM5SCiAAJ19Gba5fqlebw='; style-src https://assets.nurserymilk.co.uk; report-uri /_csp/report 1
default-src data: 'self';script-src 'self' 'unsafe-eval' https://*.here.com;style-src 'self' 'unsafe-inline' ;object-src 'self' blob:;img-src 'self' data: blob:;connect-src blob: 'self' https://*.here.com;worker-src blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org unpkg.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com unpkg.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com unpkg.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://*.laylo.com/; img-src 'self' data: https://www.paypalobjects.com/ https://*.laylo.com/; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://officialmattrifecomedy.com/ https://*.paypal.com/ https://*.laylo.com/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://officialmattrifecomedy.com/ https://*.paypal.com/ https://*.laylo.com/; 1
allow 'self'; options inline-script eval-script; frame-ancestors 'self' 1
default-src  'self' data:;font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com *.seznam.cz *.clarity.ms *.facebook.com *.googlesyndication.com googletagmanager.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com *.clarity.ms *.googlesyndication.com;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com *.fliphtml5.com;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com *.fliphtml5.com;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk *.leady.com *.clarity.ms *.bing.com *.googlesyndication.com;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz www.googletagmanager.com;object-src  'self' 1
frame-ancestors 'self' *.intelligentcontacts.net; 1
default-src 'self' https://dev.shop.bioeg.de https://shop.bioeg.de https://shop.bioeg.de; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://cdn1.readspeaker.com https://vtdnntts-eu.readspeaker.com; style-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com; img-src 'self' https://dev.shop.bioeg.de https://shop.bioeg.de https://shop.bioeg.de data: https://piwik.bzga.de https://www.bioeg.de https://service.bzga.de https://www.bzga.de; frame-src 'self' *.frcapi.com https://app-eu.readspeaker.com; 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://nursinglicensemap.com; https://whitelabel.2u.com; 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.stripe.com/ https://stats.wp.com/ https://*.typekit.net/ https://*.testfreaks.com/ https://sibautomation.com/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.google.com/ https://*.hcaptcha.com/ https://leilasgeneraistore.com/ https://cdn.brevo.com/ https://capi-automation.s3.us-east-2.amazonaws.com/; img-src 'self' data: blob: https://pixel.wp.com/ https://*.typekit.net/ https://*.google.se/ https://*.google.com/ https://*.testfreaks.com/; object-src 'self' data: blob: https://*.stripe.com/ https://*.billmate.se/ https://*.facebook.com/ https://*.google.com/ https://*.hcaptcha.com/ https://www.googletagmanager.com/; frame-src 'self' data: blob: https://*.stripe.com/ https://*.billmate.se/ https://*.facebook.com/ https://*.google.com/ https://*.hcaptcha.com/ https://www.googletagmanager.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval'  blob:; 1
default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.googleadservices.com *.usercentrics.eu connect.facebook.net snap.licdn.com *.google.com *.linkedin.com *.doubleclick.net cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.docksal.site:* *.ddev.site:* *.gstatic.com chosen.js *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.clarity.ms; object-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com *.usercentrics.eu cdn.jsdelivr.net cdnjs.cloudflare.com chosen.css unpkg.com; img-src 'self' data: *.google.com *.google.be *.facebook.com *.linkedin.com *.typekit.net *.icons8.com *.usercentrics.eu www.googletagmanager.com *.doubleclick.net *.hubspot.com c.clarity.ms *.bing.com; media-src 'self'; frame-src 'self' *.usercentrics.eu app.powerbi.com *.youtube.com *.google.com www.googletagmanager.com *.spotify.com *.apple.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com; connect-src 'self' *.google-analytics.com *.usercentrics.eu *.linkedin.com *.facebook.com *.google.com unpkg.com *.clarity.ms; report-uri /report-csp-violation 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://visitwroclaw.eu/dist/ https://visitwroclaw.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net/npm/lightbox2@2/dist/js/lightbox.min.js https://visitwroclaw.lama-media.com/; img-src 'self' blob: https://secure.gravatar.com/avatar/ https://app.allaccessible.org/ https://s.w.org/images/core/emoji/ https://visitwroclaw.eu/wp-content/themes/visitwroclaw/assets/ https://visitwroclaw.s3.eu-central-1.amazonaws.com/ https://visitwroclaw.lama-media.com/; object-src 'self' blob: https://visitwroclaw.lama-media.com/; frame-src 'self' blob: https://visitwroclaw.lama-media.com/; 1
default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.videoamp.com *.pixel.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fullstory.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js *.cloudflare.com *.mikmak.ai *.swaven.com https://sc-static.net/sc-pixel-helper.min.js; object-src 'self'; style-src 'self'  'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com *.typekit.net *.cloudflare.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.videoamp.com *.pixel.tapad.com *.snapchat.com *.doubleclick.net *.mikmak.ai *.swaven.com *.analytics.yahoo.com *.adnxs.com *.abtasty.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/ https://img.youtube.com/ https://polandspring.bluetritonbrands.acsitefactory.com/sites/g/files/zmtnxh116/files/2024-08/promo-img.png; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.abtasty.com *.googletagmanager.com *.mikmak.ai *.swaven.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.abtasty.com *.typekit.net *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.fullstory.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net https://www.facebook.com *.google.com *.googleadservices.com *.mikmak.ai *.swaven.com https://rs.fullstory.com/s/settings/o-232TA0-na1/v1/web https://insight.adsrvr.org/track/realtimeconversion; upgrade-insecure-requests 1
base-uri 'self'; script-src 'self' www.googletagmanager.com graph.instagram.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com rawgit.com 'unsafe-inline' fontawesome.com www.youtube.com s.ytimg.com 0.0.0.0:8080 localhost:8080 'unsafe-eval' recaptcha.net 1
default-src 'self' www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net service.force.com molcocarparts.my.salesforce-sites.com molcocarparts.my.salesforce.com *.salesforceliveagent.com www.google.com/recaptcha/api2/anchor *.mouseflow.com consentcdn.cookiebot.com pagead2.googlesyndication.com consent.cookiebot.com www.google.com/ccm/collect; block-all-mixed-content; font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com/bootstrap/3.1.1/fonts/ *.mouseflow.com; frame-src service.force.com 360.molco.nl www.google.com www.google.nl www.googletagmanager.com consentcdn.cookiebot.com molcocarparts.my.salesforce.com; img-src 'self' data: *.google-analytics.com www.google.com www.google.nl www.googletagmanager.com *.mouseflow.com 360.molco.nl imgsct.cookiebot.com bogijn.nl/; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com www.googleoptimize.com az416426.vo.msecnd.net ajax.googleapis.com/ajax/libs/angularjs/1.5.9/angular.min.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ *.salesforceliveagent.com molcocarparts.my.salesforce.com molcocarparts.my.salesforce-sites.com *.static.lightning.force.com service.force.com *.mouseflow.com consent.cookiebot.com consentcdn.cookiebot.com info.bogijn.nl/ info.molco.nl/; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css molcocarparts.my.salesforce-sites.com molcocarparts.my.salesforce.com service.force.com; report-uri /nelmio/csp/report 1
default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com piwik.itzbund.de matomo03.itzbund.de; img-src 'self' data: demografie-portal.de *.demografie-portal.de 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de matomo03.itzbund.de; frame-ancestors 'self'; 1
strict-dynamic 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com cdn.ckeditor.com maps.googleapis.com *.polyfill.io *.google.com *.unpkg.com *.gstatic.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: maps.gstatic.com maps.googleapis.com imgsct.cookiebot.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org return.flexmail.eu; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com slant.co data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: region1.google-analytics.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.datatables.net http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net https://www.googletagmanager.com https://glamipixel.com; img-src 'self' data: https://cdn.datatables.net https://glamipixel.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://glamipixel.com; 1
script-src 'self'; 1
default-src 'self'; img-src *; media-src * data:;, default-src 'self'; img-src *; media-src * data:; 1
object-src 'none' 1
default-src 'self' *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site *.raptorsmartadvisor.com *.algolia.io *.google.com *.googleapis.com *.gstatic.com *.bazaarvoice.com *.inbenta.services *.inbenta.io *.inbenta.chat:8000 *.algolianet.com *.algolia.net *.google-analytics.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.plyr.io *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com geo.api.gouv.fr *.jsdelivr.net *.kameleoon.eu *.kx1.co *.contentsquare.net *.form.io; base-uri 'self' *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.jsdelivr.net *.kameleoon.eu *.kx1.co *.contentsquare.net *.form.io; block-all-mixed-content; connect-src *; font-src 'self' data: *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site *.google.com *.googleapis.com *.gstatic.com *.inbenta.io *.jsdelivr.net *.form.io; frame-ancestors 'self'; frame-src 'self' *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site *.google.com *.googleapis.com *.gstatic.com *.kameleoon.eu *.youtube.com *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.plyr.io *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.jsdelivr.net *.bazaarvoice.com  *.groupe-atlantic.fr *.googletagmanager.com *.form.io; img-src 'self' data: *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site *.openstreetmap.org *.bazaarvoice.com *.plateforme-services.com *.cookiebot.com *.ephoto.fr *.google.com *.googleapis.com *.gstatic.com *.inbenta.com *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.plyr.io picsum.photos placekitten.com *.picsum.photos *.placeholder.com sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.kimple.co *.form.io *.contentsquare.net *.privacy-center.org *.facebook.com *.groupe-atlantic.fr; media-src 'self' *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site *.vimeo.com *.youtube.com *.plyr.io sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.jsdelivr.net; object-src 'none'; script-src 'self' blob: *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site *.cloudflare.com *.msecnd.net *.bazaarvoice.com *.google.com *.googleapis.com *.gstatic.com *.inbenta.services *.inbenta.io *.inbenta.chat *.youtube.com *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'  *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com   *.google-analytics.com  googleads.g.doubleclick.net  *.plyr.io *.jquery.com *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.jsdelivr.net deliver.raptorstatic.com *.kameleoon.eu *.kx1.co *.contentsquare.net *.kx1.co kx1.co *.iesnare.com *.form.io *.facebook.net *.privacy-center.org *.googlesyndication.com *.groupe-atlantic.fr *.upsun-eu-5.observability-pipeline.blackfire.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com *.bazaarvoice.com *.inbenta.io *.inbenta.chat *.confort-sauter.com *.3fq4ysez3hwd2.fr-4.platformsh.site  *.plyr.io *.sketchfab.com *.youtube-nocookie.com *.noembed.com *.jsdelivr.net *.form.io *.inbenta.io *.sdk.inbenta.io *.groupe-atlantic.fr 1
default-src https: date: 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://ep2.adtrafficquality.google/ https://www.instagram.com/; img-src 'self' data: blob: https://*.fna.fbcdn.net/ https://ep1.adtrafficquality.google/; object-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://sverigesradio.se/ https://www.sverigesradio.se/ https://www.instagram.com/ https://open.spotify.com/ https://www.facebook.com/ https://www.podbean.com/; frame-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://sverigesradio.se/ https://www.sverigesradio.se/ https://www.instagram.com/ https://open.spotify.com/ https://www.facebook.com/ https://www.podbean.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval'  blob:; 1
base-uri 'none'; default-src 'self'; child-src https://www.youtube.com  https://skk.erecruiter.pl https://heyzine.com https://*.heyzine.com https://*.google.com https://www.googletagmanager.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com  https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src 'self' https://skk.erecruiter.pl https://*.seznam.cz https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com https://*.gstatic.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com  https://*.gstatic.com https://skk.erecruiter.pl https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com ttps://skk.erecruiter.pl 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' goldbikiniclub.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trusted.cdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self'; img-src 'self' https: data:; script-src 'self' https://inaadress.maaamet.ee https://www.google.com https://www.gstatic.com ; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com blob:; 1
frame-ancestors 'self' https://*.lovevite.com 1
default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-rimVB6nFD2Cmy8Yt8B5KLQ'; style-src 'self' https://apis.google.com/* 'nonce-rimVB6nFD2Cmy8Yt8B5KLQ'; img-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; img-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; object-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; frame-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.s3.eu-west-1.amazonaws.com/ https://sleeknotestaticcontent.sleeknote.com/ http://*.sleeknote.com https://api.getdrip.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/; img-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com https://onsite-subscribe.getdrip.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/; object-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; frame-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; 1
frame-ancestors 'self' https://*.papajohns.com.sv ; object-src 'self' *.papajohns.com.sv ; img-src 'self' *.papajohns.com.sv  data: *.twimg.com *.twitter.com *.facebook.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.sv  *.statcounter.com *.facebook.net *.doubleclick.net *.google.com sailplays3.cdnvideo.ru res.cloudinary.com *.digitaloceanspaces.com *.bitworks.com.sv; script-src 'self' *.papajohns.com.sv 'unsafe-inline' 'unsafe-eval' data: *.twimg.com *.googletagmanager.com *.facebook.com *.google.com *.google.com.sv *.google-analytics.com maps.googleapis.com ajax.googleapis.com *.gstatic.com *.twitter.com *.statcounter.com *.facebook.net *.hotjar.io *.hotjar.com static.hotjar.com *.googleadservices.com cdnjs.cloudflare.com sailplay.ru sailplay.net *.sailplay.net sailplays3.cdnvideo.ru cdn.jsdelivr.net cdn.pushalert.co code.jquery.com *.bitworks.com.sv l.getsitecontrol.com static.cloudflareinsights.com papajohns.containers.piwik.pro ; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com https://api.infomaniak.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
allow 'self'; font-src 'self'; media-src *; img-src * 'self'; script-src 'self' https://*.gravatar.com https://ajax.googleapis.com; https://*.google.com; style-src 'self'; 1
block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com https://scontent.cdninstagram.com https://*.cdninstagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tag.aticdn.net 1
allow 'self' *.onesignal.com; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' sarthac.gov.in 10.3.0.45 127.0.0.1 localhost www.google.com www.youtube.com 10.244.91.80 172.25.142.93 security-seal.emsign.com ; 1
default-src 'self'; img-src ; media-src data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://graph.facebook.com https://widgets.pinterest.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://www.linkedin.com https://api-public.addthis.com http://localhost https://player.vimeo.com https://www.njuskalo.hr; connect-src 'self' https://*.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://graph.facebook.com https://api-public.addthis.com http://localhost https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.njuskalo.hr; img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://graph.facebook.com https://widgets.pinterest.com https://maps.gstatic.com https://maps.google.com https://www.linkedin.com https://api-public.addthis.com https://player.vimeo.com https://www.njuskalo.hr; font-src 'self' https://fonts.gstatic.com https://www.njuskalo.hr; frame-src 'self' https://playe* 1
allow 'self' 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1
frame-ancestors 'self' *.trade.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.amap.com *.dotomi.com *.tiktok.com; img-src 'self' data: *.google.com *.googleapis.com *.gstatic.com nexus.ensighten.com www.googletagmanager.com citiintl.122.2o7.net www.google-analytics.com www.google.co.in www.facebook.com *.dotomi.com *.tiktok.com; 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.googletagmanager.com https://td.doubleclick.net;img-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32 https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://*.calendly.com/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.list-manage.com/ https://calendly.com/ https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG https://google-analytics.com/ https://googletagmanager.com/ https://maps.google.com/ https://maps.googleapis.com/ https://platform.twitter.com/widgets.js https://s3.amazonaws.com/ https://stats.wp.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; img-src 'self' data: https://*.google-analytics.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.ytimg.com/ https://google-analytics.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://googletagmanager.com/ https://gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://pixel.wp.com/ https://translate.googleapis.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; object-src 'self' data: https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; frame-src 'self' data: https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; 1
* 1
frame-src 'self' https://ep2.adtrafficquality.google https://cdn.affinipay.com https://calendly.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://tpc.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://images.tryascend.com https://www.youtube.com; img-src * 'self' blob: data:; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://api.ipify.org https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://*.claspo.io https://*.ads.linkedin.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com; frame-src 'self' * blob:; img-src 'self' 'unsafe-inline' data: https://haulotte.ephoto.fr https://maps.googleapis.com https://maps.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://*.ads.linkedin.com https://recruitingbypaycor.com https://www.google.fr https://www.google.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com https://static.addtoany.com https://code.jquery.com https://haulotte-dam.ephoto.fr https://*.googletagmanager.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://static.hotjar.com https://snap.licdn.com https://*.claspo.io https://recruitingbypaycor.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.com *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self'; style-src 'unsafe-inline' 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.hsforms.com *.hsforms.com; font-src 'self' https://*.typekit.net *.typekit.net; form-action 'self' https://*.hsforms.com *.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.hsforms.com *.hsforms.com https://*.matterport.com *.matterport.com https://*.youtube.com *.youtube.com https://*.google.com *.google.com; img-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.hsappstatic.com *.hsappstatic.com https://*.hsforms.com *.hsforms.com https://*.hs-embed-reporting.com *.hs-embed-reporting.com https://*.hubspot.com *.hubspot.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'self' https://*.olivia.com *.olivia.com https://samplelib.com samplelib.com https://*.googleapis.com *.googleapis.com; object-src 'none'; script-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.clarity.ms *.clarity.ms https://*.googletagmanager.com *.googletagmanager.com https://*.hsforms.net *.hsforms.net https://*.hs-scripts.com *.hs-scripts.com https://*.youtube.com *.youtube.com 'unsafe-inline'; style-src 'self' https://*.typekit.net *.typekit.net 'unsafe-inline'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js; img-src 'self' http://fasadeu.public80.prekdemo.se/ https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' ; frame-src 'self' ; 1
connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com *.google.com blob: data:; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.google.com *.google.com https://*.youtube.com *.youtube.com https://beacon-control.msas.uk/beacon.php; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.openstreetmap.org https://api.mapbox.com https://*.google.com *.google.com https://*.googleusercontent.com *.googleusercontent.com blob: data:; object-src 'self'; script-src 'self' https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com *.google.com https://*.ggpht.com https://*.googleusercontent.com *.googleusercontent.com https://js.pusher.com https://cdn.tiny.cloud https://*.youtube.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.gstatic.com https://*.googleapis.com 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self' blob: 1
base-uri 'none'; default-src 'none'; child-src https://web.cmp.usercentrics.eu https://www.youtube.com https://www.youtube.com https://www.google.com; connect-src 'self' https://v1.api.service.cmp.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://q.clarity.ms; font-src 'self' https://use.typekit.net; frame-ancestors 'self'; frame-src https://web.cmp.usercentrics.eu https://www.youtube.com https://www.google.com; img-src 'self' https://app.usercentrics.eu https://uct.service.usercentrics.eu https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://i3.ytimg.com https://c.clarity.ms https://c.bing.com https://www.google.com https://www.google.be data:; manifest-src 'self'; script-src 'self' https://web.cmp.usercentrics.eu https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://use.typekit.net https://www.clarity.ms 'nonce-e817ae2c1ecf4cfc' 'nonce-8c4159f4d41b73ba'; style-src 'self' https://use.typekit.net https://p.typekit.net 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; img-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; object-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; frame-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://consentcdn.cookiebot.com https://open.spotify.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.weezevent.com https://docs.google.com https://cdn.jsdelivr.net https://licensing.bitmovin.com https://analytics-ingress-global.bitmovin.com https://d12sgur2q2of22.cloudfront.net/ blob: https://*.tiktok.com https://*.analytics.google.com https://*.spotify.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com; object-src 'none'; script-src 'self' https://consent.cookiebot.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-npPkDqdGhkfq+x8vhGmuwQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://cdn.jsdelivr.net; upgrade-insecure-requests 1
base-uri 'self'; script-src 'self' www.googletagmanager.com graph.instagram.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com rawgit.com 'unsafe-inline' fontawesome.com www.youtube.com recaptcha.net s.ytimg.com 0.0.0.0:8080 'unsafe-eval' static.axept.io cdn.tailwindcss.com cdn.jsdelivr.net 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.bhg.com; upgrade-insecure-requests; 1
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net *.videodelivery.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net medien.bka.de https://www.flens.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.videodelivery.net; img-src 'self' data: *.bka.de *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de *.openstreetmap.org; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de *.facebook.com; 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com *.x.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com cdnjs.cloudflare.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com rumble.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com *.jwplayer.com cdnjs.cloudflare.com stats.addtoany.com 1
base-uri  'self' ; connect-src  'self'  https: *.google-analytics.com *.google.com *.g.doubleclick.net *.wpengine.com yoast.com https: ; default-src  'self' ; font-src  'self'  data: https: *.gstatic.com fonts.gstatic.com cdn.jsdelivr.net *.bootstrapcdn.com https: *.gstatic.com ; form-action  'self' https *.facebook.com; frame-src  'self'  https: *.youtube.com *.vimeo.com blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net https: *.youtube.com *.vimeo.com ; img-src  'self'  data: https: *.gravatar.com *.wordpress.org s.w.org ts.w.org ps.w.org *.googletagmanager.com *.w.org *.google.com *.google-analytics.com *.gstatic.com https: *.gravatar.com *.wordpress.org s.w.org ; media-src  'self'  https: s.w.org; object-src  'none' ; script-src  'self'  'unsafe-inline'  https: *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com https: *.googleapis.com *.gstatic.com ; script-src-elem  'unsafe-inline'  cdn.jsdelivr.net *.appliancecentre.co.uk https: *.googleapis.com *.gstatic.com ; style-src  'self'  'unsafe-inline'  https: *.googleapis.com fonts.googleapis.com cdn.jsdelivr.net *.gstatic.com https: *.googleapis.com ; style-src-elem  'unsafe-inline'  fonts.googleapis.com cdn.jsdelivr.net *.appliancecentre.co.uk https: *.googleapis.com ; worker-src  blob:; 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.sgwidget.com/; img-src 'self' data: https://secure.gravatar.com/; object-src 'self' data: ; frame-src 'self' data: ; 1
frame-ancestors 'self' *.business.qld.gov.au 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://o419240.ingest.sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com/ https://maps.googleapis.com https://maps.googleapis.com https://www.facebook.com/ cdn.datatables.net https://analytics.google.com/; font-src 'self' fonts.gstatic.com; frame-src https://www.youtube.com https://www.facebook.com https://web.facebook.com/ https://www.google.com/ https://youtube.com/ https://td.doubleclick.net/; img-src 'self' facebook.com flickr.com https://maps.gstatic.com/ https://maps.googleapis.com/ data: https://www.google.com https://www.google.rs https://i.ytimg.com https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' connect.facebook.net https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com 'nonce-vAncdrKPwhhV2dLVcVG2CA=='; style-src 'self' fonts.googleapis.com/css 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://msg-gets-ae-fn-av-prd.azurewebsites.net https://msggetsavaesaprd.blob.core.windows.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net https://*.googletagmanager.com http://*.googleapis.com http://*.gstatic.com http://*.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://*.google.com http://csi.gstatic.com http://*.gstatic.com http://*.googleapis.com http://*.linkedin.com http://api-public.addthis.com http://connect.facebook.net https://connect.facebook.net; 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; media-src 'self' https://reile.co.jp 1
frame-ancestors 'self' *.myhotelschool.nl ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/glightbox/dist/css/glightbox.min.css https://cdn.jsdelivr.net/npm/glightbox/dist/js/glightbox.min.js https://mapy.com/* https://www.na-statku.cz/ https://corekit.oxyninja.com/ https://mapy.com/s/nusahetaro; img-src 'self' https://www.na-statku.cz/ https://mapy.com/* https://corekit.oxyninja.com/; object-src 'self' https://www.na-statku.cz/ https://mapy.com/*; frame-src 'self' https://www.na-statku.cz/ https://mapy.com/*; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com/ https://www.paypalobjects.com/ https://t.paypal.com/; img-src 'self' https://www.paypalobjects.com/; object-src 'self' https://www.google.com https://*.paypal.com/; frame-src 'self' https://www.google.com https://*.paypal.com/; 1
default-src 'self'; child-src https://www.youtube.com www.youtube.com https://*.facebook.com https://player.vimeo.com https://www.yumpu.com; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; frame-src https://www.youtube.com www.youtube.com https://*.facebook.com https://player.vimeo.com https://www.yumpu.com; img-src 'self' https://www.facebook.com https://* * https://www.google-analytics.com https://ssl.google-analytics.com data:; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://youtube.com https://s.ytimg.com https://www.googletagmanager.com 'nonce-/0RD4PGtuVV1PC5pD9B6jWWb' 'unsafe-inline' 'strict-dynamic'; style-src 'self' https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-uri https://403e2720446385ad0c84ae222f0e0f42.report-uri.com/r/d/csp/enforce; report-to https://403e2720446385ad0c84ae222f0e0f42.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://gssapps.ebscohost.com/ https://forms.office.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie  https://*.google.nl https://*.webspellchecker.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' static.addtoany.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com cdn.matomo.cloud matomo.lmc.systems https://www.google.com https://platform.twitter.com https://www.gstatic.com https://cdn.ckeditor.com https://proxy-event.ckeditor.com; style-src 'self' 'unsafe-inline'  fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' * data:; frame-src 'self' static.addtoany.com www.youtube.com https://www.google.com https://platform.twitter.com https://www.gstatic.com; font-src 'self' fonts.gstatic.com; connect-src 'self' matomo.lmc.systems; report-uri /report-csp-violation 1
default-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: *.openstreetmap.org ; media-src 'self' ; font-src 'self' ; frame-src 'self' data: ; connect-src 'self' data: ; 1
img-src 'self' *.norma.fr https://piwik.norma-online.de https://captcha.liveidentity.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma.fr https://piwik.norma-online.de www.youtube.com blob:; object-src 'none'; font-src 'self' *.norma.fr; 1
default-src 'self' https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://login.microsoftonline.com http://login.microsoftonline.com login.microsoftonline.com https://www.google.com http://www.google.com www.google.com https://client.inecos.de http://client.inecos.de client.inecos.de https://maps.googleapis.com https://api.abfallplus.io http://api.abfallplus.io api.abfallplus.io https://*.abfall.io http://*.abfall.io *.abfall.io https://*.stage.bio http://*.stage.bio *.stage.bio https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://client.inecos.de http://client.inecos.de client.inecos.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://global.frcapi.com http://global.frcapi.com global.frcapi.com https://www.google.com http://www.google.com www.google.com https://lkclp.maps.arcgis.com http://lkclp.maps.arcgis.com lkclp.maps.arcgis.com https://wunschkennzeichen.kdo.de http://wunschkennzeichen.kdo.de wunschkennzeichen.kdo.de https://*.lkclp.de http://*.lkclp.de *.lkclp.de https://komsis.inecos.de http://komsis.inecos.de komsis.inecos.de https://client.inecos.de http://client.inecos.de client.inecos.de https://www.openstreetmap.org http://www.openstreetmap.org www.openstreetmap.org https://www.oldenburger-muensterland.de https://www.arcgis.com http://www.arcgis.com www.arcgis.com https://umap.openstreetmap.fr http://umap.openstreetmap.fr umap.openstreetmap.fr https://*.abfall.io http://*.abfall.io *.abfall.io https://creator.hosted-pageflow.com http://creator.hosted-pageflow.com creator.hosted-pageflow.com https://lkclp.pageflow.io http://lkclp.pageflow.io lkclp.pageflow.io https://www.touvia.de http://www.touvia.de www.touvia.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://seu2.cleverreach.com http://seu2.cleverreach.com seu2.cleverreach.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://client.inecos.de http://client.inecos.de client.inecos.de https://maps.googleapis.com https://maps.gstatic.com https://lkclp.de https://www.lkclp.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.stage.bio http://*.stage.bio *.stage.bio https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://cdn.eye-able.com http://cdn.eye-able.com cdn.eye-able.com https://www.eye-able-cdn.com http://www.eye-able-cdn.com www.eye-able-cdn.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://lkclp.maps.arcgis.com http://lkclp.maps.arcgis.com lkclp.maps.arcgis.com https://wunschkennzeichen.kdo.de http://wunschkennzeichen.kdo.de wunschkennzeichen.kdo.de https://*.lkclp.de http://*.lkclp.de *.lkclp.de https://komsis.inecos.de http://komsis.inecos.de komsis.inecos.de https://client.inecos.de http://client.inecos.de client.inecos.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://seu2.cleverreach.com http://seu2.cleverreach.com seu2.cleverreach.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://lkclp.maps.arcgis.com http://lkclp.maps.arcgis.com lkclp.maps.arcgis.com https://wunschkennzeichen.kdo.de http://wunschkennzeichen.kdo.de wunschkennzeichen.kdo.de https://*.lkclp.de http://*.lkclp.de *.lkclp.de https://komsis.inecos.de http://komsis.inecos.de komsis.inecos.de https://client.inecos.de http://client.inecos.de client.inecos.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://seu2.cleverreach.com http://seu2.cleverreach.com seu2.cleverreach.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com http://www.google.com www.google.com https://www.gstatic.com http://www.gstatic.com www.gstatic.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://client.inecos.de http://client.inecos.de client.inecos.de https://static.abfallplus.de http://static.abfallplus.de static.abfallplus.de https://maps.googleapis.com https://www.oldenburger-muensterland.de https://umap.openstreetmap.fr http://umap.openstreetmap.fr umap.openstreetmap.fr https://*.abfall.io http://*.abfall.io *.abfall.io https://www.deutsches-ausschreibungsblatt.de http://www.deutsches-ausschreibungsblatt.de www.deutsches-ausschreibungsblatt.de https://logaweb.kdo.de http://logaweb.kdo.de logaweb.kdo.de https://*.stage.bio http://*.stage.bio *.stage.bio https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://cdn.eye-able.com http://cdn.eye-able.com cdn.eye-able.com https://www.eye-able-cdn.com http://www.eye-able-cdn.com www.eye-able-cdn.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://client.inecos.de http://client.inecos.de client.inecos.de https://static.abfallplus.de http://static.abfallplus.de static.abfallplus.de https://lkclp.de https://*.abfall.io http://*.abfall.io *.abfall.io https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://cdn.eye-able.com http://cdn.eye-able.com cdn.eye-able.com https://www.eye-able-cdn.com http://www.eye-able-cdn.com www.eye-able-cdn.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 1
default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com www.youtube.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; media-src www.youtube-nocookie.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors https://www.tatasteel.online https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com test.tatasteeluk.com www.tatasteeluk.com https://ecmc05-d.tatasteel.online/nexus/ https://ecmc05-d.tatasteel.online https://ecmc05-t1.tatasteel.online/nexus/ https://ecmc05-t2.tatasteel.online/nexus/ https://ecmc05-pp.tatasteel.online/nexus/ https://www.tatasteeleurope.com/nexus/ https://ecmc05-t1.tatasteel.online/ https://ecmc05-acc.tatasteel.online/ https://ecmc05-t2.tatasteel.online/ https://ecmc05-pp.tatasteel.online/ nexustest.tatasteeluk.com dev.tatasteeluk.com nexus.tatasteeluk.com www.tatasteeleurope.com www.tatasteeleurope.com/nexus; report-uri /report-csp-violation 1
default-src data: 'self' https://*.hsforms.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.hsadspixel.net https://wisembly-content.s3.amazonaws.com/ https://js-eu1.hsforms.net/ https://appvizer.one/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://*.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.usemessages.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://region1.analytics.google.com https://forms.hscollectedforms.net https://www.google.fr https://api.hubspot.com https://appvizer.one https://ariadne.appvizer.one https://bat.bing.com https://forms.hsforms.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://fg.cdn.mediactive-network.net https://cta-eu1.hubspot.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://api-eu1.hubspot.com/livechat-public/v1/message/public https://helpdesk.wisembly.com wss://helpdesk.wisembly.com; font-src data: 'self' https://fonts.gstatic.com; img-src data: 'self' https://wisembly-content.s3.amazonaws.com/ https://avada.studio https://s.w.org https://ps.w.org https://*.linkedin.com https://bat.bing.com https://blog.wisembly.com https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://fg.cdn.mediactive-network.net; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-src 'self' https://td.doubleclick.net/ https://*.liveboutique.io https://avada.studio https://static.hsappstatic.net https://app.hubspot.com https://forms.hsforms.com https://vars.hotjar.com https://www.youtube.com https://cta-eu1.hubspot.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.addtoany.com *.youtube.com live-sip-platform.pantheonsite.io; object-src 'self' *.googleapis.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org; img-src 'self' data: *.gstatic.com *.facebook.com *.googletagmanager.com *.jsdelivr.net *.googleapis.com i.ytimg.com; media-src 'self'; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.spotify.com; font-src 'self' data:; connect-src 'self' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.us-central1.run.app *.conversionsapigateway.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https:; font-src https: data:; img-src https: data: blob:; frame-src https:; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
default-src https:;    style-src 'self' 'unsafe-inline' fonts.googleapis.com res.cloudinary.com code.jquery.com cdnjs.cloudflare.com cdn.syncfusion.com maxcdn.bootstrapcdn.com;    img-src 'self' https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com res.cloudinary.com v2assets.zopim.io data: secure.gravatar.com www.google-analytics.com googletagmanager.com maps.googleapis.com maps.gstatic.com atlaspcs.zendesk.com accounts.zendesk.com static.zdassets.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com pod-18-sunco-ws.zendesk.com assets.zendesk.com static.zdassets.com 8h1v7szp3ty1.statuspage.io ajax.googleapis.com statuspage-production.s3.amazonaws.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net widget-mediator.zopim.com www.googletagmanager.com www.google-analytics.com cdn.syncfusion.com widget.intercom.io js.intercomcdn.com cdn.datatables.net maps.googleapis.com pod-18.zendesk.com;    connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io https://api-iam.eu.intercom.io https://api-iam.intercom.io https://api.intercom.io wss://nexus-websocket-a.intercom.io wss://pod-18-sunco-ws.zendesk.com ekr.zdassets.com ekr.zendesk.com atlaspcs.zendesk.com api.smooch.io api.eu-1.smooch.io invatech.zendesk.com wss://pod-18.zendesk.com wss://widget-mediator.zopim.com 8h1v7szp3ty1.statuspage.io bam.nr-data.net www.google-analytics.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io maps.googleapis.com;    font-src 'self' data: https://js.intercomcdn.com https://fonts.intercomcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com;    manifest-src 'self';    media-src 'self' https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com static.zdassets.com;    frame-src 'self' https://widget.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net 8h1v7szp3ty1.statuspage.io www.invatechhealth.com;    frame-ancestors 'self';    object-src 'none';    worker-src 'self' https://widget.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;    form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io http://atlascentral31.invalife.net *.invalife.net http://www.atlascentral.co.uk *.atlascentral.co.uk https://atlas-central-test.pcsi.io http://atlas-central-test.pcsi.io *.pcsi.io *.invalife.net *.zendesk.com https://status.personcentredsoftware.com help.atlasemar.com; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; worker-src 'self'; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com data-apac.nestlehealthscience.com.hk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://siteintercept.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * 'self' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com data-apac.nestlehealthscience.com.hk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; report-uri /report-csp-violation 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://*.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://*.dengagecdn.com/ https://www.googletagmanager.com/ https://gtm.techcareer.net/ https://*.adtrafficquality.google/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/ https://www.google.com.tr https://*.googlesyndication.com https://*.doubleclick.net https://cv.gcp.techcareer.net https://assets.efilli.com https://*.adtrafficquality.google/ http://www.google.com/ads/measurement/ https://connect.facebook.net/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://bundles.efilli.com/ https://*.doubleclick.net https://*.googlesyndication.com https://*.dengage.com https://*.adtrafficquality.google/ https://static.geevisit.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self' blob:; 1
default-src 'self' https://*.youtube.com https://youtube.com https://youtu.be https://*.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://noembed.com/embed https://cdn.plyr.io https://apps.ticketmatic.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.analytics.google.com https://capig.stape.be https://capig.stape.cc https://*.google.be https://*.google.com https://*.doubleclick.net https://flackr.github.io; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://sparklink-dama.s3.eu-north-1.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://lab.digital-asset.app https://*.google.be/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://cdn.plyr.io https://*.facebook.com 'nonce-kfdZCN6sNTRxyHZOJ0mItw=='; style-src 'self' 'unsafe-inline' https://cdn.plyr.io/ https://*.googletagmanager.com blob:; upgrade-insecure-requests 1
default-src 'self';block-all-mixed-content ;connect-src 'self' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.zopim.com *.zdassets.com wss://* 'self' *.google-analytics.com goedapotheek.zendesk.com *.doubleclick.net *.zendesk.com *.hotjar.io *.hotjar.com *.googleapis.com https://cookiehub.net zendesk-eu.my.sentry.io www.google.be maps.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com https://analytics.goed.be pagead2.googlesyndication.com goed.containers.piwik.pro goed.piwik.pro tr.outbrain.com api-eu1.hubapi.com *.bing.com *.clarity.ms *.bing.net;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.zopim.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.zopim.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.be *.facebook.com secure.adnxs.com *.zendesk.com *.goed.be *.hotjar.com *.outbrain.com www.surplusgezondheid.be tr.outbrain.com www.blabla.be i.ytimg.com www.thuiszorgwinkel.be www.google.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net track-eu1.hubspot.com *.bing.com *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.zopim.com *.google-analytics.com *.google.com *.cookiehub.net static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com *.bing.com *.clarity.ms;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.cookiehub.net cookiehub.net;report-uri /csp/violation/report;frame-src www.youtube.com *.vimeo.com www.google.com clementineweb.azurewebsites.net *.jotform.com *.jotformeu.com optimize.google.com *.facebook.com *.actito.com *.hotjar.com *.testyourhearing.com www.goed.be www.yumpu.com form.jotformeu.com form.jotform.com submit.jotformeu.com mozbar.moz.com www3.actito.com loremipsum.io www.google.be www.hln.be eur03.safelinks.protection.outlook.com www.testyourhearing.com https://bid.g.doubleclick.net td.doubleclick.net https://my.3-dee.be/tour/goed https://share-eu1.hsforms.com www.googletagmanager.com email.goed.be;media-src static.zdassets.com *.goed.be www.goed.be;script-src-elem *.googleapis.com *.zopim.com *.zdassets.com data connect.facebook.net trk.adbutter.net *.hotjar.com *.googleoptimize.com *.cookiehub.net www.googleoptimize.com players.yumpu.com static.hotjar.com amplify.outbrain.com www.youtube.com tr.outbrain.com js-eu1.hs-scripts.com/145712486.js js-eu1.hs-analytics.net js-eu1.hsadspixel.net js-eu1.hs-banner.com 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.google.com static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com *.bing.com *.clarity.ms;style-src-elem fonts.googleapis.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline' *.google.com 1
child-src  'unsafe-inline' self; connect-src  'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io  https: ; default-src self; font-src  'unsafe-inline'  self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com https: *.gstatic.com ; frame-src  'unsafe-inline'  self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com https: *.youtube.com *.vimeo.com ; img-src  'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com  https: *.gravatar.com *.wordpress.org s.w.org ; media-src  s.w.org; script-src  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com  https: *.googleapis.com *.gstatic.com ; script-src-elem  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io  https: *.googleapis.com *.gstatic.com ; style-src  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  https: *.googleapis.com ; style-src-elem  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  https: *.googleapis.com ; style-src-attr  'unsafe-inline' ; worker-src  'unsafe-inline'  blob:; 1
default-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; frame-src 'self'; object-src 'none'; upgrade-insecure-requests; base-uri 'none'; 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.spotify.com/ https://open.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://pagead2.googlesyndication.com https://*.googleadservices.com https://*.google.com https://*.google.be https://snazzymaps.com https://my.matterport.com https://donate.autoworld.be https://*.doubleclick.net https://*.typekit.net https://flackr.github.io; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.facebook.com https://*.google.be https://*.google.com https://*.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-1dzT7zaTDLOaXOPWm/hfFA=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.googletagmanager.com https://fonts.googleapis.com blob:; upgrade-insecure-requests 1
base-uri 'self'; default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; style-src https: 'unsafe-inline' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; frame-ancestors https://*.mehrwert.de; frame-src 'self' https://*.mehrwert.de; form-action 'self'; font-src data: 'self' https://*.mehrwert.de; img-src data: 'self' https://*.mehrwert.de; media-src data: 'self' https://*.mehrwert.de; object-src data: 'self' https://*.mehrwert.de; connect-src data: 'self' https://*.mehrwert.de; 1
default-src https://www.fhlb-of.com.com:443 1
script-src http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1
default-src 'self' https://*.youtube.com https://youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://use.typekit.net https://track.mailerlite.com https://*.googlesyndication.com https://*.mailerlite.com/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://*.mailerlite.com https://*.googlesyndication.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-pk3WDrbBgsGDmeDI/BvSxA=='; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://*.googletagmanager.com https://assets.mlcdn.com https://*.mailerlite.com; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
frame-ancestors 'self' http://clients.pensoagency.com; upgrade-insecure-requests 1