Values for x-content-security-policy: allow 'self'; 46 frame-ancestors 'self' 22 default-src 'self' 22 report-uri /report-csp-violation 15 14 default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 12 default-src 'self'; 12 frame-ancestors 'none' 11 default-src 'self' 'unsafe-inline' 8 report-uri //report-csp-violation 7 upgrade-insecure-requests 6 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 5 frame-ancestors https://*.marketo.com 5 frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com 5 default-src 'self'; base-uri 'self'; 5 frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 5 default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://*.hotjar.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum.js; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://vars.hotjar.com https://*.doubleclick.net; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 4 referrer origin 4 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 4 frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 4 default-src https: 'unsafe-inline' 4 allow 'self' 4 report-uri /report-csp-violation; upgrade-insecure-requests 3 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 3 default-src 'self'; script-src 'self' 'unsafe-inline' 3 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com brightcove.hs.llnwd.net; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud; report-uri //report-csp-violation 3 script-src 'self'; 3 frame-ancestors 'self' https://shopproxy.p-s-s.de 3 frame-ancestors https://*.canalplus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 3 default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com *.onmarc.nl ssl.google-analytics.com *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net ;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content; 3 frame-ancestors 'self' weleda.sabio.de 3 default-src 'self'; script-src 'self'; 3 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 3 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2 connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2 frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2 frame-ancestors www.red-gate.com; 2 frame-ancestors 'self' https://documentation.sisense.com/; 2 font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 2 block-all-mixed-content; font-src 'self' fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.g.doubleclick.net *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.pinterest.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2 default-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com cdn.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com; connect-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.newrelic.com *.nr-data.net *.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com ; img-src 'self' data: *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' *.navexglobal.com *.policytech.com *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com; frame-ancestors 'self' *.pendo.io *.ethicspointvp.com; 2 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 2 frame-ancestors https://*.dondominio.com/ https://*.mrdomain.com; 2 base-uri 'self'; frame-ancestors 'self' 2 frame-ancestors 'none'; 2 frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 2 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 2 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com; report-uri /report-csp-violation 2 connect-src * 'self' 2 script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self' 2 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 2 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 2 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 2 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 2 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 2 default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2 style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data:; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ *.blogspot.com secure.givelively.org; 2 frame-ancestors https://*.smartrecruiters.com 2 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 2 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2 frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.eu https://booking2.centerparcs.ch https://booking2.centerparcs.be 2 frame-ancestors 'self' https://*.etracker.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' ; frame-src 'self' ; 2 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 2 frame-ancestors 'self' hhs.gov *.hhs.gov 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancecareers.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 1 child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com *.servenobid.com sdk.streamrail.com api.vidiom.net *.streamrail.net *.spotxchange.com *.advertising.com *.yieldoptimizer.com *.doubleclick.net *.buysellads.net *.1rx.io *.rtb-seller.com catchjs.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com *.hwcdn.net *.acuityplatform.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 1 default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: blob:; font-src https: data:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations; 1 img-src *; 1 frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com *.ariba.com 1 frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 1 default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com googletagmanager.com cdn.ravenjs.com ssl.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com 'nonce-yR9FMvMw4U1xiemiPaUlWsUAAVt0pPJ86HDTyOE2Hi9k/aW4'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 default-src 'self' static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob: *.avm.de;frame-ancestors 'self' 1 default-src 'self' https://*.tv1.eu http://*.tv1.eu 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 1 nosniff 1 frame-src app.powerbi.com *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de *.youtube.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1 default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 1 default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/ http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com https://alteryz.s3.amazonaws.com/copalove/ https://script.googleusercontent.com 'unsafe-inline' 'unsafe-eval' data: blob: 1 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1 default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 1 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu font-src 'self' data:; 1 default-src c.wgr.de 'self'; script-src c.wgr.de https://track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de https://track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://secure.schulbuchzentrum-online.de https://track.westermann.de http://www.econda-monitor.de https://widgets.crosssell.info 'self'; report-uri /backend/csp 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de spaceview.netzlabor.de; connect-src 'self' tracking.netmind-cloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org spaceview.netzlabor.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; child-src *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.cloudfront.net; frame-ancestors 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1 frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1 ;frame-ancestors 'self' 1 child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg blob: www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io; script-src blob: www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; report-uri /csp-report 1 default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1 default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1 frame-ancestors https://*.mybigcommerce.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1 frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org https://360.articulate.com https://articulateusercontent.com https://sj-cdn.net 1 report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self'; report-uri /report-csp-violation 1 default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat2.nic.cz https://test-ipv6.nic.cz https://*.test-ipv6.nic.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.test-ipv6.nic.cz https://*.labs.nic.cz https://widget.nic.cz https://ipv4-widget.nic.cz https://ipv6-widget.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://dns53.check.odvr.cz https://dot.check.odvr.cz https://doh.check.odvr.cz https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://csp.nic.cz/report/ 1 default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1 script-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 1 default-src 'self' z.cash; connect-src 'self' bam.nr-data.net www.google-analytics.com data.messari.io api.blockchair.com; script-src 'self' 'unsafe-inline' bam.nr-data.net js-agent.newrelic.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google-analytics.com www.googletagmanager.com www.gstatic.com ; font-src 'self' data:; frame-src 'self' www.youtube.com www.youtube-nocookie.com time.graphics; object-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net js-agent.newrelic.com www.google-analytics.com www.googletagmanager.com; report-uri /csp_problem; 1 default-src *.pamyat-naroda.ru https://stat.pamyat-naroda.ru https://release.pamyat-naroda.ru https://fonts.googleapis.com https://fonts.gstatic.com; img-src *; script-src *.google.com https://mc.yandex.ru https://*.gstatic.com https://*.googleapis.com mc.yandex.ru *.google-analytics.com https://google.com/jsapi https://geocode-maps.yandex.ru https://api-maps.yandex.ru https://cdnjs.cloudflare.com 'self'; options eval-script inline-script; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bpl.bibliocms.com *.bpl.bibliocms.com https://www.bpl.org www.bpl.org *.www.bpl.org; 1 default-src 'self';font-src 'self' fonts.gstatic.com;connect-src 'self' *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com;form-action 'self';frame-src 'self' www.youtube.com www.facebook.com;child-src 'self' www.youtube.com www.facebook.com;frame-ancestors 'self';img-src 'self' data: blob: www.googletagmanager.com www.google-analytics.com *.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineaccess1.com https: dc.services.visualstudio.com dl.episerver.net s.ytimg.com js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com www.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net connect.facebook.net bat.bing.com cdn.cookielaw.org js.hsforms.net forms.hsforms.com js.hsleadflows.net js.hs-scripts.com js.hs-analytics.net *.onetrust.com cdn.cookielaw.org js.hs-banner.com *.hotjar.com *.hotjar.io www.gstatic.com lh3.googleusercontent.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 8316073.fls.doubleclick.net www.googleadservices.com *.google.com ssl.google-analytics.com www.youtube.com js.adsrvr.org *.umpquabank.com; style-src 'self' 'unsafe-inline' https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com dl.episerver.net js.hs-scripts.com js.hs-analytics.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com *.ads.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net *.hotjar.com connect.facebook.net bat.bing.com cdn.cookielaw.org 8316073.fls.doubleclick.net js.hsforms.net forms.hsforms.com js.hs-banner.com fonts.googleapis.com tagmanager.google.com; img-src 'self' 'unsafe-inline' https: lh3.googleusercontent.com dc.services.visualstudio.com *.hotjar.com *.hotjar.io *.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com stats.g.doubleclick.net bat.bing.com px.ads.linkedin.com *.hubspot.com p.adsymptotic.com gateway.zscalerthree.net cdn.cookielaw.org *.umpquabank.com www.googletagmanager.com insight.adsrvr.org www.linkedin.com pixel.advertising.com ib.adnxs.com pixel.rubiconproject.com *.adsrvr.org cm.g.doubleclick.net t.co x.bidswitch.net dsum-sec.casalemedia.com simage2.pubmatic.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' wss://*.hotjar.com https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com *.hotjar.com:* *.hotjar.io www.google-analytics.com cdn.cookielaw.org *.hubspot.com forms.hsforms.com stats.g.doubleclick.net rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' https: *.q4cdn.com *.adsrvr.org www.theroishop.com www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com forms.hsforms.com *.umpquabank.com *.hotjar.com *.hotjar.io bid.g.doubleclick.net player.megaphone.fm 9395210.fls.doubleclick.net platform.mi.spglobal.com *.youtube.com *.onetrust.com cdn.cookielaw.org player.ooyala.com *.q4web.com; font-src 'self' 'unsafe-inline' https: *.umpquabank.com *.hotjar.com *.hotjar.io fonts.gstatic.com data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' wss://*.mypurecloud.de/ https://*.cloudfront.net/ https://api.mypurecloud.com/ https://*.mypurecloud.com/ https://apps.mypurecloud.com/ https://fonts.googleapis.com/ https://storage.googleapis.com/ https://www.gstatic.com/ https://dc.services.visualstudio.com/ https://gensweb.moj.gov.sa/ https://www.google.com/ https://apps.mypurecloud.com/ https://cobrowse.mypurecloud.de/ https://najizcdn.moj.gov.sa/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://taqadhi.moj.gov.sa/ https://qaim.moj.gov.sa:5555/ data:; object-src 'self'; frame-ancestors 'none'; sandbox allow-downloads allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox; base-uri 'self'; style-src 'self' 'unsafe-inline' https://*.cloudfront.net/ https://api.mypurecloud.com/ https://*.mypurecloud.com/ https://apps.mypurecloud.com/ https://fonts.googleapis.com/ https://najizcdn.moj.gov.sa/ https://cdnjs.cloudflare.com/; font-src 'self' https://*.cloudfront.net/ https://fonts.gstatic.com/ https://najizcdn.moj.gov.sa/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://*.mypurecloud.de/ https://api.mypurecloud.com/ https://*.mypurecloud.com/ https://apps.mypurecloud.com/ data:; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.izettle.com/jquery/ https://*.zettle.com https://accounts.livechatinc.com https://adservice.google.com/ddm/ https://bat.bing.com https://br.izettle.com https://c.friendbuy.com https://cdn.cookielaw.org https://cdn.friendbuy.com https://cdn.izettle.com https://cdn.livechatinc.com https://cdn.polyfill.io https://cdn.taboola.com/libtrc/unip/1313048/tfa.js https://cdn1.friendbuy.com https://code.jquery.com https://connect.facebook.net https://de.izettle.com https://discover.izettle.com https://djnf6e5yyirys.cloudfront.net https://dk.izettle.com https://embed.friendbuy.com https://es.izettle.com https://externals.ujet.co https://fi.izettle.com https://fr.izettle.com https://gb.izettle.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://it.izettle.com https://main.ujet.co https://mx.izettle.com https://my.izettle.com https://nl.izettle.com https://no.izettle.com https://optanon.blob.core.windows.net https://optimize.google.com https://pi.pardot.com https://player.vimeo.com/api/player.js https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://s.ytimg.com https://script.hotjar.com https://se.izettle.com https://secure.livechatinc.com https://securetoken.googleapis.com https://sjs.bizographics.com https://snap.licdn.com https://ssl.google-analytics.com https://static.hotjar.com https://tagmanager.google.com https://trc.taboola.com/1313048/ https://vc.hotjar.io https://websdk.ujet.co https://widget.trustpilot.com https://ws.friendbuy.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.google.com.br https://www.google.com.mx https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pt https://www.google.se https://www.googleadservices.com https://www.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com/iframe_api; img-src 'self' data: http://a.storyblok.com http://img2.storyblok.com https://*.zettle.com https://analytics.google.com https://assistly-production.s3.amazonaws.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.izettle.com https://cds.taboola.com/ https://cx.atdmt.com https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://i3.ytimg.com https://insights.hotjar.com https://my.izettle.com https://optanon.blob.core.windows.net https://optimize.google.com https://script.hotjar.com https://secure.livechatinc.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.google.com.br https://www.google.com.mx https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pt https://www.google.se https://www.googletagmanager.com https://www.gstatic.com; connect-src 'self' https://*.hotjar.com:* https://*.zettle.com https://analytics.google.com https://app.launchdarkly.com https://bat.bing.com https://c.friendbuy.com https://cdn.friendbuy.com https://cdn.izettle.com https://cdn1.friendbuy.com https://clientstream.launchdarkly.com https://embed.friendbuy.com https://events.launchdarkly.com https://kitsune.izettle.com https://logs-01.loggly.com https://main.ujet.co https://my.izettle.com https://optanon.blob.core.windows.net https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://sapi.searchblok.com https://secure.izettle.com https://sentry.io/api https://ssl.google-analytics.com https://stats.g.doubleclick.net https://status.izettle.com https://trc-events.taboola.com/1313048/ https://trc.taboola.com/1313048/ https://trustpilot.izettle.com https://ujet-chat-auth-staging.herokuapp.com https://vc.hotjar.io https://ws.friendbuy.com https://www.google-analytics.com https://www.google.co.uk/ads/ https://www.google.com.br/ads/ https://www.google.com.mx/ads/ https://www.google.com/ads/ https://www.google.de/ads/ https://www.google.dk/ads/ https://www.google.es/ads/ https://www.google.fi/ads/ https://www.google.fr/ads/ https://www.google.ie/ads/ https://www.google.it/ads/ https://www.google.nl/ads/ https://www.google.no/ads/ https://www.google.se/ads/ https://www.izettle.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://*.zettle.com https://cdn.cookielaw.org https://cdn.izettle.com https://fonts.googleapis.com https://optanon.blob.core.windows.net https://optimize.google.com https://tagmanager.google.com; frame-src https://*.selz.com https://*.zettle.com https://4896710.fls.doubleclick.net https://br.izettle.com https://cdn1.friendbuy.com https://de.izettle.com https://discover.izettle.com https://dk.izettle.com https://es.izettle.com https://fi.izettle.com https://fr.izettle.com https://gb.izettle.com https://go.pardot.com https://it.izettle.com https://izettle-community.force.com https://izettle.getfeedback.com https://izettle.go2cloud.org https://mx.izettle.com https://my.izettle.com https://nl.izettle.com https://no.izettle.com https://optimize.google.com https://player.vimeo.com https://privacyportal-eu.onetrust.com https://se.izettle.com https://secure.livechatinc.com https://terms-and-conditions.izettle.com https://vars.hotjar.com https://websdk.ujet.co https://widget.trustpilot.com https://www.youtube.com https://zettle-community.force.com https://zettle.go2cloud.org; font-src https://*.zettle.com https://cdn.izettle.com https://discover.izettle.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://static.hotjar.com; child-src https://vars.hotjar.com 1 default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension:; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com chicago.bibliocms.com *.chicago.bibliocms.com https://chicago.bibliocms.com chicago.bibliocms.com *.chicago.bibliocms.com; 1 frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.browsealoud.com *; style-src 'self' 'unsafe-inline' https://plus.browsealoud.com https://fonts.googleapis.com *; child-src 'self' *; font-src 'self' https://fonts.gstatic.com data: *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src https://browsealoud-webservices-8.texthelp.com/ https://plus.browsealoud.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com/ *; media-src 'self' blob: https://*.speechstream.net; script-src-elem 'unsafe-inline' data: *; 1 default-src https: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.usercentrics.eu data: *.motel-one.com *.usercentrics.eu; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com *.usercentrics.eu; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com; 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' cdn.httparchive.org www.google-analytics.com use.fontawesome.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net lux.speedcurve.com 'nonce-kunnLpWz_VC7o_UNd2iklA'; font-src 'self' fonts.gstatic.com; connect-src 'self' cdn.httparchive.org discuss.httparchive.org dev.to cdn.rawgit.com www.webpagetest.org www.google-analytics.com stats.g.doubleclick.net; img-src 'self' almanac.httparchive.org discuss.httparchive.org avatars.discourse.org www.google-analytics.com www.google.com s.g.doubleclick.net stats.g.doubleclick.net sjc3.discourse-cdn.com res.cloudinary.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1 frame-ancestors 'self' https://*.hapara.com/ 1 default-src 'none'; script-src 'self' https://static.cryptomkt.com/ https://cdn4.mxpnl.com/ https://static.olark.com/ https://api.olark.com/ https://knrpc.olark.com/ https://assets.olark.com/; object-src 'self' https://static.cryptomkt.com/; style-src 'self' 'unsafe-inline' https://static.cryptomkt.com/ https://fonts.googleapis.com/ https://static.olark.com/; img-src 'self' data: https://static.cryptomkt.com/ https://log.olark.com/ https://static.olark.com/; media-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; frame-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; font-src 'self' data: https://static.cryptomkt.com/ https://fonts.gstatic.com https://static.olark.com/; connect-src 'self' wss://worker.cryptomkt.com/ https://worker.cryptomkt.com/ https://api-js.mixpanel.com/ https://knrpc.olark.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1 frame-ancestors 'self' https://arcprod--prod.lightning.force.com/ 1  default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1 frame-ancestors 'self' intertops.eu www.intertops.eu sblp.intertops.eu sports.intertops.eu poker.intertops.eu casino.intertops.eu classic.intertops.eu lobby.intertops.eu:2072 account.intertops.eu client.horizonpokernetwork.eu 1 connect-src * 'unsafe-inline' 'unsafe-eval'; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1 default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kcls.bibliocms.com *.kcls.bibliocms.com https://kcls.bibliocms.com kcls.bibliocms.com *.kcls.bibliocms.com; 1 frame-ancestors 'self' eon.de *.eon.de 1 default-src 'none'; child-src 'self' ez.no static.addtoany.com www.youtube.com; connect-src 'self' www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com static.addtoany.com cdnjs.cloudflare.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' static.addtoany.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' blob: data: static.addtoany.com www.google-analytics.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; form-action 'self'; 1 default-src 'self'; media-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com res.cloudinary.com; frame-ancestors 'self' *.flysas.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com res.cloudinary.com *.richrelevance.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.pingdom.net *.facebook.com connect.facebook.net *.twitter.com *.google.com *.jobylon.com *.abtasty.com *.veinteractive.com www.nordicchoicehotels.com *.flysas.com extads.net m.addthisedge.com m.addthis.com s7.addthis.com assets.juicer.io *.cloudfront.net track.adform.net *.fls.doubleclick.net nowinteract-nowinteractnordi.netdna-ssl.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io ve1storasstst.blob.core.windows.net *.zdassets.com cdnjs.cloudflare.com www.sj.se adtr.io *.hotjar.com 'unsafe-eval' quiz.millionmind.com snap.licdn.com px.ads.linkedin.com www.linkedin.com *.wisepops.com chimpstatic.com *.millionmind.com *.ebilobster.ai js.klarna.com *.upscope.io *.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org www.googleoptimize.com www.googleadservices.com; connect-src 'self' wss://*.coop.se:* wss://*.kf.local:* emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.veinteractive.com *.abtasty.com ve1appseventssb.servicebus.windows.net apil1.spinnaker-js.com m.addthis.com s7.addthis.com www.juicer.io assets.juicer.io *.108proxy.se *.54proxy.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.facebook.com connect.facebook.net *.zdassets.com cdnjs.cloudflare.com *.richrelevance.com *.hotjar.com:* wss://*.hotjar.com track.adtraction.com popup.wisepops.com tracking.wisepops.com vc.hotjar.io eu.klarnaevt.com stats.g.doubleclick.net www.nordicchoicehotels.com dc.services.visualstudio.com *.upscope.io wss://*.upscope.io *.api.coop.se *.unboxai.org *.betala.coop.se *.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org; style-src 'self' 'unsafe-inline' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.abtasty.com *.pingdom.net *.veinteractive.com assets.juicer.io tagmanager.google.com fonts.googleapis.com optimize.google.com *.easyresearch.se *.zendesk.com *.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.ebilobster.ai consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org; img-src 'self' data: *.jobylon.com *.pingdom.net *.zendesk.com *.abtasty.com *.gstatic.com api.hitta.se scontent.cdninstagram.com www.google.com www.google.se *.google-analytics.com *.googletagmanager.com tagmanager.google.com res.cloudinary.com *.cloudfront.net *.facebook.com stats.g.doubleclick.net track.adform.net *.fls.doubleclick.net *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.googleapis.com assets.juicer.io scontent.cdninstagram.com *.hotjar.com *.ggpht.com track.adtraction.com drs2.veinteractive.com app.wisepops.com cx.atdmt.com eu.klarnaevt.com *.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org googleads.g.doubleclick.net; font-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com static.juicer.io fonts.gstatic.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com *.hotjar.com consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org; frame-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.veinteractive.com accounts.google.com optimize.google.com *.flysas.com app.ecoonline.com www.nordicchoicehotels.com recruit.visma.com www.recruit.visma.com www.aditrorecruit.com *.twitter.com www.youtube.com *.facebook.com c1.adform.net s7.addthis.com track.adform.net *.fls.doubleclick.net *.easyresearch.se *.abtasty.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io www.google.com ve1storasstst.blob.core.windows.net *.veinteractive.com *.zdassets.com cdnjs.cloudflare.com www.sj.se *.hotjar.com *.tradedoubler.com quiz.millionmind.com *.millionmind.com payment.medmera.se api-test.betala.coop.se *.ebilobster.ai js.klarna.com foodlab2b.appspot.com *.upscope.io memberpayment.betala.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org; base-uri 'self' *.coop.se *.kf.local optimize.google.com; report-uri https://coop.report-uri.io/r/default/csp/enforce 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1 default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src *; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net yandex.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com idntfy.ru mobuli.info mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech cdn.afp.ai increaserev.com; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1 frame-ancestors http://*.yahoosmallbusiness.com 1 default-src 'self'; script-src 'self'; img-src 'self' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; 1 default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://bat.bing.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com; img-src 'self' data: 'unsafe-inline' https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' https://*.online-metrix.net https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1 script-src * 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://asia.tools.euroland.com https://tools.eurolandir.com https://gamma.euroland.com https://tools.euroland.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-src 'self' https://gamma.euroland.com https://asia.tools.euroland.com http://asia.tools.euroland.com https://tools.eurolandir.com http://tools.eurolandir.com https://tools.euroland.com http://tools.euroland.com https://www.google.com/ https://eurolandirestonia.eurolandir.com https://toolseurope.euroland.com/; font-src 'self' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; img-src 'self' data: https://gamma.euroland.com https://asia.tools.euroland.com http://asia.tools.euroland.com https://www.gravatar.com https://our.umbraco.org https://our.umbraco.com https://umbraco.tv https://dashboard.umbraco.org www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com; connect-src 'self' https://our.umbraco.org https://our.umbraco.com https://www.google-analytics.com; media-src 'self' https://player.vimeo.com; 1 default-src 'none'; connect-src 'self' *.crowdriff.com *.ubiquity.co.nz *.windows.net *.doubleclick.net *.google-analytics.com *.hotjar.com *.monsido.com; frame-src 'self' radian.mintdesign.co.nz radianstaging.mintdemo.co.nz configurator.wcec.co.nz *.metservice.com *.vimeo.com *.youtube.com *.doubleclick.net *.hotjar.com *.google.com *.crowdriff.com *.monsido.com; frame-ancestors 'self'; font-src 'self' *.gstatic.com; img-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.nz *.monsido.com; media-src 'self'; manifest-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeo.com code.highcharts.com browser-update.org *.crowdriff.com *.jquery.com *.gstatic.com *.googleadservices.com *.google.com *.googleapis.com *.googletagmanager.com *.monsido.com *.hotjar.com *.google-analytics.com *.facebook.net *.ubiquity.co.nz; style-src 'self' 'unsafe-inline' *.crowdriff.com *.googleapis.com *.google.com; 1 frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 1 default-src 'self' http: https: pages.addigy.com https://*.my.salesforce.com https://*.force.com;frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http://sjrtp4-cdn.marketo.com http://munchkin.marketo.net http://sjrtp4-cdn.marketo.com http: https: pages.addigy.com;img-src 'self' data: https://app-dev.addigy.com https://app-prod.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dap.digitalgov.gov *.google-analytics.com *.googletagmanager.com *.typekit.net *.mycreditunion.gov *.silvercloudinc.com *.mpeasylink.com; img-src 'self' *.mycreditunion.gov data: *.google-analytics.com *.googletagmanager.com *.typekit.net *.amazonaws.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self' s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.silvercloudinc.com; connect-src 'self' performance.typekit.net *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.mpeasylink.com 1 allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.dhleasyshop.com http://*.dhleasyshop.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com https://*.cloudfront.net ; options inline-script eval-script 1 child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com beta-api.steemit.com beta-api-int.steemit.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io sun.tronex.io steemitwallet.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com staticfiles.steemit.com localhost:8080; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de; frame-ancestors 'self'; 1 sandbox allow-scripts allow-popups allow-same-origin; 1 default-src 'self' http: https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.linkedin.com https://www.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'unsafe-inline' 'self' data: http: https:; media-src 'self' 'unsafe-inline' https:; frame-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' 'unsafe-inline' https:; child-src 'self' 'unsafe-inline' https:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.s3.eu-west-2.amazonaws.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src https: data: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ https://*.facebook.net https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-Q1giOr5VlpFCVdVp9M1f8A=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1 default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com assets.rockwerchter.be *.typekit.net;img-src 'self' data: *.gstatic.com maps.googleapis.com www.facebook.com scontent.cdninstagram.com pbs.twimg.com i.ytimg.com scontent.xx.fbcdn.net external.xx.fbcdn.net assets.rockwerchter.be *.google-analytics.com *.doubleclick.net *.betrad.com *.quantserve.com *.evidon.com rockwerchter.be *.x.bidswitch.net *.google.com *.google.be *.consensu.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com connect.facebook.net graph.facebook.com *.instagram.com js-agent.newrelic.com bam.nr-data.net assets.rockwerchter.be *.googletagmanager.com *.google-analytics.com *.evidon.com *.quantserve.com *.betrad.com *.quantcount.com tagmanager.google.com *.googleadservices.com *.doubleclick.net *.bh.contextweb.com www.google.com *.google.com *.google.com *.gstatic.com *.consensu.org;style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com assets.rockwerchter.be *.tagmanager.google.com tagmanager.google.com *.typekit.net *.typekit.net;report-uri /nelmio/csp/report;connect-src www.googleapis.com 'self' *.betrad.com *.google-analytics.com *.consensu.org;frame-src www.youtube.com www.vimeo.com staticxx.facebook.com www.facebook.com web.facebook.com www.google.com 'self' *.betrad.com *.evidon.com 1 frame-src 'self' http://*.lib.uiowa.edu https://*.lib.uiowa.edu 1 default-src 'self' www.google.com www.youtube.com; img-src 'self' data: www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.ibh.de; style-src 'self' 'unsafe-inline' 1 base-uri *; child-src * data: blob: filesystem: mediastream:; form-action *; frame-ancestors *; connect-src * data: blob: filesystem: mediastream:; font-src * data: blob: filesystem: mediastream:; frame-src * data: blob: filesystem: mediastream:; img-src * data: blob: filesystem: mediastream:; media-src * data: blob: filesystem: mediastream:; object-src * data: blob: filesystem: mediastream:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:; default-src *; report-uri https://listenercare.siriusxm.com/prweb/PRServletCustom/2mCjkZJmJzIb2YFZHOYfCw%5B%5B*/!STANDARD 1 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vrmwb.nl piwik.breda.nl siteimproveanalytics.com siteimprove.com *.servmetric.com *.govmetric.com ; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' *.siteimproveanalytics.io piwik.breda.nl *.ytimg.com www.gstatic.com data: *.servmetric.com *.govmetric.com; media-src 'self'; frame-src 'self' *.youtube.com *.servmetric.com *.govmetric.com ; frame-ancestors 'self' piwik.breda.nl; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.ionicframework.com; connect-src 'self' *.servmetric.com *.govmetric.com *.servmetric.com; report-uri /report-csp-violation 1 font-src data: https://fonts.gstatic.com ; frame-src 'self' www.google.com www.youtube.com; script-src 'self' https://www.google-analytics.com/analytics.js https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v2.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; default-src 'self' *.gstatic.com; object-src 'none' ; img-src 'self' https://* ; manifest-src 'self' ; connect-src 'self' https://www.google-analytics.com https://*.doubleclick.net ; report-uri https://csp.withgoogle.com/csp/s~gweb-womentechmakers/1-4-0-1614086944 1 img-src 'self' data: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.norma-online.de fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com *.adform.net www.youtube.com blueimp.github.io *.api.here.com; 1 default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org service.bzga.de piwik.bzga.de; style-src 'self' 'unsafe-inline' fast.fonts.net;img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de service.bzga.de; 1 allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.xport.glopalservice.com http://*.xport.glopalservice.com https://*.borderlinx.com http://*.borderlinx.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://aws.bximg.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com ; options inline-script eval-script 1 default-src 'unsafe-inline' 'self' https:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; frame-src 'self' https:; connect-src 'self' https: 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-src https://www.youtube.com/ https://open.spotify.com/ https://www.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io; img-src 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io 'nonce-yfw8ZO4EEpZfu3DUGAbizQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://fonts.gstatic.com; upgrade-insecure-requests 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.tag4arm.com dev.visualwebsiteoptimizer.com cdn.mouseflow.com vcc-eu2.8x8.com vcc-eu7.8x8.com connect.facebook.net app.vacancy-filler.co.uk secure.adnxs.com *.doubleclick.net services.postcodeanywhere.co.uk centrepointorguk-staging.azurewebsites.net centrepoint.org.uk platform.twitter.com cdn.syndication.twimg.com *.8x8.com *.dotomi.com *.consensu.org *.stripe.com www.google.com www.gstatic.com *.newmode.net *.shpg.org blog.apps.npr.org widget.raisenow.com; default-src 'self' data:; worker-src https://centrepointorguk-staging.azurewebsites.net centrepoint.org.uk; style-src 'self' 'unsafe-inline' hello.myfonts.net tagmanager.google.com fonts.googleapis.com services.postcodeanywhere.co.uk platform.twitter.com widget.raisenow.com; connect-src 'self' dev.visualwebsiteoptimizer.com www.tag4arm.com services.postcodeanywhere.co.uk rec1.visualwebsiteoptimizer.com www.google-analytics.com *.doubleclick.net; font-src 'self' hello.myfonts.net fonts.gstatic.com fonts.googleapis.com widget.raisenow.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: www.google-analytics.com ssl.gstatic.com www.tag4arm.com centrepointorguk.azureedge.net dev.visualwebsiteoptimizer.com centrepointorguk.blob.core.windows.net www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net http://maps.googleapis.com www.google.com www.google.co.uk img.youtube.com rec1.visualwebsiteoptimizer.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com pbs.twimg.com abs.twimg.com *.8x8.com *.liadm.com *.contextweb.com *.vdopia.com *.pubmatic.com *.adnxs.com *.rubiconproject.com *.tremorhub.com *.mediaplex.com *.addkt.com *.doubleclick.net *.dotomi.com core.conversant.mgr.consensu.org padlet.com padlet.net; frame-src 'self' *.8x8.com *.doubleclick.net www.youtube.com www.google.com connect.facebook.net www.facebook.com services.postcodeanywhere.co.uk staticxx.facebook.com platform.twitter.com syndication.twitter.com *.stripe.com *.newmode.net padlet.com padlet.net; 1 frame-ancestors 'self' https://*.mares.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 default-src 'self' *.cloudinary.com; connect-src https://*.revo.com https://*.thelabnyc.com https://*.myshopify.com localhost:* *.hotjar.com *.hotjar.io facebook.com sentry.io *.yotpo.com storerocket.io *.mapbox.com www.google-analytics.com www.facebook.com wss://ws2.hotjar.com https://*.openshiftapps.com https://widget.us.criteo.com http://siteblock.exeloncorp.com https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/us_modal.html adservice.google.com stats.g.doubleclick.net *.fastly.net https://*.amplitude.com storerocket.global.ssl.fastly.net https://*.jst.ai wss://*.hotjar.com; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data:; frame-src 'self' *.doubleclick.net *.hotjar.com *.criteo.com *.criteo.net optimize.google.com app.five9.com https://*.jst.ai/ https://spinzam.com/; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com connect.facebook.net *.hotjar.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.criteo.net *.criteo.com *.criteotilt.com *.experticity.com *.storerocket.io *.yotpo.com *.doubleclick.net *.jsdelivr.net *.mapbox.com tagmanager.google.com optimize.google.com *.list-manage.com z.moatads.com https://l.facebook.com app.five9.com *.afterpay.com https://*.jst.ai https://*.ads-twitter.com https://*.twitter.com https://*.pepperjam.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.yotpo.com tagmanager.google.com optimize.google.com fonts.googleapis.com app.five9.com https://*.jst.ai/; child-src blob:; report-uri https://sentry.io/api/1474106/security/?sentry_key=71495ca5d2814cc995ebaa6fa5461d8f&sentry_environment=production 1 default-src=self 1 frame-ancestors 'self' *.business.qld.gov.au 1 default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://rum-http-intake.logs.datadoghq.eu https://*.visualforce.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com https://*.adobedtm.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://www.rumiview.com https://twin-iq.kickfire.com https://tag.simpli.fi https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum.js; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com https://twin-iq.kickfire.com https://www.rumiview.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://*.doubleclick.net; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 1 default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.trier-info.de https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.pegelonline.wsv.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/lightslider/1.1.6/js/lightslider.js https://www.dw.com 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.visa.com *.google-analytics.com www2.theticketfactory.com dpm.demdex.net thenationalexhib.tt.omtrdc.net *.salecycle.com ccocauth.10digital.co.uk; object-src data: 'unsafe-eval' 'self' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.visa.com *.queue-it.net tagmanager.google.com cookiesuksouth.blob.core.windows.net; img-src 'self' 'self' data: www.awin1.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk *.visa.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com d16fk4ms6rqz1v.cloudfront.net assets.adobedtm.com tagmanager.google.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.salecycle.com *.tiktok.com *.twitter.com; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com *.visa.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com *.visa.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.salecycle.com *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk ccocauth.10digital.co.uk; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1 default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus foerderrechner.bosch-thermotechnology.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1 default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.prorail.nl *.spoordata.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-eval'; style-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-inline'; frame-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com; font-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; img-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; connect-src 'self' *.horacemann.com 1 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /en/report-csp-violation 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.gs1-germany.de https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://ext.nonstoppartner.net; style-src https: 'unsafe-inline' https://*.gs1-germany.de https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://vars.hotjar.com https://www.facebook.com https://feedback.gs1-germany.de https://ext.nonstoppartner.net; frame-ancestors 'self' https://academy.gs1-germany.de; 1 frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; 1 frame-ancestors *.scaledrone.com 1 child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com https://forms-edcc.conectys.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com https://forms-edcc.conectys.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; 1 frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com https://www.elwitec.ch/ 1 frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; report-uri //report-csp-violation 1 frame-ancestors http://*.grandvalira.com https://*.grandvalira.com http://*.ordinoarcalis.com https://*.ordinoarcalis.com http://*.grandvaliraresorts.com https://*.grandvaliraresorts.com 1 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation 1 default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1 default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data:; 1 default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdn.datatables.net https://static.zdassets.com https://v2.zopim.com https://unpkg.com https://unpkg.com/ionicons@5.1.2/dist/ionicons/p-4372c4bc.js https://static.customersaas.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://widget-mediator.zopim.com/ https://static.hotjar.com/ https://script.hotjar.com/; connect-src 'self' https://ekr.zdassets.com https://tracker.customersaas.com/ https://api.customersaas.com https://www.google-analytics.com/ https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://in.hotjar.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io/ https://stats.g.doubleclick.net/ ; img-src 'self' 'unsafe-inline' https://www.viva.com.bo https://viva.com.bo https://www.google.com https://www.google.com.bo https://www.google-analytics.com https://secure.gravatar.com https://v2assets.zopim.io/ https://v2.zopim.com/ https://maps.gstatic.com https://maps.googleapis.com https://d35v9wsdymy32b.cloudfront.net https://static.customersaas.com https://d3mwk3f7r8fv9u.cloudfront.net data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net https://d1r5etm691cejh.cloudfront.net https://static.customersaas.com; font-src 'self' https://fonts.gstatic.com https://v2.zopim.com/ https://static.customersaas.com data:; frame-src https://www.google.com/ https://vars.hotjar.com/; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: squizlabs.github.io *.fontawesome.com *.sitemorse.com *.cloudflare.com *.userway.org *.jquery.com *.aspnetcdn.com *.craven-college.ac.uk *.linkedin.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.datatables.net *.bootstrapcdn.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.co.uk *.youtube.com *.googleadservices.com *.alicdn.com *.ytimg.com *.gravatar.com; style-src 'self' 'unsafe-inline' *.cloudflare.com squizlabs.github.io *.craven-college.ac.uk *.linkedin.com *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.twitter.com *.datatables.net *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.google.com *.google.co.uk *.youtube.com *.bootstrapcdn.com *.googleadservices.com *.alicdn.com *.ytimg.com *.gravatar.com; img-src 'self' data: *.cloudflare.com squizlabs.github.io *.sitemorse.com *.w.org *.fbcdn.net *.craven-college.ac.uk userway.org *.userway.org *.linkedin.com *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.twitter.com *.datatables.net *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.google.com *.google.co.uk *.youtube.com *.bootstrapcdn.com *.googleadservices.com *.alicdn.com *.ytimg.com *.gravatar.com; media-src 'self' *.userway.org; frame-src 'self' facetwp.com *.youtube-nocookie.com *.soundcloud.com *.issuu.com *.matterport.com *.fls.doubleclick.net *.userway.org *.vimeo.com *.facebook.com *.twitter.com *.youtube.com *.google.com; font-src 'self' data: *.craven-college.ac.uk *.fontawesome.com *.bootstrapcdn.com *.alicdn.com *.gstatic.com; connect-src 'self' noembed.com *.fontawesome.com *.plyr.io *.google-analytics.com *.facebook.com *.userway.org; worker-src blob: 'self' 1 child-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.optimizely.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://cdn.contentstack.io https://graphql.contentstack.com https://heapanalytics.com https://maps.googleapis.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com wss://*.hotjar.com https://*.cambridgesavings.com; default-src 'self' https://*.sigfig.com https://*.cambridgesavings.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com https://*.cambridgesavings.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com https://*.cambridgesavings.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com https://*.cambridgesavings.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com https://*.cambridgesavings.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com https://*.cambridgesavings.com; 1 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors *.amboss.com 1 frame-ancestors 'self' http://www.lugaro.com http://www.manfredijewels.com http://www.dutyfreediplomatic.com 1 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 1 frame-ancestors 'self' shankswakefieldepermits.co.uk renewiwakefieldpermits.co.uk 1 default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1 default-src https://ipara.com;https://ipara.com.tr 1 default-src'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 1 frame-ancestors 'self' *.leoncountyfl.gov ; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sno-isle.bibliocms.com *.sno-isle.bibliocms.com https://www.sno-isle.org www.sno-isle.org *.www.sno-isle.org; 1 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 1 allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1 script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1 script-src *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.googleapis.com *.gstatic.com *.facebook.net *.justserve.org *.servir.org *.facebook.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: placehold.it placeholdit.imgix.net 'self' ws://localhost:3000 ws://10.0.2.2:3000 ws://localhost:8080 assets.adobedtm.com dpm.demdex.net cdn.tt.omtrdc.net ldschurch.tt.omtrdc.net *.tintup.com *.hypermoarks.com *.cloudfront.net players.brightcove.net vjs.zencdn.net edge.api.brightcove.com blob: * metrics.brightcove.com consent.truste.com consent-pref.truste.com 'unsafe-inline' 'unsafe-eval'; style-src *.fonts.net *.opendns.com *.googleapis.com *.justserve.org *.servir.org *.lds.org *.ldscdn.org *.churchofjesuschrist.org 'self' 'unsafe-inline' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 1 frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kdl.bibliocms.com *.kdl.bibliocms.com https://kdl.org kdl.org *.kdl.org; 1 allow 'self'; frame-ancestors http://asmart.inone.useinsider.com/ 1 img-src blob: * android-webview-video-poster: data:; media-src * data:; connect-src *.googleadservices.com *.doubleclick.net 'self' *.google-analytics.com; worker-src blob: 'self'; font-src * data:; default-src player.vimeo.com *.yourmoney.ch *.newsbox.ch secure.adnxs.com *.cashgate.ch 'unsafe-eval' *.gstatic.com *.issuu.com *.tkb.ch 'self' tagmanager.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com e2.marco.ch *.adform.net io.fusedeck.net 'unsafe-inline' 1 default-src 'self' https://player.vimeo.com https://9169248.fls.doubleclick.net https://burgess.theatro360.com https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://www.luxproimaging.com; script-src www.googletagmanager.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://email.burgessyachts.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net; style-src translate.googleapis.com 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.dnky.co https://fonts.googleapis.com https://tagmanager.google.com https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com; img-src pixel.quantserve.com quantserve.com t.teads.tv teads.tv www.google.bs www.google.by www.google.cm www.google.co.cr www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uz www.google.co.ve www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.my www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vc www.google.com.vn www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hu www.google.im www.google.iq www.google.is www.google.lk www.google.lv www.google.me www.google.mu www.google.mv www.google.no www.google.pl www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.google.tt translate.google.com i.vimeocdn.com connect.facebook.net android-webview-video-poster www.google.gr www.google.lu www.google.cz r1-t.trackedlink.net www.google.az www.google.bg www.google.ch www.google.com.eg www.google.com.mx www.google.com.ua www.google.es www.google.pt www.google.at www.google.com.mt www.google.com.tr www.google.ie www.google.ae www.google.it www.google.hr www.google.be www.google.co.id www.google.com.au www.google.com.br www.google.com.pk www.google.de www.google.dk www.google.fr www.google.je www.google.nl www.google.ro azweusaburdevqa.blob.core.windows.net beacon.krxd.net www.facebook.com www.google-analytics.com i.ytimg.com 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com; connect-src wss://ws6.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws3.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com www.google.com stats.addtoany.com wss://ws5.hotjar.com www.google-analytics.com wss://ws12.hotjar.com wss://ws4.hotjar.com wss://ws7.hotjar.com 'self' stats.g.doubleclick.net wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com; worker-src 'self' blob:; media-src 'self' https://vod-progressive.akamaized.net https://gcs-vimeo.akamaized.net https://skyfire.vimeocdn.com https://fpdl.vimeocdn.com https://video-dev.github.io https://player.vimeo.com blob:; frame-src theatro360.com www.googletagmanager.com 10388175.fls.doubleclick.net 'self' www.google.com https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com https://www.digitowl.vision https://my.matterport.com https://tourmkr.com https://www.golocal.hk https://www.coolwalkee.com https://www.google.com/maps https://www.luxproimaging.com http://vrtour.virtualsinc.com; child-src blob: ;script-src-elem rules.quantcount.com gc.kis.v2.scr.kaspersky-labs.com r1-t.trackedlink.net www.googletagmanager.com 'self' 'unsafe-inline' connect.facebook.net r1.dotmailer-surveys.com static.addtoany.com static.hotjar.com www.google-analytics.com www.google.com www.youtube.com s.ytimg.com script.hotjar.com googletagmanager.com addtoany.com gstatic.com www.gstatic.com r1-t.trackedlink.net trackedlink.net p.teads.tv quantserve.com secure.quantserve.com ad.doubleclick.net doubleclick.net data: ; report-uri https://burgesscsp.report-uri.com/r/d/csp/wizard 1 base-uri 'self' 'report-sample'; block-all-mixed-content; form-action 'self' 'report-sample'; frame-ancestors 'self'; default-src 'none'; connect-src 'self' 'report-sample'; frame-src 'self' 'report-sample'; img-src 'self' data: 'report-sample'; font-src 'self' 'report-sample'; media-src 'self' 'report-sample'; manifest-src 'self' 'report-sample'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; report-uri /auktion/clients/csp_violation.php 1 frame-ancestors *.windstream.net 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kalibrr.com *.getlinks.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com www.googleadservices.com *.googleapis.com marketing.gbgplc.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com optimize.google.com static.hotjar.com bizographics.com static.ads-twitter.com *.pcapredict.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com *.loqate.com *.addressy.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com snid.snitcher.com secure.perk0mean.com ruler.nyltx.com analytics.nyltx.com tagmanager.google.com tag.demandbase.com *.opmnstr.com a.omappapi.com cdnjs.cloudflare.com *.buzzsprout.com *.wistia.net *.litix.io *.wistia.com *.sg.va.sabio.cloud static.zdassets.com ifaqs.flexanswer.com; default-src 'self' data:; style-src 'self' 'unsafe-inline' blob: *.googleapis.com addtocalendar.com api.addressy.com *.loqate.com cloudflare.com cdnjs.cloudflare.com tagmanager.google.com use.typekit.net p.typekit.net fast.wistia.com optimize.google.com fonts.googleapis.com *.sg.va.sabio.cloud ifaqs.flexanswer.com; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com services.postcodeanywhere.co.uk *.addressy.com *.loqate.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.onetrust.com snid.snitcher.com analytics.nyltx.com api.company-target.com *.omappapi.com api.opmnstr.com docs.idscan.com wss: stats.g.doubleclick.net *.litix.io *.wistia.com embedwistia-a.akamaihd.net *.sg.va.sabio.cloud ekr.zdassets.com flexanswer1656.zendesk.com ifaqs.flexanswer.com; font-src 'self' *.gstatic.com *.wistia.com use.typekit.net fonts.gstatic.com data: *.sg.va.sabio.cloud s3-us-west-2.amazonaws.com ifaqs.flexanswer.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net static.zdassets.com; worker-src 'self' blob:; img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.loqate.com t.co/i/adsct *.google.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com optimize.google.com lh3.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com *.onetrust.com connect.facebook.net ssl.gstatic.com www.gstatic.com match.prod.bidr.io segments.company-target.com gbgstorage01.blob.core.windows.net a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.sg.va.sabio.cloud *.placeholder.com *.zopim.io ifaqs.flexanswer.com id.rlcdn.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.loqate.com *.hubspot.com *.buzzsprout.com; 1 default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' https://*.prd.valiant.ch https://www.valiant.ch https://wwwsec.valiant.ch https://*.valiant.ch; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://io.fusedeck.net https://live-assets01.valiant.ch https://www.google.com https://www.google.ch https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://tpc.googlesyndiction.com https://connect.facebook.net https://snap.licdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' https://io.fusedeck.net https://ssl.gstatic.com https://www.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.google.ch https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.linkedin.com data: blob:; media-src 'self' data:; frame-src 'self' https://www.facebook.com https://valiant.mxm.ch https://valiant.reader.epaper.guru https://evoja-etools.sinso.ch https://app.newsroom.co https://jobs.valiant.ch https://live-assets01.valiant.ch https://bid.g.doubleclick.net https://www.youtube.com https://5472548.fls.doubleclick.net https://www.kununu.com https://www.agentselly.ch; frame-ancestors 'self'; child-src 'none'; worker-src 'self'; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' wss://io.fusedeck.net https://webservice.cybwell.ch https://maps.google.com wss://frontgate.show.mdgms.com wss://frontgate.mdgms.com https://live-srv01.valiant.ch https://bid.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com; manifest-src 'self' 1 frame-ancestors 'self' http://pudtoday 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamfilter.io https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; frame-src 'self' webcampub.multivista.com https:; frame-ancestors 'self' data: blob:; 1 default-src https:; img-src https: 'self' data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://*.openstreetmap.org privacy.trustcommander.net *.adtelligence.de *.kameleoon.eu *.kameleoon.com *.novomind.com *.provenexpert.com *.google-analytics.com *.doubleclick.net *.commander1.com *.otto.de *.rs.ogit.cloud *.bing.com *.xiti.com; font-src 'self' 'unsafe-inline' data: *.gstatic.com; frame-ancestors *.hanseaticbank.de *.hbnext.de *.test *.develop-sr3snxi-7qbx3id7snbj6.eu-2.platformsh.site *.release-utkfd3a-7qbx3id7snbj6.eu-2.platformsh.site; frame-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://direktkredit.hanseaticbank.de cdn.trustcommander.net cdn.tagcommander.com *.youtube.com *.instagram.com *.twitter.com *.facebook.com *.test *.google.com *.google-analytics.com *.googletagmanager.com; img-src 'self' data: https://antrag.hanseaticbank.de https://antrag.hbnext.de http://*.tile.osm.org https://*.tile.openstreetmap.org manager.tagcommander.com *.kameleoon.eu *.kameleoon.com *.novomind.com *.otto.de *.rs.ogit.cloud *.xiti.com *.adtelligence.de *.outbrain.com *.bing.com *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.facebook.com *.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://code.jquery.com cdn.trustcommander.net cdn.tagcommander.com *.hanseaticbank.de *.googleapis.com *.adtelligence.de *.kameleoon.eu *.kameleoon.com *.novomind.com *.provenexpert.com *.google-analytics.com *.googletagmanager.com *.outbrain.com *.bing.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' https://antrag.hanseaticbank.de https://antrag.hbnext.de *.googleapis.com 1 default-src 'self'; base-uri 'self'; form-action 'self' *.pcuonline2.org; frame-ancestors 'self' *.wpengine.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.wpengine.com *.googleapis.com *.pcu.org *.gstatic.com *.doubleclick.net *.facebook.com *.pcuonline2.org *.wpengine.com *.pcu.org *.pcu.test *.gravatar.com *.google-analytics.com *.google.com *.googletagmanager.com *.cartocdn.com *.sentry-cdn.com *.cloudflare.com *.google.com *.facebook.net cds-sdkcfg.onlineaccess1.com; object-src 'none'; style-src 'self' *.wpengine.com 'unsafe-inline' *.googleapis.com *.cloudflare.com *.pcu.org *.googleapis.com *.ionicframework.com; img-src 'self' data: *.wpengine.com *.pcu.org *.google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.wp.com *.gravatar.com *.google-analytics.com *.facebook.com *.doubleclick.net *.cartocdn.com; media-src 'self' *.wpengine.com *.pcu.org; frame-src 'self' *.wpengine.com *.googleapis.com *.google.com pcu.sharefile.com; font-src 'self' data: *.pcu.org *.wpengine.com *.gstatic.com *.ionicframework.com; connect-src 'self' *.wpengine.com *.googleapis.com *.doubleclick.net; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1 default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://secure-mailgate.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org www.youtube.com s.ytimg.com www.vvs.de; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com slpl.bibliocms.com *.slpl.bibliocms.com https://www.slpl.org www.slpl.org *.www.slpl.org; 1 frame-ancestors https://*.sellmate.co.kr 1 frame-ancestors https://*.reflexisinc.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1 default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com *.pricespider.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com *.pricespider.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com *.pricespider.com; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io *.formstack.com app.icontact.com data:; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' siteimproveanalytics.com piwik.venlo.nl dev.visualwebsiteoptimizer.com *.obi4wan.com *.pusher.com; object-src 'self'; style-src 'self' 'unsafe-inline' fast.fonts.net; img-src 'self' *.siteimproveanalytics.io piwik.venlo.nl dev.visualwebsiteoptimizer.com www.gstatic.com data: *.obi4wan.com *.amazonaws.com; media-src 'self'; frame-src 'self'; frame-ancestors 'self' piwik.venlo.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com fast.fonts.net; connect-src 'self' fast.fonts.net *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1 default-src 'self' *.cerved.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.cerved.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.it *.doubleclick.net; frame-src 'self'; font-src 'self' *.googleapis.com *.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1 policy-uri /'unsafe-inline' 1 default-src 'self' *.google-analytics.com *.doubleclick.net; script-src 'self' www.googletagmanager.com js.hsadspixel.net *.hs-banner.com *.crazyegg.com js.hs-analytics.net *.equalweb.com access.equalweb.com connect.facebook.net www.google.com *.gstatic.com maps.googleapis.com *.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com; style-src 'self' *.typekit.net *.fonts.net fonts.googleapis.com maps.googleapis.com; img-src 'self' www.googletagmanager.com *.webdamdb.com www.google-analytics.com insight.adsrvr.org www.facebook.com data: maps.gstatic.com *.googleapis.com *.ggpht.com *.hubspot.com img.youtube.com blog.hobartcorp.com *.hsforms.com; frame-src 'self' *.google.com *.hotjar.com *.youtube.com *.webdamdb.com *.hsforms.com *.facebook.com; font-src 'self' use.typekit.net fast.fonts.net fonts.gstatic.com; connect-src 'self' api.hubapi.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net *.equalweb.com *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com tracking.crazyegg.com; report-uri /report-csp-violation 1 default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src 'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.neti *.a1.group live.virtual-events.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org *.crazyegg.com; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 1 connect-src 'self' services.google.com www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net; default-src 'none'; font-src 'self'; frame-src www.youtube.com content.googleapis.com accounts.google.com; img-src 'self' https://lh3.googleusercontent.com https://www.google.com data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect; media-src https://kstatic.googleusercontent.com; script-src 'self' 'unsafe-inline' www.gstatic.com apis.google.com https://www.googletagmanager.com https://www.gstatic.com/brandstudio/kato/google_tag_manager_component/google_tag_manager_component.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1 default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.force.com https://*.salesforceliveagent.com https://www.googletagmanager.com https://www.google-analytics.com https://static.site24x7rum.com https://*.cloudflare.com https://*.newrelic.com https://*.nr-data.net https://*.salesforce.com; frame-src *; object-src *; style-src 'self' 'unsafe-inline' https://*.salesforce.com https://*.force.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; connect-src 'self' https://*.salesforce.com https://*.force.com https://col.site24x7rum.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.nr-data.net https://api.iss.hkairportrewards.com; font-src 'self' data: https://*.force.com https://*.salesforce.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; 1 upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com consent-cdn.swmh.de; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com consent-cdn.swmh.de; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1 default-src https://*.brille24.de 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.awin1.com https://*.adition.com https://*.ad-srv.net https://*.clarity.ms https://*.cptrack.de https://*.doubleclick.net https://*.dwin1.com https://*.emsecure.net https://*.etrusted.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.google.co.uk https://*.google.de https://*.google.dk https://*.google.com https://*.gstatic.com https://*.klarna.com https://*.liveperson.net https://*.lpsnmedia.net https://*.newrelic.com https://*.nr-data.net https://*.ogone.com https://*.omq.de https://*.paypalobjects.com https://*.polyfill.io https://*.remarketingpixel.com https://*.retailads.net https://*.slgnt.eu https://*.taboola.com https://*.trustedshops.com https://*.usercentrics.com https://*.usercentrics.eu https://*.youtube-nocookie.com https://*.windows.net https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zopim.com http://localhost; img-src https: blob: data: about: 1 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src https:; style-src https: 'unsafe-inline'; img-src https: data:; media-src https:; font-src https: data:; connect-src https: wss: 1 default-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu cdn.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com; connect-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.truste.com *.newrelic.com *.nr-data.net *.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com ; img-src 'self' data: *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' *.navexglobal.com *.policytech.com *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com; frame-ancestors 'self' *.pendo.io *.ethicspoint.eu; 1 frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1 default-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com https://*.googlevideo.com 'unsafe-inline' 'unsafe-eval'; media-src https://www.mediengruppe-rtl.de blob:; img-src 'self' data: https://yt3.ggpht.com https://i.ytimg.com; script-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; style-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com 'unsafe-inline' 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self' mailto: https://piwik.bzga.de; 1 frame-ancestors 'self' https://www.allsmart.gr/; 1 default-src 'self' *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com; frame-src 'self' *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' *.neighbourly.com *.mapbox.com *.google-analytics.com;media-src blob: nbrlyprodmedia.blob.core.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' data: *.mapbox.com nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' *.neighbourly.com 'unsafe-eval' *.googleapis.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com *.mapbox.com *.stripe.com; style-src 'self' *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=yTPDecexIz4gX5udAk8ba/1f0uk7og3BmKYMQWm6SWjz8xnZY/rAoA== 1 default-src 'self' https://cdn.census.gov.uk; font-src 'self' https://fonts.gstatic.com https://cdn.census.gov.uk; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://cdn.census.gov.uk; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://cdn.census.gov.uk; connect-src 'self' https://www.google-analytics.com https://cdn.census.gov.uk; frame-src https://www.youtube.com https://www.googletagmanager.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.census.gov.uk 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.doubleclick.net *.youtube.com https://*.youtube.com *.ytimg.com https://*.ytimg.com https://*.googleapis.com https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com; style-src 'unsafe-inline' 'self' https://*.googleapis.com *.googleapis.com https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com; font-src 'self' https://*.gstatic.com *.gstatic.com; img-src 'self' data: www.google-analytics.com *.google.com *.googleapis.com https://*.googleapis.com https://*.gstatic.com *.gstatic.com *.doubleclick.net https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com; frame-src 'self' *.youtube.com https://*.youtube.com *.google.com https://*.google.com; connect-src 'self' www.google-analytics.com https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com wss://ws-ap1.pusher.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com 1 frame-ancestors 'self' tvn24.pl *.tvn24.pl 1 default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com 'unsafe-eval'; style-src 'self' *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sejda.com *.polyfill.io *.sites-appleby.vuturevx.com https://sites-appleby.vuturevx.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.googleapis.com *.fonts.net *.algolianet.com data: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.fonts.net https://fast.fonts.net ; font-src 'self' *.fonts.net https://fast.fonts.net *.gstatic.com data: ; img-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.gravatar.com *.doubleclick.net data: ; connect-src 'self' *.sejda.com *.google-analytics.com *.algolia.net *.algolianet.com data: ; frame-src 'self' *.google.com *.vimeo.com *.youtube.com *.vuturevx.com *.brightcove.net data: ; 1 frame-ancestors https://*.posylka.de 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 1 default-src https: https://*.gstatic.com https://tagmanager.google.com https://*.hotjar.com; frame-src https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://*.gstatic.com https://cdn.curator.io/; font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://www.gstatic.com https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js; connect-src 'self' https://api.compassion.com.au https://api.quickstream.westpac.com.au https://compassionau.force.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.doubleclick.net/ https://api.curator.io/; img-src 'self' data: http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://*.gstatic.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ 1 default-src *; connect-src *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1 default-src 'self' https://connect.facebook.net https://e.issuu.com; font-src 'self' 'unsafe-inline' data: www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg https://fonts.googleapis.com https://fonts.gstatic.com https://static.juicer.io; connect-src 'self' www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg www.juicer.io https://graph.facebook.com www.google-analytics.com https://v1.addthis.com m.addthis.com; frame-src 'self' www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg youtu.be www.youtube.com https://staticxx.facebook.com https://platform.twitter.com www.google.com s7.addthis.com https://e.issuu.com; frame-ancestors 'self'; img-src *; media-src 'self' data: https://images.pexels.com https://e.issuu.com; object-src 'self' www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com www.googletagmanager.com https://connect.facebook.net http://connect.facebook.net https://platform.twitter.com https://v1.addthisedge.com https://v1.addthis.com https://z.moatads.com https://e.issuu.com; style-src 'self' 'unsafe-inline' data: www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com https://e.issuu.com; 1 frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1 default-src 'self' https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com *.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net https://*.go-mpulse.net https://origin-www.appliedmaterials.com 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.kr www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net http://*.prod.acquia-sites.com https://*.prod.acquia-sites.com http://*.appliedmaterials.com https://*.appliedmaterials.com data:; frame-src 'self' www.google.com www.youtube.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com data:; connect-src 'self' www.google-analytics.com *.nr-data.net stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://service.bzga.de/ 1 default-src https:; connect-src https:; font-src https: data:; frame-src https: wvjbscheme:; frame-ancestors https:; img-src https: data:; media-src https:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google.com/uds/ *.googleapis.com *.google-analytics.com www.googletagmanager.com/ www.google.com/jsapi www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com static.ads-twitter.com cdn.mouseflow.com *.stripe.com js.braintreegateway.com *.fontawesome.com cdn.pubnub.com connect.facebook.net cdnjs.cloudflare.com/ajax/libs/select2/ cdnjs.cloudflare.com/ajax/libs/d3/ *.twitter.com *.twimg.com cdn.jsdelivr.net/npm/vue cdn.jsdelivr.net/npm/vue/dist/vue.js assets.sitescdn.net/ytag/ytag.min.js *.braintreegateway.com *.braintree-api.com widget.surveymonkey.com; style-src *.fontawesome.com 'unsafe-inline' 'self' www.google.com www.gstatic.com/recaptcha *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.twitter.com cdnjs.cloudflare.com/ajax/libs/select2/ use.fontawesome.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://form.jotformeu.com https://cdn.jotfor.ms https://js.jotform.com https://widgets.jotform.io https://browser.sentry-cdn.com https://events.jotform.com https://static.dvinci-easy.com https://api.heycamp.de https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/de/local.js;; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jotfor.ms http://www.al-ko.com https://widgets.jotform.io https://static.dvinci-easy.com;; img-src 'self' www.google-analytics.com https://www.facebook.com https://www.google.com https://cdn.jotfor.ms https://stats.g.doubleclick.net https://events.jotform.com https://www.heycamp.de https://cdn.cookielaw.org https://i3.ytimg.com;; media-src 'self'; frame-src 'self' https://www.google.com https://www.store-connector.com https://submit.jotformeu.com/ https://www.youtube.com/;; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com netdna.bootstrapcdn.com;; connect-src 'self' https://www.google-analytics.com *.onetrust.com https://cdn.cookielaw.org https://static.dvinci-easy.com https://alko-tech.dvinci-easy.com https://www.heycamp.de;; report-uri /en/report-csp-violation 1 default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 1 object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1 frame-ancestors www.bps.ac.uk 1 default-src https: 1 frame-ancestors https://www.facebook.com https://www.venetacucine.com 1 frame-ancestors DENY 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com mailto: https://piwik.bzga.de; 1 script-src 'self' *.stripe.com googleads.g.doubleclick.net googleads.g.doubleclick.ne www.google-analytics.com www.googletagmanager.com www.googleadservices.com ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com www.youtube.com s.ytimg.com 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com *.pricespider.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com *.pricespider.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au legal.bbulibrary.com *.googletagmanager.com *.pricespider.com; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com c.sharethis.mgr.consensu.org; font-src 'self' *.gstatic.com; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net *.google-analytics.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 base-uri 'https://*.pchome.co.th'; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1 default-src 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com; style-src 'self' 'unsafe-inline' *.blackbaudhosting.com *.googleapis.com *.gstatic.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com; frame-src 'self' *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net; object-src 'self'; connect-src 'self' *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net; media-src 'self' *.medtronic.com; form-action 'self' *.facebook.com; frame-ancestors 'self' *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net; upgrade-insecure-requests; 1 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 1 default-src 'self'; connect-src 'self' www.google-analytics.com https://www.google-analytics.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' *.pbwstatic.com www.google-analytics.com https://www.google-analytics.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 1 default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 1 frame-ancestors 'self' piwik.betaalvereniging.nl; 1 frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1 default-src 'self' https://api.deezer.com https://*.bernardo.fm; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://code.getmdl.io https://*.bernardo.fm; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.getmdl.io https://pagead2.googlesyndication.com https://adservice.google.ch https://*.bernardo.fm https://*.google.com https://*.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://*.bernardo.fm; media-src 'self' https://www.dropbox.com https://*.dl.dropboxusercontent.com https://*.bernardo.fm; img-src 'self' data: http://www.w3.org https://*.bernardo.fm; frame-src https://googleads.g.doubleclick.net https://www.google.com 1 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com www.googletagmanager.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com; img-src 'self' data:; media-src 'self' data: www.youtube.com; frame-src 'self' data: www.youtube.com app.powerbi.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.twitter.com *.twimg.com www.youtube.com s.ytimg.com *.etracker.com *.etracker.de *.matomo.cloud *.upsales.com match.adsby.bidtheatre.com; object-src 'self'; form-action 'self' *.twitter.com; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net *.materna.de; img-src 'self' blob: data: *.google.com *.google.de *.gstatic.com *.google-analytics.com *.doubleclick.net *.twitter.com *.twimg.com *.youtube.com *.etracker.com *.matomo.cloud *.upsales.com; 1 frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.web2016-acc.netivity.nl https://matrabike.WEB2016-ACC.netivity.nl http://www.google.com 1 default-src 'self' https://secure.livechatinc.com https://vars.hotjar.com https://cdn-widget.callpage.io https://chat-widget.thulium.com; block-all-mixed-content; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.google.com https://www.google.pl https://stats.g.doubleclick.net https://rs.fullstory.com https://api-cdn.callpage.io https://*.hotjar.com https://vc.hotjar.io https://api.callpage.io https://sdk.twilio.com wss: https://sockjs-eu.pusher.com https://telemedico.user.com https://cdn.datatables.net https://api.amplitude.com https://api.livechatinc.com https://chat-widget.thulium.com https://eventgw.twilio.com https://voip.telemedi.co https://hlg.tokbox.com https://config.opentok.com https://anvil.opentok.com https://ecs.us1.twilio.com https://api-standard.opentok.com https://sentry.io https://merch-prod.snd.payu.com https://secure.payu.com https://static.telemedi.co https://static.telemedi.co/socket.io https://voip-test.telemedi.co blob:; font-src 'self' https://s3.amazonaws.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://script.hotjar.com https://stackpath.bootstrapcdn.com https://netdna.bootstrapcdn.com; frame-src 'self' https://www.facebook.com https://secure.livechatinc.com https://vars.hotjar.com https://www.google.com https://merch-prod.snd.payu.com https://secure.payu.com; img-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.amplitude.com https://s3.amazonaws.com https://www.google-analytics.com https://connect.facebook.net https://cdnjs.cloudflare.com http://cdn-widget.callpage.io https://browser.sentry-cdn.com https://static.hotjar.com https://script.hotjar.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.facebook.com https://fonts.googleapis.com http://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.google.pl https://fullstory.com https://edge.fullstory.com http://www.googletagmanager.com https://stats.pusher.com https://unpkg.com https://telemedico.user.com https://widget.user.com https://snap.licdn.com https://www.gstatic.com https://code.iconify.design https://api.livechatinc.com https://chat-widget.thulium.com https://static.telemedi.co https://static.telemedi.co/socket.io https://secure.snd.payu.com https://sentry.io https://secure.payu.com https://ajax.googleapis.com https://voip-test.telemedi.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-widget.callpage.io https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.gstatic.com https://netdna.bootstrapcdn.com; report-uri /csp/report 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com tacoma.bibliocms.com *.tacoma.bibliocms.com https://www.tacomalibrary.org www.tacomalibrary.org *.www.tacomalibrary.org; 1 default-src 'self' http: https: *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://www.youtube-nocookie.com/ 1 frame-ancestors liveshareeast3.seismic.com huron.seismic.com 1 frame-ancestors https://*.barcodefactory.com http://localhost:3000 http://192.168.0.137:3000 1 default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'nonce-6AEemGb0xJptoIGFP3Nd' 'nonce-7AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk; connect-src 'self' https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1 default-src 'self' https://www.google.com; connect-src 'self' https://vimeo.com https://sentry.io https://app.zencoder.com https://js.stripe.com/v3/ https://www.google-analytics.com https://ssl.google-analytics.com https://rs.fullstory.com https://web.facebook.com https://www.facebook.com https://forms.hubspot.com https://1q-askvert-assets-dev.s3.amazonaws.com https://1q-video-input-dev.s3.amazonaws.com https://1q-askvert-assets-test.s3.amazonaws.com https://1q-video-input-test.s3.amazonaws.com https://1q-askvert-assets-prod.s3.amazonaws.com https://1q-video-input-prod.s3.amazonaws.com blob:; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.google.com https://player.vimeo.com https://vimeo.com http://player.vimeo.com https://platform.twitter.com https://js.stripe.com/v3/ https://staticxx.facebook.com fbrpc://call; img-src * data: blob:; media-src blob: https://d3g65oypf6prn3.cloudfront.net https://d1rhiywm6dcjyw.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://connect.facebook.net https://www.googletagmanager.com http://tagmanager.google.com https://www.google.com https://www.gstatic.com https://platform.twitter.com https://js.stripe.com/v3/ https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://fullstory.com https://edge.fullstory.com https://vimeo.com https://js.hs-scripts.com http://js.hs-analytics.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://forms.hubspot.com; style-src 'self' https://fonts.googleapis.com http://tagmanager.google.com 'unsafe-inline'; report-uri https://sentry.io/api/1263064/security/?sentry_key=8a5ec54260bb45868b737b446557eaa0 1 frame-ancestors 'self' https://*.salesforce.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com jeffco.bibliocms.com *.jeffco.bibliocms.com https://jeffcolibrary.org jeffcolibrary.org *.jeffcolibrary.org; 1 default-src * 'unsafe-inline' data: ; font-src * 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval' https: 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com arapahoe.bibliocms.com *.arapahoe.bibliocms.com https://arapahoelibraries.org arapahoelibraries.org *.arapahoelibraries.org; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1 default-src 'self' *.fg.cz *.fraus.cz *.fraus.com;font-src 'self' data: fonts.gstatic.com *.fg.cz *.google.com *.issuu.com;connect-src 'self' *.gstatic.com *.google.com *.googleapis.com www.google-analytics.com *.fg.cz *.yandex.ru *.facebook.com *.seznam.cz *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.licdn.com *.linkedin.com *.cloudflare.com *.facebook.com *.facebook.net *.fg.cz *.fraus.cz *.fraus.com cdn.jsdelivr.net *.doubleclick.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz;form-action 'self' *.facebook.com *.facebook.net *.fg.cz *.google.com *.issuu.com;frame-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;child-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.placeholder.com *.fg.cz *.fraus.cz *.fraus.com *.facebook.com *.facebook.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz;style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com *.google.com *.fg.cz *.fraus.cz *.fraus.com *.issuu.com;object-src 'self' *.fg.cz 1 default-src 'self 'unsafe-inline'' *.sernet.de *.google.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com 1 object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.doubleclick.net *.google-analytics.com *.google.com *.mouseflow.com;img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.google.com *.google.nl www.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.google.com https://maps.gstatic.com https://maps.googleapis.com *.mouseflow.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://developers.google.com https://maps.googleapis.com https://embed.webinargeek.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.typekit.net;font-src https://fonts.gstatic.com data: *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl;frame-src https://www.youtube.com https://bid.g.doubleclick.net https://app.webinargeek.com *.mouseflow.com 1 default-src 'self' www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1 img-src 'self' ws.gosign.lt ssl.google-analytics.com; media-src 'none'; reflected-xss block; 1 frame-ancestors 'self' ; 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.ytimg.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1 default-src 'self' data: ;font-src 'self' data: fonts.gstatic.com ;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.facebook.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.gstatic.com *.imedia.cz *.facebook.net *.adform.net *.doubleclick.net *.googleadservices.com *.glami.cz *.licdn.com *.linkedin.com *.seznam.cz;form-action 'self' *.facebook.com *.facebook.net ;frame-src 'self' blob: www.youtube.com *.vimeo.com *.imedia.cz *.facebook.com *.adform.net *.matterport.com datastudio.google.com *.iplatba.cz *.essox.cz;worker-src 'self' blob: www.youtube.com *.vimeo.com *.imedia.cz *.facebook.com *.adform.net *.matterport.com datastudio.google.com *.iplatba.cz *.essox.cz;frame-ancestors 'self' datastudio.google.com ;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie www.zasilkovna.cz www.zasielkovna.sk *.imedia.cz *.facebook.com *.doubleclick.net c.seznam.cz *.glami.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.gstatic.com ;object-src 'self' 1 default-src 'self' https://piwik.bzga.de/ script-src 'unsafe-inline' img-src https://piwik.bzga.de/ 1 upgrade-insecure-requests; 1 frame-ancestors https://www.dodo.it/ https://www.dodo.it/ ; 1 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://c.evidon.com https://munchkin.marketo.net https://stats.sa-as.com https://www.google-analytics.com https://zscalertwo.net https://*.zscalertwo.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: https://l.betrad.com https://c.evidon.com https://stats.sa-as.com; media-src 'self' https: data: blob:; frame-src 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; frame-ancestors 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; child-src 'self'; font-src 'self' https: data: blob: http://go.gewwmarketing.com/; connect-src 'self' https: https://324-zbg-118.mktoresp.com; report-uri /report-csp-violation 1 base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; connect-src 'self' https://vimeo.com https://*.resengo.com https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://www.resengo.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://www.resengo.com https://*.resengo.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://www.resengo.com 'unsafe-inline'; 1 : default-src 'self'; script-src 'self' 1 upgrade-insecure-requests;default-src 'self' https; connect-src 'self' www.google.co.uk snap.licdn.com px.ads.linkedin.com www.linkedin.com linkedin.com stats.g.doubleclick.net www.google-analytics.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; font-src 'self' www.google.co.uk cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com px.ads.linkedin.com www.linkedin.com linkedin.com fonts.gstatic.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk data:; style-src 'self' 'unsafe-inline' www.google.co.uk px.ads.linkedin.com www.linkedin.com linkedin.com cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com tagmanager.google.com fonts.googleapis.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.co.uk snap.licdn.com px.ads.linkedin.com www.linkedin.com linkedin.com cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com www2.cmrsurgical.com stats.g.doubleclick.net pi.pardot.com cdn.pardot.com cdnjs.cloudflare.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googleadservices.com www.google.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com graph.facebook.com widgets.pinterest.com assets.pinterest.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; img-src 'self' cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com www.google.co.uk px.ads.linkedin.com www.linkedin.com linkedin.com ssl.gstatic.com www.gstatic.com www.googletagmanager.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com www.google-analytics.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk blob: data:; child-src 'self'; frame-src 'self' www.google.co.uk snap.licdn.com px.ads.linkedin.com www.linkedin.com linkedin.com pi.pardot.com www2.cmrsurgical.com player.vimeo.com s7.addthis.com assets.pinterest.com bid.g.doubleclick.net *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; media-src 'self' www.google.co.uk px.ads.linkedin.com www.linkedin.com linkedin.com cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; 1 script-src 'self'; object-src 'self' 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamlogin.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 script-src sharedpro.in 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com *.expo-ip.com https://*.crisp.chat wss://*.crisp.chat data: 1 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com *.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.googleapis.com *.facebook.net *.doubleclick.net *.ads-twitter.com *.trackedlink.net *.licdn.com *.addthis.com *.paypalobjects.com *.mouseflow.com *.moatads.com *.addthisedge.com *.paypal.com *.twitter.com *.facebook.com *.postcodeanywhere.co.uk; default-src 'self' data:; worker-src ; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com; connect-src 'self' rec1.visualwebsiteoptimizer.com www.google-analytics.com *.paypal.com *.addthis.com *.doubleclick.net *.mouseflow.com *.bracedigital.com https://umbraco.com; font-src 'self' hello.myfonts.net fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: *.linkedin.com *.google.com *.google.co.uk https://t.co/i/adsct *.paypal.com *.facebook.com https://umbraco.tv *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.gstatic.com; frame-src 'self' vcc-eu2.8x8.com platform.twitter.com syndication.twitter.com *.8x8.com *.addthis.com *.youtube.com *.paypal.com *.facebook.com *.sagepay.com *.bracedigital.com *.google.com; 1 child-src 'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src wss://ws.beechat.hive-engine.com https://beechat.hive-engine.com https://accounts.hive-engine.com https://history.steem-engine.net https://servedby.revive-adserver.net https://anyx.io https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.hive-engine.com https://api.steem-engine.net https://scot-api.hive-engine.com https://scot-api.steem-engine.net https://steemitimages.com https://images.hive.blog securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com https://api.hive.blog api.blocktrades.us https://hivesigner.com https://pagead2.googlesyndication.com http://adservice.google.com https://www.google-analytics.com https://api.openhive.network; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net servedby.revive-adserver.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 frame-ancestors *.kinmen.travel 'self' 1 default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-f7a77a81575371718dde82494945320f' 'nonce-8c17706cfd4efeb541af082a863aecc6' 'nonce-b5fff3499c8a31dacf50846012b6279e' 'nonce-7ba14b659c46fcee2b23db7345094d4a' 'nonce-ac557cecb8569d1d8415e9c68a91d8aa' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://pts.deutschlandsim.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-f7a77a81575371718dde82494945320f' 'nonce-8c17706cfd4efeb541af082a863aecc6' 'nonce-b5fff3499c8a31dacf50846012b6279e' 'nonce-7ba14b659c46fcee2b23db7345094d4a' 'nonce-ac557cecb8569d1d8415e9c68a91d8aa' 'self' https: 'report-sample' 1 https://client.libertydentalplan.com; https://libertydentalplan.com 1 default-src 'self'; font-src 'self' data: 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com https://fonts.gstatic.com *.intercomcdn.com *.googleusercontent.com; img-src 'self' *.gstatic.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.wpengine.com *.discuss.io *.facebook.com data: https://secure.gravatar.com pbs.twimg.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.wistia.com *.wistia.net *.aggregage.com *.ads.linkedin.com *.google.com heapanalytics.com *.mediashower.com *.bing.com *.adsymptotic.com *.6sc.co *.hubspot.com *.hsforms.com *.intercomassets.com *.intercomcdn.com *.bamboohr.com *.akamaihd.net; script-src 'self' 'unsafe-inline' blob: data: *.googleoptimize.com *.stripe.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.gstatic.com *.google.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.segment.com *.segment.io *.salesloft.com *.wistia.com *.wistia.net *.googleadservices.com *.hotjar.com *.hs-scripts.com mediashower.com *.mediashower.com *.intercom.io *.aggregage.com *.licdn.com *.heapanalytics.com *.hs-analytics.net *.g.doubleclick.net *.6sc.co *.facebook.net *.bing.com *.hsadspixel.net *.hscollectedforms.net *.hs-banner.com *.intercomcdn.com *.hsforms.net *.hsforms.com *.bamboohr.com; style-src 'self' 'unsafe-inline' *.google.com *.googleoptimize.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com https://fonts.googleapis.com mediashower.com *.bamboohr.com; connect-src 'self' 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com embedwistia-a.akamaihd.net *.google-analytics.com *.g.doubleclick.net *.wistia.com *.wistia.net *.segment.io *.adnxs.com *.hubapi.com *.hubspot.com *.hsforms.com *.intercom.io *.hotjar.com wss://nexus-websocket-a.intercom.io *.salesloft.com *.litix.io *.bing.com *.bamboohr.com hubspot-forms-static-embed.s3.amazonaws.com *.6sc.co *.hotjar.io; frame-src 'self' *.google.com *.stripe.com *.hsforms.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.youtube.com *.hotjar.com *.g.doubleclick.net *.facebook.com *.hubspot.com *.google.com s3.amazonaws.com *.youcanbook.me *.wistia.net; media-src 'self' *.akamaihd.net *.wistia.com *.intercomcdn.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.litix.io blob: data:; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com s.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com playout.3qsdn.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src 'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;form-action 'self';base-uri 'self';object-src 'none';report-uri https://csp.example.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1 allow; 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://*.twitter.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google-analytics.com trendygolf.imgix.net https://production-trendygolf-1556104155.s3.amazonaws.com https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead/ https://www.google.com/pagead/ https://www.facebook.com https://stats.g.doubleclick.net https://t.paypal.com https://googleads.g.doubleclick.net/ https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://www.googletagmanager.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://apis.google.com https://*.twitter.com https://*.twimg.com https://*.instagram.com/en_US/embeds.js https://www.dwin1.com https://www.googleadservices.com https://connect.facebook.net https://ads.avocet.io https://googleads.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.awin1.com https://www.google.com/pagead/; frame-src https://js.stripe.com https://*.paypal.com https://www.googletagmanager.com https://*.twitter.com https://www.googletagmanager.com https://www.google.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://www.paypalobjects.com https://graph.facebook.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://*.instagram.com https://*.sciencebehindecommerce.com https://www.facebook.com https://www.paypal.com https://stats.g.doubleclick.net https://graph.facebook.com; font-src data: https://trendygolf.com; form-action 'self' https://*.twitter.com https://*.twitter.com https://www.facebook.com/tr/; object-src 'self'; block-all-mixed-content; report-uri https://5ce9a457525b0c6b344093f4321341fa.report-uri.com/r/d/csp/enforce 1 frame-ancestors 'self' https://weltladen-fachtage.expo-ip.com http://weltladen-fachtage.expo-ip.com https://weltladen-fachtageadmin.expo-ip.com ; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' img.youtube.com youtube.com cdn.jsdelivr.net www.youtube.com maps.gstatic.com data: fonts.gstatic.com fonts.googleapis.com www.gstatic.com platform.twitter.com s7.addthis.com www.google-analytics.com z.moatads.com cdn.syndication.twimg.com m.addthis.com v1.addthisedge.com stats.g.doubleclick.net syndication.twitter.com pbs.twimg.com maps.google.com maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' bam.eu01.nr-data.net cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com bam.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net p.typekit.net cloud.typography.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1 default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/ cookiehub.net; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com cookiehub.net; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.dekust.be cdn.knightlab.com vars.hotjar.com; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/ cookiehub.net; report-uri /admin/config/system/seckit/csp-report 1 frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' *.taboola.com *.yimg.com *.doubleclick.net *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.yahoo.com .taboola.com *.adsrvr.org *.yimg.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 1 default-src 'self'; script-src 'self' data: maps.googleapis.com maps.google.com https://ssl.google-analytics.com https://www.paypalobjects.com https://www.paypal.com/tagmanager/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: maps.googleapis.com maps.google.com *.gstatic.com *.gravatar.com *.ytimg.com *.paypal.com www.paypalobjects.com www.steelforlife.org www.steelconstruction.org https://ssl.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.paypal.com/webapps/hermes/api/logger https://www.paypal.com/xoplatform/logger/api/logger; frame-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; child-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; 1 font-src 'self' fonts.gstatic.com https://*.intercomcdn.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com data:; img-src * data:; script-src 'self' 'unsafe-inline' www.googleadservices.com www.googletagmanager.com www.google-analytics.com marketing.talmix.com marketing.mbaco.com https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ connect.facebook.net https://s.adroll.com https://d.adroll.com https://*.intercom.io https://*.intercomcdn.com https://pi.pardot.com https://fullstory.com https://*.fullstory.com https://d2yyd1h5u9mauk.cloudfront.net https://scout-cdn.salesloft.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com https://1922ad1ca24372498797-3b677d6bb99015de4b7df47cce09c3b8.ssl.cf3.rackcdn.com; style-src 'self' tagmanager.google.com fonts.googleapis.com 'unsafe-inline' https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com 1 default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: https://players.brightcove.net https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: https://a.idio.co/ https://i.idio.co; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ https://s.idio.co/ia.js https://js.idio.co/1473.js https://s.idio.co/ip.js https://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/; style-src * 'unsafe-inline'; frame-ancestors 'self' http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/; 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr; 1 default-src 'self' 'unsafe-inline'; 1 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' https://*.paypal.com/ https://*.stripe.com/ http://e.issuu.com/embed.js; frame-src 'self' https://*.paypal.com/ https://*.stripe.com/ http://e.issuu.com/embed.js; 1 frame-scr 'self' 1 default-src 'self' *.gewobag.de data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1 frame-ancestors 'self' *.kapow.com *.cvent.com http://*.cvent.com *.kapownp.com http://*.kapow.com:*; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com maps.googleapis.com developers.google.com *.3qsdn.com *.flickr.com tde-stats.spin-ag.de *.telefonica.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.3qsdn.com; connect-src 'self' *.3qsdn.com; media-src 'self' *.youtube-nocookie.com *.3qsdn.com *.flickr.com blob:; child-src 'self' *.telefonica.de *.udldigital.de *.youtube-nocookie.com *.3qsdn.com blob:; object-src 'self'; frame-src 'self' *.telefonica.de *.youtube-nocookie.com data:; form-action 'self'; img-src 'self' chart.apis.google.com maps.gstatic.com *.googleapis.com developers.google.com *.udldigital.de *.telefonica.de *.flickr.com tde-stats.spin-ag.de *.3qsdn.com data: 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost; 1 frame-ancestors *; 1 default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: http://www.cockovnik.cz http://www.vasecocky.cz http://www.lentiamo.cz; frame-ancestors 'self' 1 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com s15923.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co s15923.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 1 allow 'self'; gtp.com.au 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jotfor.ms *.jotform.com *.jotform.io *.jotform.us *.jotformpro.com *.multiview.com *.paypal.com *.paypalobjects.com *.texmed.org *.twimg.com *.twitter.com *.unitednetworksofamerica.com *.yahooapis.com *.zkcdn.net code.jquery.com https://t.co https://feed.jquery-plugins.net *.unitednetworksofamerica.com; frame-src 'self' *; 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.google.com https://*.typekit.net https://metrics.mehrwert.de https://www.google-analytics.com/; style-src https: 'unsafe-inline' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.typekit.net https://metrics.mehrwert.de; frame-ancestors https://www.fortuna-koeln.de https://verein.fortuna-koeln.de https://verein.www.fortuna-koeln.de https://www.fortuna-koeln.de https://twitter.com https://*.twitter.com 1 child-src 'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://rpc.blurt.world https://blurturl.herokuapp.com blurt.world rpc.blurt.world 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://images.blurt.blog https://api.blurt.blog https://blurtd.privex.io *.blurt.world wss://notifications.blurt.world data:; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com img.3speakcontent.online lbry.tv *.wistia.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' http://www.googletagmanager.com 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com; report-uri /api/v1/csp_violation 1 default-src 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1 child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://history.steem-engine.net https://servedby.revive-adserver.net https://pagead2.googlesyndication.com https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.steem-engine.net https://scot-api.steem-engine.net https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us https://apisct.cloud; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 frame-ancestors 'self'; frame-src 'self' centredeservices.alturing.eu www.youtube.com www.youtube-nocookie.com *.chronopost.fr *.weborama.fr www.googletagmanager.com mmtro.com www.zenaps.com *.doubleclick.net www.awin.com marketingplatform.google.com *.cookiebot.com 1 frame-ancestors https://www.twoa.ac.nz 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri https://cloudmanagerportal.com/oidc/csp/report 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.smithwicksexperience.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.myfonts.net *.hotjar.com *.facebook.net; object-src 'self' https: *.smithwicksexperience.com ; style-src 'self' 'unsafe-inline' https: *.smithwicksexperience.com fonts.googleapis.com footer.diageohorizon.com *.myfonts.net; img-src 'self' https: data: *.smithwicksexperience.com *.googleapis.com *.gstatic.com analytics.twitter.com d.adroll.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.ie www.google-analytics.com *.hotjar.com *.facebook.com; frame-src 'self' https: *.smithwicksexperience.com *.worldnettps.com www.youtube.com *.hotjar.com; font-src 'self' https: *.smithwicksexperience.com data: *.myfonts.net *.gstatic.com *.hotjar.com; connect-src 'self' https: *.smithwicksexperience.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com; media-src 'self' https: *.smithwicksexperience.com 1 default-src 'self'; font-src 'self' data:; script-src *.google-analytics.com *.googletagmanager.com https://login.mts.ru *.adriver.ru https://mc.yandex.ru http://count.mgts.ru https://cdn.rutarget.ru https://tags.soloway.ru https://clickcount.mgts.ru https://st.mgts.ru 'self' 'unsafe-inline'; connect-src https://mc.yandex.ru https://login.mts.ru 'self'; frame-src https://content.adriver.ru https://tag.rutarget.ru 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src *.doubleclick.net *.google-analytics.com *.adriver.ru https://mc.yandex.ru http://count.mgts.ru https://vk.com https://www.google.com https://www.google.ru https://clickcount.mgts.ru https://st.mgts.ru 'self' data:; report-uri /amserver/UI/csp-report; 1 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hypovbg.at https://cdnjs.cloudflare.com https://google.com https://www.google.com https://tagmanager.google.com https://analytics.arz.at https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://*.gstatic.com https://e.issuu.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; object-src 'self' https://*.youtube.com; style-src 'self' 'unsafe-inline' https://*.hypovbg.at google.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; img-src 'self' data: https://*.hypovbg.at https://google.com https://www.google.com https://analytics.arz.at https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://maps.google.com https://maps.googleapis.com https://*.gstatic.com https://consent.cookiebot.com https://kurse.banking.co.at; media-src 'self' https://*.hypovbg-cdn.at; frame-src 'self' https://consentcdn.cookiebot.com https://kurse.banking.co.at https://*.hypovbg.at https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://e.issuu.com; font-src 'self' https://*.hypovbg.at https://fonts.googleapis.com; connect-src 'self' https://data.hypovbg.at 1 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' piwik.vught.nl; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' piwik.vught.nl data:; media-src 'self'; frame-src 'self'; frame-ancestors 'self' piwik.vught.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self'; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://cdnjs.cloudflare.com https://www.google-analytics.com/ https://connect.facebook.net/ https://platform.twitter.com/ https://s7.addthis.com/ https://web.archive.org/ https://www.propietatdespiells.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://www.gstatic.com/ https://m.addthis.com/ https://www.google.com/ https://s.ytimg.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/recaptcha__en.js; img-src 'self' data: https://www.propietatdespiells.com/; object-src 'self' https://s7.addthis.com/; frame-src 'self' https://s7.addthis.com/; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 img-src * https://www.google-analytics.com/ data: ; default-src *; script-src www.globalballooning.com.au cn.globalballooning.com.au 'unsafe-inline' 'unsafe-eval' 127.0.0.1:* *.facebook.com *.fbcdn.net *.fbcdn.net *.facebook.net *.youtube.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.XYX *.google.com *.google.fr *.googleadservices.com *.gstatic.com *.akamaihd.net *.tawk.to cdn.jsdelivr.net data: ; frame-src *.tawk.to *.googletagmanager.com *.youtube.com *.vimeo.com *.securepay.com.au *.weatherlink.com; style-src * 'unsafe-inline' ; connect-src www.globalballooning.com.au cn.globalballooning.com.au *.facebook.com *.fbcdn.net *.facebook.net *.googleadservices.com *.google.fr *.doubleclick.net *.akamaihd.net ws://*.facebook.com:* *.tawk.to wss://*.tawk.to https://www.google-analytics.com/; 1