Values for x-content-security-policy: frame-ancestors 'self' 158 158 allow 'self'; 138 default-src 'self'; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 50 upgrade-insecure-requests; 42 default-src 'self' 39 report-uri /report-csp-violation 34 report-uri //report-csp-violation 24 upgrade-insecure-requests 20 frame-ancestors 'none' 17 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 17 frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com ;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 13 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; 11 referrer origin 11 allow 'self' 11 frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com 10 frame-ancestors https://*.marketo.com 10 default-src 'self'; base-uri 'self'; 10 default-src 'self'; script-src 'self' 'unsafe-inline' 10 frame-ancestors 'self' https://*.adventhealth.com 10 default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://cf.talpa.network https://cf-staging.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com https://www.google-analytics.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com https://www.google-analytics.com 9 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8 frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 7 report-uri /report-csp-violation; upgrade-insecure-requests 7 default-src 'self'; 7 frame-ancestors 'self' hhs.gov *.hhs.gov 6 default-src https: data: 'unsafe-inline' 'unsafe-eval' 6 default-src 'self'; script-src 'self'; 6 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 6 frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.eu https://booking2.centerparcs.ch https://booking2.centerparcs.be 6 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 6 object-src https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 5 frame-ancestors 'self' ; 5 default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://*.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://www.weborama.com https://adv.solution.weborama.fr https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://tr.outbrain.com https://fo-api.omnitagjs.com https://*.akstat.io; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 5 default-src 'self'; img-src 'self' data: ; 5 script-src 'self'; object-src 'self' 5 frame-ancestors 'self'; 5 frame-ancestors 'self' weleda.sabio.de 5 frame-ancestors 'self' http://customer--hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 5 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 5 script-src 'self' 4 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 4 connect-src * 'self' 4 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 4 frame-ancestors *.windstream.net 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com; report-uri /admin/config/system/seckit/csp-report 4 default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl;object-src 'self' cdn-vsh.prague.eu 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 4 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 4 frame-ancestors 'self' https://*.salesforce.com 4 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 4 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; font-src 'self' data: https:; form-action *; 4 frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 3 frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 3 connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net 3 default-src blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.brides.com *.qa.aws.brides.com apollo.brides.com apollo.local.brides.com atlas.brides.com atlas.local.brides.com 3 block-all-mixed-content 3 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 3 frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com 3 frame-ancestors www.red-gate.com; 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com apollo.mydomaine.com apollo.local.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 3 style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; img-src 'self' https://www.denic.de https://www.google-analytics.com; frame-src 'self' 3 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 3 default-src 'self'; frame-src avsecure.dev; img-src 'self' *.florastatic.com https://*.florastatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 3 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de; 3 script-src 'self'; 3 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 3 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 3 default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src 'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 3 style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com; font-src 'self' *.typekit.net fonts.gstatic.com data:; report-uri /report-csp-violation 3 default-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.arnoldbread.com *.brownberry.com *.oroweat.com *.econsumeraffairs.com *.consumercare.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.consumercare.net *.econsumeraffairs.com *.google.com cdn.jsdelivr.net *.facebook.net *.likebtn.com *.pinterest.com *.facebook.com *.typekit.com *.trackduck.com *.sharethis.com dnn506yrbagrg.cloudfront.net *.m4dc.com data: ; object-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline' *.arnoldbread.com *.brownberry.com *.oroweat.com *.trackduck.com *.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.likebtn.com *.typekit.net *.sharethis.com; img-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.gravatar.com *.google-analytics.com *.trackduck.com *.google.com stats.g.doubleclick.net *.facebook.com *.googleapis.com cdn.jsdelivr.net *.typekit.net *.sharethis.com *.blob.core.windows.net *.dev-2.development-preview.com *.gstatic.com gravatar.com gtrk.s3.amazonaws.com *.google.co.in/ads data:; media-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; frame-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com *.sharethis.mgr.consensu.org *.sharethis.com *.m4dc.com; font-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.typekit.com data: *.typekit.net *.trackduck.com; connect-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.facebook.com *.trackduck.com *.sharethis.com wss: data: *.gravatar.com *.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 3 frame-src http: https: ; frame-ancestors http: https: ; 3 default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 3 default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 3 default-src 'self' *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3 self 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com apollo.investopedia.com apollo.local.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 2 allow 'self' 'self' https://lastpass.com wss://*.lastpass.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com ; img-src 'self' https://lastpass.com data: https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com https://a.company-target.com/ https://www07.clicktale.net/; object-src 'self' http://*.googlevideo.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; frame-src 'self' https://ssl.gstatic.com https://www.google.com https://www.youtube.com https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com; options inline-script eval-script; worker-src https://*.lastpass.com blob: 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellhealth.com *.qa.aws.verywellhealth.com apollo.verywellhealth.com apollo.local.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 2 frame-ancestors 'self' http://*.sharecare.com https://*.sharecare.com http://*.qualityhealth.com https://*.qualityhealth.com 2 frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfit.com *.qa.aws.verywellfit.com apollo.verywellfit.com apollo.local.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 2 default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2 default-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' v2.zopim.com data:; script-src 'self' www.google-analytics.com www.googletagmanager.com v2.zopim.com widget-mediator.zopim.com static.zdassets.com www.google.com www.gstatic.com ssl.gstatic.com www.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net www.bing.com bat.bing.com www.redditstatic.com; img-src 'self' www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net v2.zopim.com v2.zopim.io v2assets.zopim.io data: www.google.com www.gstatic.com ssl.gstatic.com www.bing.com bat.bing.com www.reddit.com alb.reddit.com; connect-src 'self' wss://v2.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://widget-mediator.zopim.com https://www.google-analytics.com https://ekr.zdassets.com wss://ekr.zdassets.com; frame-src v2.zopim.com www.google.com; media-src v2.zopim.com; frame-ancestors 'none' 2 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2 frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com; report-uri /report-csp-violation 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.byrdie.com *.qa.aws.byrdie.com apollo.byrdie.com apollo.local.byrdie.com atlas.byrdie.com atlas.local.byrdie.com 2 frame-ancestors https://www.maisonmargiela.com/ https://www.maisonmargiela.com/ ; 2 frame-ancestors 'self' intertops.eu www.intertops.eu sblp.intertops.eu sports.intertops.eu poker.intertops.eu casino.intertops.eu classic.intertops.eu lobby.intertops.eu:2072 account.intertops.eu 2 default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/ http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com 'unsafe-inline' 'unsafe-eval' data: blob: 2 frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2 default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; img-src 'self' https://anycast.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2 frame-ancestors 'self' zooniverse.org *.zooniverse.org webservices.crick.ac.uk CLVD0-WS-U-T-29.thecrick.org 2 default-src 'self' https://*.tv1.eu http://*.tv1.eu 2 default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2 frame-ancestors 'self' https://portal-interactiv.com *.iberostar.com *.olehotels.com icrs.visitus-inc.com *.iberostarpro.com *.iberostartheclub.com *.grandiberostar.com kayak.com webvisor.com *.wannabot.io 2 connect-src 'self' 2 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co https://rc.sageintacct.com; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://*.optimizely.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://forecast.io https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com www.bpost2.be bpaid.unfyd.com mediahuisassets.akamaized.net cdn.cxense.com scomcluster.cxense.com comcluster.cxense.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net privacyportal-de.onetrust.com cdn.cookielaw.org; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com track.bpost.cloud track.bpost.be; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net cdn.cookielaw.org; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com comcluster.cxense.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net cdn.cookielaw.org; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com bpaid.bpost.be track.bpost.cloud track.bpost.be; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com track.bpost.cloud track.bpost.be; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2 track.bpost.cloud track.bpost.be; report-uri /nl/report-csp-violation 2 frame-ancestors 'none'; connect-src 'self' *.google-analytics.com *.stripe.com *.braintreegateway.com *.braintree-api.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net www.google.com *.podium.com;; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.stripe.com *.braintreegateway.com *.chase.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com optimize.google.com maps.googleapis.com *.podium.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.fbsbx.com *.gravatar.com i0.wp.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com www.gstatic.com maps.gstatic.com *.doubleclick.net *.googletagmanager.com; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com optimize.google.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com *.chase.com www.facebook.com optimize.google.com connect.facebook.net www.google.com *.kaptcha.com 2 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2 frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://usagym.hqam6nre-liquidwebsites.com; 2 frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com medialead.de; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2 child-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://heapanalytics.com https://maps.googleapis.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com wss://*.hotjar.com https://*.cambridgesavings.com; default-src 'self' https://*.sigfig.com https://*.cambridgesavings.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com https://*.cambridgesavings.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com https://*.cambridgesavings.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com https://*.cambridgesavings.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com https://*.cambridgesavings.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com https://*.cambridgesavings.com; 2 parent-src none 2 frame-ancestors https://www.karl.com/ https://www.karl.com/ http://www.optimizely.com https://www.optimizely.com; 2 default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; 2 img-src 'self' https://*.museum.wales *.museum.wales https://museum.wales museum.wales https://amgueddfa.cymru amgueddfa.cymru https://www.google-analytics.com www.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://p.travelsmarter.net p.travelsmarter.net https://www.tripadvisor.co.uk www.tripadvisor.co.uk blob: data:; script-src 'self' https://museum.wales museum.wales https://*.museum.wales *.museum.wales https://amgueddfa.cymru amgueddfa.cymru https://unpkg.com unpkg.com https://www.youtube.com www.youtube.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://*.googleapis.com *.googleapis.com https://platform.twitter.com platform.twitter.com https://s.ytimg.com s.ytimg.com https://static.tacdn.com static.tacdn.com https://www.tripadvisor.com www.tripadvisor.com 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu; 2 frame-ancestors https://*.dondominio.com/ https://*.mrdomain.com; 2 default-src 'self'; font-src * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-inline'; style-src 'self' 'unsafe-inline' frame-src https://*.youtube.com/ https://*.oxy.com https://*.youtube-nocookie.com http://*.corporate-ir.net https://occidentalpetroleum.gcs-web.com 2 frame-ancestors 'self' https://twitter.com; 2 default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de *.google.com *.twitter.com *.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de cms.deutsche-digitale-bibliothek.de *.twimg.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de *.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com cms.deutsche-digitale-bibliothek.de; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self' cms.deutsche-digitale-bibliothek.de; connect-src *.akamaihd.net *.vimeo.com 'self' cms.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com *.fiz-karlsruhe.de; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de *.google.com *.twitter.com *.facebook.com *.youtube.com cms.deutsche-digitale-bibliothek.de; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de; 2 frame-ancestors 'self' *.force.com *.salesforce.com; 2 default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://static.ads-twitter.com/uwt.js https://s3.amazonaws.com/trk.cetrk.com/f/t.js https://tagmanager.google.com/ https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com http://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://tagmanager.google.com/debug/css.css https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2 frame-ancestors 'self' https://arcprod--prod.lightning.force.com/ 2 frame-ancestors 'self' ah4r.crm.dynamics.com 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer origin-when-cross-origin; 2 frame-ancestors 'self' localhost:* *.tason.com 2 ;frame-ancestors 'self' 2 frame-ancestors 'self' https://*.etracker.com 2 default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com *.whisbi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com blob: *.abtasty.com *.googleapis.com; object-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com; img-src * blob: data: optimize.google.com *.abtasty.com *.amazonaws.com *.cloudfront.net; media-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com *.whisbi.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com; connect-src 'self' *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com *.orange.be *.mousestats.com secure.comparecycle.com *.whisbi.com c.contentsquare.net *.abtasty.com; report-uri /admin/config/system/seckit/csp-report 2 default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2 frame-ancestors liveshareeast3.seismic.com huron.seismic.com 2 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2 frame-ancestors http://* 2 script-src * 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com jeffco.bibliocms.com *.jeffco.bibliocms.com https://jeffcolibrary.org jeffcolibrary.org *.jeffcolibrary.org; 2 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 2 frame-ancestors * 2 default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net ; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 2 default-src 'self' 'unsafe-inline' 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ; 2 frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 2 frame-ancestors 'self' https://www.bharatpetroleum.com https://*.bpcl.in 2 frame-ancestors 'self' https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com 2 default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; 2 img-src 'self'; 2 default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://c.go-mpulse.net https://s.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com https://*.youku.com; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 2 child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; 2 style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2 default-src 'self' script-src 'self' google-analytics.com 2 default-src https: 'unsafe-inline' 2 connect-src 'self' blob: 172.27.38.23:* *.usautoparts.com *.carparts.com localhost:* cdn.ampproject.org *.googleapis.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.tvpage.com *.youtube.com *.ytimg.com api.resellerratings.com api.trustpilot.com *.turnto.com polyfill.io amp-analytics.autopartswarehouse.com *.braintreegateway.com origin-analytics-sand.sandbox.braintree-api.com api.usautoparts.io api-bot.usautoparts.io api.carparts.io search.unbxd.io analytics-api.cloudinary.com res.cloudinary.com *.paypal.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com bam.nr-data.net *.getblueshift.com *.adnxs.com ctiapi.com api.edq.com static-na.payments-amazon.com payments-sandbox.amazon.com payments.amazon.com *.amazonpay.com *.auryc.com trc.taboola.com d.btttag.com shopper.shop.pe shop.pe api.turnto.com ws.turnto.com *.forter.com *.visa.com adservice.google.com *.doubleclick.net *.resellerratings.com *.amazon.com *.symantec.com *.buysafe.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.bizrate.com *.connexity.net *.usapcld.io *.facebook.com *.impactradius-event.com *.loggly.com *.uskn.net *.bouncex.net *.bounceexchange.com *.attentivemobile.com *.go-mpulse.net *.akstat.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* cdn.ampproject.org *.googleapis.com blob: deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.tvpage.com *.youtube.com *.ytimg.com api.resellerratings.com api.trustpilot.com *.usautoparts.com *.carparts.com polyfill.io *.cloudinary.com *.turnto.com www.paypalobjects.com pay.google.com *.paypal.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.getblueshift.com *.adnxs.com ctiapi.com api.edq.com apis.google.com static-na.payments-amazon.com payments-sandbox.amazon.com payments.amazon.com us.upsellit.com bat.bing.com *.auryc.com *.taboola.com carparts.btttag.com px.owneriq.net *.forter.com *.cloudfront.net cdn.attn.tv cdn.shop.pe shop.pe *.amazonaws.com shopper.shop.pe www.google.com www.gstatic.com *.visa.com adservice.google.com *.doubleclick.net *.bounceexchange.com *.resellerratings.com *.cnnx.io connect.facebook.net *.amazon.com *.symantec.com *.buysafe.com *.googleadservices.com *.aexp-static.com *.mastercard.com *.bizrate.com *.connexity.net www.googletagservices.com *.usapcld.io *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.impactradius-event.com *.loggly.com *.uskn.net *.go-mpulse.net; style-src 'self' *.googleapis.com 'unsafe-inline' data: deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.turnto.com tagmanager.google.com ctiapi.com cdn.shop.pe addstrap-ui.addshoppers.com cdnjs.cloudflare.com *.resellerratings.com *.symantec.com *.buysafe.com *.facebook.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: *.turnto.com tagmanager.google.com cdnjs.cloudflare.com cdn.shop.pe *.symantec.com *.buysafe.com *.facebook.com; img-src 'self' *.apwcontent.com images.apw21.com *.cpsimg.com data: blob: *.ytimg.com *.autopartswarehouse.com *.tvpage.com res.cloudinary.com cld.partsimg.com *.gstatic.com www.google-analytics.com *.carparts.com *.paypal.com staging2-cp.staticomp.com *.amazonaws.com www.youtube.com ctiapi.com *.turnto.com payments-sandbox.amazon.com payments.amazon.com wac.edgecastcdn.net images-na.ssl-images-amazon.com *.cloudfront.net bat.bing.com px.owneriq.net events.attentivemobile.com stats.g.doubleclick.net *.getblueshift.com *.adnxs.com *.doubleclick.net *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.visa.com *.bouncex.net *.bounceexchange.com *.resellerratings.com *.googletagmanager.com *.bizrate.com *.connexity.net *.symantec.com *.buysafe.com *.online-metrix.net images.bizrateinsights.com *.facebook.com *.impactradius-event.com *.loggly.com; frame-src *.youtube.com *.braintreegateway.com tst.kaptcha.com www.googletagmanager.com pay.google.com *.paypal.com www.sandbox.paypal.com *.googleapis.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.ytimg.com *.tvpage.com www.cartlink.net iframe.coverking.com *.turnto.com www.google.com static-na.payments-amazon.com payments-sandbox.amazon.com payments.amazon.com *.dotomi.com px.owneriq.net carparts.attn.tv *.visa.com *.doubleclick.net *.bounceexchange.com *.amazon.com *.symantec.com *.buysafe.com *.mastercard.com *.americanexpress.com *.online-metrix.net *.paypalobjects.com *.googlesyndication.com *.creativecdn.com *.facebook.com *.impactradius-event.com; frame-ancestors 'self' *.youtube.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.ytimg.com *.tvpage.com *.turnto.com *.symantec.com *.buysafe.com; child-src 'self' *.youtube.com pay.google.com *.googleapis.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.ytimg.com *.tvpage.com *.turnto.com *.symantec.com *.buysafe.com; worker-src 'self' blob: 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com *.cdn.rawgit.com https://cdn.rawgit.com https://snap.licdn.com https://p.adsymptotic.com http://bat.bing.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ https://apps.kaonadn.net http://4560310.fls.doubleclick.net; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2 default-src 'self'; connect-src https:; font-src 'self' data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2 script-src 'self' https://*.wistia.com https://embedwistia-a.akamaihd.net blob: https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2 default-src 'unsafe-inline' https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self' https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2 default-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.clickdimensions.com *.vo.msecnd.net 2 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/iframe_api https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 2 default-src 'self'; block-all-mixed-content; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com/; img-src 'self' self data: 'unsafe-inline' 'unsafe-eval' https://pbs.twimg.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri /nelmio/csp/report 2 reflected-xss 'block' 2 default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2 upgrade-insecure-requests; form-action: http://go.aclara.com/*; 2 style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ https://www.googletagmanager.com/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://identityserver.local:44301/; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com https://connect.facebook.net *.google.com https://www.gstatic.com https://cdn.rawgit.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com *.google.com; img-src 'self' http://*.visitlimburg.be *.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://*.easygis.eu/ https://*.mailchimp.com *.ogone.com *.facebook.com; media-src 'self'; frame-src 'self' https://*.hotjar.com https://*.youtube.com http://plugin.routeyou.com *.joomag.com *.resengo.com *.google.com *.ogone.com *.wlp-acs.com *.wandeleninlimburg.be *.limburg.be; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://api.easygis.eu; connect-src 'self' https://public.easygis.eu; report-uri /report-csp-violation 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2 allow 'self'; media-src *; img-src *; script-src *; style-src *; 2 default-src https://www.regionorebrolan.se:443;script-src *.google.com ssl.google-analytics.com ssl.webserviceaward.com *.orebroll.se www.regionorebrolan.se https://js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline' ssl.webserviceaward.com;img-src *.orebroll.se ssl.google-analytics.com ssl.webserviceaward.com www.regionorebrolan.se 'self' data:;media-src rstts.readspeaker.com app.readspeaker.com streamio.com;frame-src *.youtube.com app.readspeaker.com rstts.readspeaker.com media.readspeaker.com www.regionorebrolan.se https://streamio.com;connect-src rstts.readspeaker.com;report-uri https://www.regionorebrolan.se/csp-report 2 default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2 child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com sdk.companywebcast.com livestream.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com sdk.companywebcast.com livestream.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; 2 frame-ancestors 'self' piwik.betaalvereniging.nl; 2 default-src 'self' *.googlesyndication.com; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.lifewire.com *.qa.aws.lifewire.com apollo.lifewire.com apollo.local.lifewire.com atlas.lifewire.com atlas.local.lifewire.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalance.com *.qa.aws.thebalance.com apollo.thebalance.com apollo.local.thebalance.com atlas.thebalance.com atlas.local.thebalance.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thoughtco.com *.qa.aws.thoughtco.com apollo.thoughtco.com apollo.local.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancecareers.com *.qa.aws.thebalancecareers.com apollo.thebalancecareers.com apollo.local.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruce.com *.qa.aws.thespruce.com apollo.thespruce.com apollo.local.thespruce.com atlas.thespruce.com atlas.local.thespruce.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' *.algolia.net *.algolianet.com; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https: data: http://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancesmb.com *.qa.aws.thebalancesmb.com apollo.thebalancesmb.com apollo.local.thebalancesmb.com atlas.thebalancesmb.com atlas.local.thebalancesmb.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.tripsavvy.com *.qa.aws.tripsavvy.com apollo.tripsavvy.com apollo.local.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1 policy-uri /parivahan/'self' 1 child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-int.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com *.servenobid.com sdk.streamrail.com api.vidiom.net *.streamrail.net *.spotxchange.com *.advertising.com *.yieldoptimizer.com *.doubleclick.net *.buysellads.net *.1rx.io *.rtb-seller.com; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com *.hwcdn.net *.acuityplatform.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellmind.com *.qa.aws.verywellmind.com apollo.verywellmind.com apollo.local.verywellmind.com atlas.verywellmind.com atlas.local.verywellmind.com https://specials.verywellmind.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruceeats.com *.qa.aws.thespruceeats.com apollo.thespruceeats.com apollo.local.thespruceeats.com atlas.thespruceeats.com atlas.local.thespruceeats.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.liveabout.com *.qa.aws.liveabout.com apollo.liveabout.com apollo.local.liveabout.com atlas.liveabout.com atlas.local.liveabout.com 1 frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' * 1 allow 'self' http://*.googlesyndication.com https://*.googlesyndication.com; options inline-script eval-script; img-src *; script-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com http://*.googlesyndication.com http://*.doubleclick.net https://*.simplemachines.org https://*.simplemachinesweb.com https://*.googlesyndication.com https://*.doubleclick.net; style-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com https://*.simplemachines.org https://*.simplemachinesweb.com; frame-ancestors none; 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 1 frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 1 default-src 'self' blob:; img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com; connect-src 'self' optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com; child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 1 frame-ancestors http://*.fgv.br https://*.fgv.br 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfamily.com *.qa.aws.verywellfamily.com apollo.verywellfamily.com apollo.local.verywellfamily.com atlas.verywellfamily.com atlas.local.verywellfamily.com https://specials.verywellfamily.com 1 default-src 'self' *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.euro-area-statistics.org *.ims-cms.net data: ; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucecrafts.com *.qa.aws.thesprucecrafts.com apollo.thesprucecrafts.com apollo.local.thesprucecrafts.com atlas.thesprucecrafts.com atlas.local.thesprucecrafts.com 1 default-src data: https: 'unsafe-inline'; frame-ancestors 'none' 1 default-src 'self' static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob: *.avm.de;frame-ancestors 'self' 1 self *.24hourfitness.com 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors *; form-action *; reflected-xss block; upgrade-insecure-requests; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: www.booking.com *.holland.com *.bstatic.com blob: *.mailplus.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: cdn.blueconic.net *.holland.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com *.google-analytics.com www.booking.com *.crowdriff.com *.bstatic.com blob:; connect-src https: wss: *.hotjar.com; img-src 'self' data: *.leisure-group.net *.holland.com *.bstatic.com blob: *.cloudfront.net *.google-analytics.com tag.yieldoptimizer.com www.googletagmanager.com img.youtube.com secure.adnxs.com *.doubleclick.net www.facebook.com idsync.ricdn.com *.blueconic.com *.twimg.com *.twitter.com script.hotjar.com *.blueconic.net *.google.com; 1 frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1 frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com; 1 frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com 1 frame-ancestors 'self' *.iza.org; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucepets.com *.qa.aws.thesprucepets.com apollo.thesprucepets.com apollo.local.thesprucepets.com atlas.thesprucepets.com atlas.local.thesprucepets.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.learnreligions.com *.qa.aws.learnreligions.com apollo.learnreligions.com apollo.local.learnreligions.com atlas.learnreligions.com atlas.local.learnreligions.com 1 frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1 block-all-mixed-content; upgrade-insecure-requests 1 default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1 frame-ancestors 'self' bcit.ca *.bcit.ca 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1 frame-ancestors 'self' *.charbroil.com 1 frame-ancestors 'self' https://scstatehouse.gov http://scstatehouse.gov https://*.scstatehouse.gov http://*.scstatehouse.gov https://*.schouse.gov http://*.schouse.gov https://*.scsenate.gov http://*.scsenate.gov; 1 default-src * 'unsafe-inline' 'unsafe-eval' ; worker-src blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1 frame-ancestors 'self' https://*.hapara.com/ 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com/ https://dl.episerver.net/ https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://rum-static.pingdom.net https://maps.googleapis.com https://googleads.g.doubleclick.net https://8316073.fls.doubleclick.net https://www.googleadservices.com https://tagmanager.google.com https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://js.hs-scripts.com https://js.hs-analytics.net https://snap.licdn.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://static.ads-twitter.com https://az416426.vo.msecnd.net https://static.hotjar.com https://connect.facebook.net https://bat.bing.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://dl.episerver.net/ https://fonts.googleapis.com https://tagmanager.google.com https://js.hs-scripts.com https://js.hs-analytics.net https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://snap.licdn.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://static.ads-twitter.com https://az416426.vo.msecnd.net https://static.hotjar.com https://connect.facebook.net https://bat.bing.com https://cdn.cookielaw.org https://8316073.fls.doubleclick.net 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com cache.bureauveritas.com pr.globenewswire.com www.globenewswire.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 1 default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1 frame-ancestors https://www.armaniexchange.com/ https://www.armaniexchange.com/ ; 1 frame-src *.deutschland-machts-effizient.de 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalanceeveryday.com *.qa.aws.thebalanceeveryday.com apollo.thebalanceeveryday.com apollo.local.thebalanceeveryday.com atlas.thebalanceeveryday.com atlas.local.thebalanceeveryday.com 1 default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com https://fast.appcues.com https://js.getuserflow.com/; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com https://vulpix.appcues.com https://res.cloudinary.com https://twemoji.maxcdn.com https://fast.appcues.com https://api.appcues.net wss://api.appcues.net https://vulpix.appcues.com https://appcues-content-api-prod.herokuapp.com https://nh436jpc4i.execute-api.us-west-2.amazonaws.com https://104cl9psz3.execute-api.us-west-2.amazonaws.com https://appcues-quickstart.s3-us-west-2.amazonaws.com https://*.firebase.com wss://*.firebaseio.com https://*.firebaseio.com https://js.getuserflow.com/ https://storage.googleapis.com/studio1-prod-blob/; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com https://e.getuserflow.com/ wss://e.getuserflow.com/; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com https://my.appcues.com https://*.firebaseio.com; script-src 'self' static.integromat.com www.google-analytics.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com https://fast.appcues.com https://my.appcues.com https://cdn.firebase.com https://*.firebaseio.com https://appcues-quickstart.s3-us-west-2.amazonaws.com https://js.getuserflow.com/; object-src 'self' static.integromat.com; media-src 'self' static.integromat.com https://storage.googleapis.com/studio1-prod-blob/ 1 default-src 'self' https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://translate.google.com https://cdn.syndication.twimg.com/ https://docs.google.com https://www.jobapscloud.com https://bam.nr-data.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.floridadisaster.org https://*.windows.net https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://translate.google.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.surveymonkey.com; style-src 'unsafe-inline' *; img-src 'self' data: https: https://*.google-analytics.com http://www.tampagov.net; frame-src 'self' https://*.tampagov.net https://www.youtube.com https://*.google.com https://spark.adobe.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://*.vimeo.com/; child-src 'self' https://*.tampagov.net https://www.youtube.com https://*.google.com https://spark.adobe.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com; font-src 'self' data: https: ; report-uri /report-csp-violation 1 frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.campsaver.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com s.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org piwik.itzbund.de; 1 font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de; 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 img-src *; 1 report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' https://*.head.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com chicago.bibliocms.com *.chicago.bibliocms.com https://chicago.bibliocms.com chicago.bibliocms.com *.chicago.bibliocms.com; 1 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1 default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce 1 frame-ancestors https://*.settour.com.tw; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com bpl.bibliocms.com *.bpl.bibliocms.com https://www.bpl.org www.bpl.org *.www.bpl.org; 1 default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1 default-src 'self' 'unsafe-inline' *.jsdelivr.net *.twitter.com *.clicktale.net *.hotjar.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.syndication.twimg.com siteimproveanalytics.com *.hotjar.io *.googletagmanager.com *.google.com *.ipaustralia.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.ipaustralia.gov.au *.googleapis.com *.gstatic.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.clicktale.net *.hotjar.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.syndication.twimg.com siteimproveanalytics.com *.hotjar.io *.googletagmanager.com *.google.com *.ipaustralia.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.ipaustralia.gov.au *.googleapis.com *.webspellchecker.net *.gstatic.com; object-src 'none'; style-src 'self' * 'unsafe-inline' ; img-src * 'unsafe-inline' data: ; frame-ancestors 'self' https://www.ipaustralia.gov.au https://services.ipaustralia.gov.au *.ipaustralia.gov.au *.twitter.com *.hotjar.com *.youtube.com *.inq.com ipaustralia.inq.com https://media-aus.inq.com https://ipaustralia.inq.com; font-src 'self' * 'unsafe-inline' ; connect-src 'self' * 'unsafe-inline' ; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://avd.innity.com https://aw.dw.impact-ad.jp https://ssl-avd.innity.net https://as.innity.com https://cdn.innity.net https://sgp-spvapro-01.teleperformanceusa.com https://cdnjs.cloudflare.com https://avd.innity.net http://ajax.googleapis.com https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://singpost.widget.custhelp.com https://fonts.googleapis.com https://google.com https://www.rnengage.com https://maps.googleapis.com https://snap.licdn.com https://www.google-analytics.com https://px.ads.linkedin.com https://developers.google.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com http://www.google-analytics.com http://singpost.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com http://singpost.widget.custhelp.com https://www.linkedin.com; img-src 'self' https://p.adsymptotic.com https://px.ads.linkedin.com https://optimize.innity.com https://avd.innity.com https://ib.adnxs.com http://www.google-analytics.com http://www.specommerce.com.s3.amazonaws.com http://d2vqszxem296au.cloudfront.net https://www.mysam.sg https://stats.g.doubleclick.net http://cdn.feedbackify.com http://s3.amazonaws.com https://maps.gstatic.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://maps.googleapis.com http://www.w3.org data: http://cx.atdmt.com https://www.linkedin.com https://www.googletagmanager.com; frame-src 'self' https://www.facebook.com https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com http://www.google-analytics.com https://fonts.gstatic.com; connect-src 'self' http://www.google-analytics.com https://maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sharethis.com *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.newrelic.com secure-ds.serving-sys.com *.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com stats.g.doubleclick.net *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com *.doubleclick.net static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.brightcove.com *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com *.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com ajax.googleapis.com *.serving-sys.com *.twimg.com *.gm *.sharethis.com *.pages05.net *.googletagmanager.com *.google-analytics.com *.ubembed.com *.brightcove.com *.gstatic.com *.google.com *.brightcove.net *.serving-sys.com *.googleadservices.com secure-ds.serving-sys.com stats.g.doubleclick.net *.demandbase.com *.userzoom.com googleads.g.doubleclick.net vjs.zencdn.net *.facebook.net *.cloudflare.com; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors https://www.dsquared2.com/ https://www.dsquared2.com/ ; 1 frame-ancestors https://*.mybigcommerce.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com; report-uri //report-csp-violation 1 upgrade-insecure-requests;,frame-ancestors 'self' https://*.optimizely.com https://optimizely.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.aboutespanol.com *.qa.aws.aboutespanol.com apollo.aboutespanol.com apollo.local.aboutespanol.com atlas.aboutespanol.com atlas.local.aboutespanol.com 1 allow 'self'; options inline-script; img-src 'self' data: 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com kcls.bibliocms.com *.kcls.bibliocms.com https://kcls.bibliocms.com kcls.bibliocms.com *.kcls.bibliocms.com; 1 frame-ancestors https://www.marni.com/ https://www.marni.com/ https://www.optimizely.com; 1 default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat2.nic.cz https://test-ipv6.nic.cz https://*.test-ipv6.nic.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.test-ipv6.nic.cz https://*.labs.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://csp.nic.cz/report/ 1 frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org https://360.articulate.com https://articulateusercontent.com https://sj-cdn.net 1 default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension:; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net 1 frame-ancestors 'self' https://www.mapmyfitness.com https://www.mapmyrun.com https://www.mapmyride.com https://www.mapmywalk.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de; frame-ancestors 'self' https://analytics.spd.de; default-src 'self'; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de; connect-src 'self' https://altruja.de https://dataservices.spd.de; object-src 'self' data:; media-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de; 1 default-src 'self'; script-src 'self' *.boost.ai *.episerver.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com'unsafe-inline'; connect-src 'self' https://*.boost.ai https://chat.puzzel.com wss:;form-action 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' data: www.google-analytics.com *.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://mts.googleapis.com https://dl.episerver.net; object-src 'self'; frame-ancestors 'self'; frame-src https: 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com data: *.motel-one.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com *.fbcdn.net image.motel-one.com squarelovin.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu; 1 default-src c.wgr.de 'self'; script-src c.wgr.de https://track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de https://track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://secure.schulbuchzentrum-online.de https://track.westermann.de 'self'; report-uri /backend/csp 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1 frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 1 default-src 'self';font-src 'self' fonts.gstatic.com;connect-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz www.google.com;form-action 'self';frame-src 'self' www.youtube.com www.facebook.com;child-src 'self' www.youtube.com www.facebook.com;frame-ancestors 'self';img-src 'self' data: blob: www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'self' 1 frame-ancestors tags.tiqcdn.com survey.hlb.com.my www.hlb.com.my apps.facebook.com www.facebook.com *.vivocha.com *.youtube.com *.facebook.com staticxx.facebook.com www.googletagmanager.com gateway.hlb.com.my www.ecloan.com.my aem-preprod.hlb.com.my aem-preprod.hlisb.com.my www.hlisb.com.my https://www.google.com www.google.com optimize.google.com hongleongbank.sc.omtrdc.net dpm.demdex.net 1 frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1 frame-ancestors http://*.yahoosmallbusiness.com 1 default-src 'self' api.openbank.es; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com track.adform.net *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt https://maps.googleapis.com simuladores-pre.afi.es simuladores.afi.es *.mateti.net *.nr-data.net https://browseranalytic.com https://www.google.com *.gstatic.com https://tags.tiqcdn.com *.google-analytics.com *.tealiumiq.com https://tealium.hs.llnwd.net https://*.g.doubleclick.net *.amazonaws.com *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://js-agent.newrelic.com *.googletagmanager.com *.wbtrk.net *.we-stats.com static.browseranalytic.com optimize.google.com bat.bing.com blob:; style-src 'self' 'unsafe-inline' optimize.google.com https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt api-ob.nd.nudatasecurity.com https://maxcdn.bootstrapcdn.com; img-src 'self' px.ads.linkedin.com track.adform.net www.financeads.net fbc.wcfbc.net t.teads.tv data: 'unsafe-inline' *.amazonaws.com *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.mateti.net data: *.google-analytics.com *.doubleclick.net *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt *.google.com *.google.es *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com https://aax-eu.amazon-adsystem.com https://openbanktest01.wt-eu02.net https://openbanklive01.wt-eu02.net https://fbc.wcfbc.net; media-src 'self' 'unsafe-inline' *.amazonaws.com *.openbank.es *.youtube.com; frame-src 'self' optimize.google.com https://www.google.com *.gstatic.com *.youtube.com simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es *.clientes.openbank.es *.mateti.net blob:; child-src https://www.google.com *.gstatic.com *.youtube.com simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es *.clientes.openbank.es *.mateti.net blob: api.openbank.es; font-src 'self' *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt maxcdn.bootstrapcdn.com data: https://fonts.gstatic.com *.openbankwealth.com api-ob.nd.nudatasecurity.com maxcdn.bootstrapcdn.com; connect-src www.google-analytics.com *.openbank.es *.nr-data.net *.we-stats.com *.mateti.net *.tealiumiq.com api-ob.nd.nudatasecurity.com decollector.tealeaf.ibmcloud.com op.browseranalytic.com api.openbank.es; frame-ancestors 'self' *.openbank.de *.openbank.nl *.openbank.pt *.openbank.es api.paycomet.com https://www.paytpv.com; object-src 'self' api.openbank.es 1 frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1 default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.twyn.com https://api.visitlead.com https://cis.fhstp.ac.at https://rest.visitlead.com https://stats.g.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://*.twyn.com https://app.visitlead.com https://cdn.twyn-group.com https://www.filmspektakel.at; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://*.twyn.com https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at; 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.dvor.com 1 default-src 'self' blob:; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.metartnetwork.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 1 frame-ancestors https://www.coolinarika.com 1 default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com js.hs-analytics.net static.hotjar.com cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com js.braintreegateway.com assets.braintreegateway.com www.google.com *.hotjar.com www.google-analytics.com *.vo.msecnd.net dc.services.visualstudio.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com *.fotorama.io adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net assets.braintreegateway.com *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net media.licdn.com; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com assets.braintreegateway.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net *.hotjar.com; font-src * https: data:; 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline' http://pbs.twimg.com; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com jobs.nga.net.au; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au jobs.nga.net.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline' jobs.nga.net.au; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; connect-src 'self' https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.issuu.com https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.doubleclick.net https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.amegybank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1 default-src https: 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors 'self' piwik.currence.nl; 1 default-src 'self'; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 default-src 'self'; script-src 'self' v1.addthisedge.com munchkin.marketo.net qoo.ly use.fontawesome.com www.austinregionalclinic.com mychart.austinregionalclinic.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' rawgithub.com blob: www.youtube.com *.linkedin.com ajax.aspnetcdn.com cdn.syndication.twimg.com sjs.bizographics.com connect.facebook.net use.typekit.net maxcdn.bootstrapcdn.com arc.mymedicalme.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.twitter.com m.addthisedge.com *.addthis.com hummsystems.appspot.com; style-src 'self' use.fontawesome.com mychart.austinregionalclinic.com 'unsafe-inline' www.youtube.com platform.twitter.com *.addthis.com *.googleapis.com maxcdn.bootstrapcdn.com arc.mymedicalme.com stats.g.doubleclick.net ton.twimg.com blob:; font-src 'self' use.fontawesome.com use.typekit.net maxcdn.bootstrapcdn.com fonts.gstatic.com g.static.com; img-src 'self' qoo.ly stats.g.doubleclick.net data: *.googlecode.com p.typekit.net i.ytimg.com *.gstatic.com *.google.com www.google-analytics.com *.googleapis.com www.facebook.com *.twitter.com *.twimg.com ajax.aspnetcdn.com match.adsrvr.com; object-src 'self'; frame-src 'self' mychart.austinregionalclinic.com www.youtube.com *.addthis.com *.twitter.com arcwebsecure.com arc.mymedicalme.com www.google.com maps.google.com; connect-src 'self' m.addthis.com stats.g.doubleclick.net hummsystems.appspot.com blob:; 1 default-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io *.googletagmanager.com *.google.com *.casa.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.casa.gov.au *.googleapis.com *.gstatic.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.hotjar.io *.googletagmanager.com *.google.com *.casa.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.casa.gov.au *.googleapis.com *.webspellchecker.net *.gstatic.com; object-src 'none'; style-src 'self' * 'unsafe-inline' ; img-src * 'unsafe-inline' data:; frame-ancestors 'self' https://chat.casa.gov.au https://www.casa.gov.au *.hotjar.com *.youtube.com *.inq.com casa.inq.com https://media-aus.inq.com https://casa.inq.com; font-src 'self' * 'unsafe-inline' ; connect-src 'self' * 'unsafe-inline' ; report-uri /report-csp-violation 1 default-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1 frame-ancestors 'self' eon.de *.eon.de 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; child-src 'self' *; font-src 'self' *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kalibrr.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1 default-src 'self' http: https: pages.addigy.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http://sjrtp4-cdn.marketo.com http://munchkin.marketo.net http://sjrtp4-cdn.marketo.com http: https: pages.addigy.com; img-src 'self' https://app-dev.addigy.com https://app-prod.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com http://bat.bing.com http://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://secure.gravatar.com http: https: *.gravatar.com data:; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com data:; 1 default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com; 1 default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com *.adsrvr.org *.ads-twitter.com *.bamboohr.com *.cmgdigital.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jeffersoncms.org *.livestream.com *.marchex.io *.scribd.com *.serving-sys.com *.sharethis.com *.slideshare.net *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.youtube.com *.yudu.com gis.fema.gov http://kff.org http://oig.hhs.gov http://rocket.nwood-kensett.k12.ia.us http://www.ncbi.nlm.nih.gov https://badge.facebook.com https://block.opendns.com https://capwiz.com https://cdn.tinymce.com https://centro.pixel.ad https://clickserv.pixel.ad https://clickserv.sitescout.com https://connect.facebook.net https://cqrcengage.com https://data.healthcare.gov https://dpm.demedex.net https://feedburner.google.com https://fonts.googleapis.com https://fusiontables.googleusercontent.com https://googleads.g.doubleclick.net https://hootsuite.com https://insight.adsrvr.org https://js.adsrvr.org https://match.adsrvr.org https://pixel.sitescout.com https://platform.twitter.com https://player.vimeo.com https://servedbyadbutler.com https://static.addtoany.com https://stats.g.doubleclick.net https://storify.com https://syndication.twitter.com https://t.co https://tags.bluekai.com https://texmed.medbuzz.com https://tma.custhelp.com https://uip.semasio.net https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.paypalobjects.com https://www.youtube.com pixel-geo.prfct.co public.slidesharecdn.com tag.marinsm.com tagmanager.google.com www.cms.gov www.powr.io *.votervoice.net *.quantserve.com *.quantcount.com *.wakelet.com adbutler-fermion.com https://livestream.com https://vimeo.com wss: *.texmed.org *.nnihcm.org *.infogram.com *.poll-maker.com *.qualtrics.com *.hsforms.net *.hsforms.com https://ql.tc 1 img-src https://* data:; script-src https://* 'unsafe-eval' 'unsafe-inline'; frame-src https://*; report-uri /stats/csp-reports 1 default-src 'self'; connect-src 'self' https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com; font-src 'self' https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://fonts.googleapis.com; frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com; img-src 'self' data: assetfiles.com *.pbwstatic.com www.google-analytics.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net; style-src 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://fonts.googleapis.com 1 frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1 default-src 'self'; connect-src 'self' http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.google.com; script-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.cludo.com https://*.adsrvr.org https://connect.facebook.net https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org; img-src 'self' data: https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.facebook.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org; media-src 'self' data:; frame-src 'self' https://*.nsbank.com https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1 default-src 'self' http: https: www.krebshilfe.de; img-src 'self' data: http: https: www.krebshilfe.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: www.krebshilfe.de; style-src 'self' 'unsafe-inline' http: https: www.krebshilfe.de; font-src 'self' data: http: https: www.krebshilfe.de; 1 frame-ancestors 'self' https://*.advisorservices.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com 1 upgrade-insecure-requests; default-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.yoshki.com https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com; style-src 'self' data: 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com; img-src * 'self' data:; font-src 'self' data: https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com; frame-src 'self' https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.nsandi.com nsandi.com https://img.youtube.com img.youtube.com https://img.youtube.com https://www.youtube.com www.youtube.com youtube.com js-agent.newrelic.com bam.nr-data.net hm.webtrends.com https://hm.webtrends.com s.webtrends.com nsandi.klick2contact.com statse.webtrendslive.com cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com https://track.adform.net https://track.adform.net https://c1.adform.net/ c1.adform.net https://google.com https://www.google.com https://nsandi.klick2contact.com/ https://nsandihowdidwedo.eu.qualtrics.com/ errors.client.optimizely.com https://tapi.optimizely.com https://www.gov.uk c.oracleinfinity.io dc.oracleinfinity.io;; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.nsandi.com nsandi.com https://img.youtube.com img.youtube.com youtube.com js-agent.newrelic.com bam.nr-data.net hm.webtrends.com https://hm.webtrends.com s.webtrends.com https://nsandi.klick2contact.com nsandi.klick2contact.com statse.webtrendslive.com https://cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://track.adform.net https://c1.adform.net c.oracleinfinity.io dc.oracleinfinity.io;; object-src 'self'; img-src 'self' data: https://statse.webtrendslive.com https://nsandi.klick2contact.com https://server.seadform.net https://hm.webtrends.com https://cdn.optimizely.com c.oracleinfinity.io dc.oracleinfinity.io;; report-uri /csp/csp-report 1 default-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com https://www.ims-cms.net; script-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com https://www.ims-cms.net 1 default-src 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com https://*.fontawesome.com https://*.customsearch.ai;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1 default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1 allow *; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://www.google.com https://www.google-analytics.com/analytics.js data: https://www.youtube.com https://www.google-analytics.com https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://js-agent.newrelic.com https://ajax.cloudflare.com https://unpkg.com https://maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1 default-src https: 'self' https://*.googleusercontent.com wss://inspectletws.herokuapp.com https://cdn.inspectlet.com https://mijn.mkbservicedesk.nl https://app.readspeaker.com https://*.googleapis.com https://*.chkmkt.com wss://ws1.hotjar.com; script-src https: 'self' 'unsafe-inline'; style-src 'self' https://* 'unsafe-inline'; img-src 'self' https://shared.piwik.prisma-it.com https://veiliginternetten.nl data: 1 default-src 'self'; child-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.google.com *.google.gr; frame-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.youtube.com *.google.com *.google.gr *.paypal.com *.paymentwall.com; connect-src 'self' *:888; font-src 'self' data:; form-action 'self' store.payproglobal.com secure.avangate.com; frame-ancestors 'self'; img-src 'self' trust.zone data: *.google.com *.google.gr *.trustzoneurl.com trustzonepost.xyz *.g.doubleclick.net *.facebook.com syndication.twitter.com seal.digicert.com www.google-analytics.com *.cartocdn.com *.paypalobjects.com; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustzoneurl.com google.com a.trust.zone platform.twitter.com connect.facebook.net www.gstatic.com www.googleadservices.com *.google-analytics.com seal.digicert.com *.paypalobjects.com *.paypal.com paypal.com; report-uri https://trust.zone/_csp_log 1 frame-ancestors 'self' https://*.divessi.com https://*.head-test.com 1 upgrade-insecure-requests; frame-ancestors zismo.biz 1 default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com; img-src 'self' scontent.cdninstagram.com scontent.xx.fbcdn.net www.facebook.com syndication.twitter.com www.google-analytics.com i.ytimg.com https://external.xx.fbcdn.net data: https://chart.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com *.juicer.io *.google.com *.imgur.com app.icontact.com *.formstack.com ; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io *.formstack.com app.icontact.com; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://antispamcloud.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' analytics.monkeytracker.cz *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com https://googleads.g.doubleclick.net;form-action 'self';frame-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz www.google.com 1 default-src 'self'; media-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com res.cloudinary.com; frame-ancestors 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com res.cloudinary.com *.richrelevance.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.pingdom.net *.facebook.com connect.facebook.net *.twitter.com *.google.com *.jobylon.com *.abtasty.com *.veinteractive.com www.nordicchoicehotels.com extads.net m.addthisedge.com m.addthis.com s7.addthis.com assets.juicer.io *.cloudfront.net track.adform.net *.fls.doubleclick.net nowinteract-nowinteractnordi.netdna-ssl.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io ve1storasstst.blob.core.windows.net *.zdassets.com cdnjs.cloudflare.com www.sj.se adtr.io *.hotjar.com 'unsafe-eval' quiz.millionmind.com snap.licdn.com px.ads.linkedin.com www.linkedin.com *.wisepops.com chimpstatic.com; connect-src 'self' wss://*.coop.se:* wss://*.kf.local:* emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.veinteractive.com *.abtasty.com ve1appseventssb.servicebus.windows.net apil1.spinnaker-js.com m.addthis.com s7.addthis.com www.juicer.io assets.juicer.io *.108proxy.se *.54proxy.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.facebook.com connect.facebook.net *.zdassets.com cdnjs.cloudflare.com *.richrelevance.com api.coop.se *.hotjar.com:* wss://*.hotjar.com track.adtraction.com popup.wisepops.com tracking.wisepops.com vc.hotjar.io; style-src 'self' 'unsafe-inline' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.abtasty.com *.pingdom.net *.veinteractive.com assets.juicer.io tagmanager.google.com fonts.googleapis.com optimize.google.com *.easyresearch.se *.zendesk.com *.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com; img-src 'self' data: *.jobylon.com *.pingdom.net *.zendesk.com *.abtasty.com *.gstatic.com api.hitta.se scontent.cdninstagram.com www.google.com www.google.se *.google-analytics.com *.googletagmanager.com tagmanager.google.com res.cloudinary.com *.cloudfront.net *.facebook.com stats.g.doubleclick.net track.adform.net *.fls.doubleclick.net *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.googleapis.com assets.juicer.io scontent.cdninstagram.com *.hotjar.com *.ggpht.com track.adtraction.com drs2.veinteractive.com app.wisepops.com cx.atdmt.com; font-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com static.juicer.io fonts.gstatic.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com *.hotjar.com; frame-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.veinteractive.com accounts.google.com optimize.google.com *.flysas.com app.ecoonline.com www.nordicchoicehotels.com recruit.visma.com www.recruit.visma.com www.aditrorecruit.com *.twitter.com www.youtube.com *.facebook.com c1.adform.net s7.addthis.com track.adform.net *.fls.doubleclick.net *.easyresearch.se *.abtasty.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io www.google.com ve1storasstst.blob.core.windows.net *.veinteractive.com *.zdassets.com cdnjs.cloudflare.com www.sj.se *.hotjar.com *.tradedoubler.com quiz.millionmind.com payment.medmera.se; base-uri 'self' *.coop.se *.kf.local optimize.google.com; report-uri https://coop.report-uri.io/r/default/csp/enforce 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1 default-src https://use.typekit.net 'self';script-src 'self' https://use.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://st.getsitecontrol.com https://widgets.getsitecontrol.com 'unsafe-eval' 'unsafe-inline';connect-src 'self';img-src 'self' https://ssl.gstatic.com https://www.gravatar.com https://www.google-analytics.com https://my.webhosting.be data: 'unsafe-inline';style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline';object-src 'none';font-src 'self' https://fonts.gstatic.com data:;frame-ancestors http://localhost:* https://localhost:* https://my.webhosting.be;sandbox allow-forms allow-same-origin allow-scripts allow-popups;base-uri 'self';upgrade-insecure-requests; 1 unsafe-inline 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: * ; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 frame-src 'self' http://*.lib.uiowa.edu https://*.lib.uiowa.edu 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-eval'; style-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-inline'; frame-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com; font-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; img-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; 1 frame-ancestors https://*.mozio.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com lvccld.bibliocms.com *.lvccld.bibliocms.com https://lvccld.org lvccld.org *.lvccld.org; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data:*; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' http://*.amazonaws.com:* https://*.amazonaws.com:*; frame-src 'self' 'unsafe-inline' * blob:*; frame-ancestors 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' * blob:* blob:; font-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 1 default-src 'self' *.google-analytics.com *.newrelic.com stats.g.doubleclick.net *.googleapis.com *.tbe.taleo.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.twitter.com *.googleapis.com static.addtoany.com *.disqus.com *.youtube.com *.gstatic.com *.disquscdn.com *.mollom.com *.hostedpci.com bam.nr-data.net maps.google.com *.tbe.taleo.net *.licdn.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com static.addtoany.com *.disqus.com *.youtube.com *.disquscdn.com *.mollom.com *.hostedpci.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.youtube.com data: *.gstatic.com *.googleapis.com *.google.com *.google.co.* stats.g.doubleclick.net *.disqus.com *.disquscdn.com *.mollom.com *.prod.acquia-sites.com *.hostedpci.com *.google-analytics.com gravatar.com *.ads.linkedin.com *.adsymptotic.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.youtube.com *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' static.addtoany.com *.youtube.com *.gstatic.com *.disqus.com *.mollom.com *.hostedpci.com *.mapbox.com *.policymap.com disqus.com *.tbe.taleo.net *.tbe.taleo.net/chu03/ats/careers/apply.jsp d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com data: d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.googleapis.com *.g.doubleclick.net *.disqus.com *.hostedpci.com *.google-analytics.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1 frame-ancestors https://www.isabelmarant.com/ https://www.isabelmarant.com/ ; 1 default-src 'self'; connect-src 'self' http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1 sandbox allow-scripts allow-same-origin allow-forms ; 1 default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.campoints.net https://*.visit-x.net http://*.visit-x.net *.google-analytics.com beacon.errorception.com browser-update.org *.zopim.com https://*.getsentry.com https://*.disqus.com https://*.disquscdn.com https://*.bing.com https://*.googleadservices.com data: https://disqus.com https://*.wowza.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://static.zdassets.com; object-src 'self' *.vxcdn.org *.inethoster.org https://vjs.zencdn.net; style-src 'self' 'unsafe-inline' https://optimize.google.com fonts.googleapis.com https://*.disquscdn.com https://*.wowza.com https://*.google.com; img-src 'self' *.visit-x.net *.vxcdn.org *.inethoster.org *.campoints.net http://visitx.testunikat.com http://194.116.150.87/ https://*.maptilehoster.com *.google-analytics.com https://*.bing.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.google.ch https://*.google.at data: browser-update.org https://v2.zopim.com https://v2assets.zopim.io https://*.disquscdn.com https://*.disqus.com https://www.googletagmanager.com https://prod-railsapp.s3.amazonaws.com https://*.wowza.com https://*.gstatic.com; media-src 'self' *.vxcdn.org *.inethoster.org *.campoints.net stream.visit-x.tv blob: https://v2.zopim.com https://*.akamaihd.net; frame-src 'self' https://optimize.google.com https://*.visit-x.net http://*.visit-x.net *.campoints.net https://*.vxcdn.org https://*.inethoster.org https://*.youtube.com https://*.disqus.com https://disqus.com https://*.feedtures.com https://player.vimeo.com https://paytour.communipay.net; child-src 'self' https://*.visit-x.net http://*.visit-x.net *.campoints.net blob:; font-src 'self' *.visit-x.net fonts.gstatic.com data: https://*.zopim.com https://*.disquscdn.com; connect-src 'self' wss://websocket.campoints.net wss://*.farm1.campoints.net wss://*.farm1.campoints.net:443 *.campoints.net *.vxcdn.org https://*.visit-x.net https://*.visit-x.tv *.errorception.com *.google-analytics.com wss://*.zopim.com https://*.getsentry.com https://*.akamaihd.net https://*.disqus.com https://*.wowza.com https://stream.vxcdn.org https://latencytimer.azurewebsites.net/api/HttpTriggerJS1 *.vx-services.net https://ekr.zdassets.com; 1 default-src 'self'; script-src 'self'; img-src 'self' 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' cdn.httparchive.org www.google-analytics.com use.fontawesome.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net lux.speedcurve.com 'nonce-eDg_6H5Y8RLYhLbOVf0SIw'; font-src 'self' fonts.gstatic.com; connect-src 'self' cdn.httparchive.org discuss.httparchive.org cdn.rawgit.com www.webpagetest.org www.google-analytics.com stats.g.doubleclick.net; img-src 'self' discuss.httparchive.org avatars.discourse.org www.google-analytics.com www.google.com s.g.doubleclick.net stats.g.doubleclick.net sjc3.discourse-cdn.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com https://*.embedly.com https://*.cloudfront.net https://*.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.rackcdn.com http://*.rackcdn.com https://*.newrelic.com https://*.facebook.net https://*.addthis.com https://maps.google.com https://maps.gstatic.com https://*.googleapis.com https://*.openstreetmap.org https://*.virtualearth.net https://*.mozilla.org; style-src 'self' 'unsafe-inline' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://*.twitter.com https://*.embedly.com https://*.twitter.com https://*.facebook.com https://fonts.googleapis.com https://*.rackcdn.com http://*.rackcdn.com https://*.addthis.com https://*.openstreetmap.org https://*.virtualearth.net; img-src *; media-src *; frame-src *; connect-src *; object-src *; font-src 'self' data: https://*.typekit.com https://*.google.com https://themes.googleusercontent.com; 1 default-src 'self'; script-src 'unsafe-inline' 'self' *.google-analytics.com *.addtoany.com *.rosacea.org *.amazonaws.com *.google.com *.gstatic.com rosacea.us7.list-manage.com; object-src 'self'; style-src 'self' *.googleapis.com *.mailchimp.com 'unsafe-inline'; img-src 'self' *.google-analytics.com *.doubleclick.net *.rosacea.org data:; media-src 'self'; frame-src 'self' *.addtoany.com *.force.com *.google.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src *.googleapis.com 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1 frame-ancestors http://www.lativ.com https://www.lativ.com; 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-464099ae1daf9a5a270323f106d0aa6b' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1 default-src *.sanayi.gov.tr; script-src 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sanayi.gov.tr *.youtube.com *.google-analytics.com *.ytimg.com *.twitter.com *.twimg.com; style-src 'unsafe-inline' *.googleapis.com *.sanayi.gov.tr *.twitter.com *.twimg.com; img-src data: *.sanayi.gov.tr *.ytimg.com *.google-analytics.com *.twitter.com *.twimg.com; media-src *.ytimg.com *.youtube.com *.twitter.com; connect-src *.sanayi.gov.tr; child-src twitter.com *.youtube.com *.google.com *.sanayi.gov.tr *.twitter.com; 1 allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src *; media-src *; frame-src 'self' 1 default-src data: wss://*.kambicdn.com:* wss://*.kambicdn.net wss://*.kambicdn.org wss://*.kambi.com:* wss://*.7777.bg:* wss://7777.bg:* 'self' 'unsafe-eval' 'unsafe-inline' https://*.cdn.bg https://www.youtube.com/ https://youtube.com/ https://7777.bg https://*.7777.bg https://www.google.bg https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://stats.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://ogs-gcm-eu-prod.nyxop.net https://*.casinomodule.com https://casinomodule.com https://kambi.com https://*.kambi.com https://*.kambicdn.com https://kambicdn.com https://*.kambicdn.org https://kambicdn.org https://*.kambicdn.net https://kambicdn.net https://dpovs7i3r9tz1.cloudfront.net https://d26335rno3m71y.cloudfront.net/ https://d1fqgomuxh4f5p.cloudfront.net/ https://lob.egcvi.com https://play-web-nl.e-devel.eu https://website.e-devel.eu https://ogs-gl-mt1p16.nyxop.net https://*.casinarena.com https://s7.egtmgs.com:8181 https://s7.egtmgs.com https://free.egtmgs.com:9998 https://free.egtmgs.com https://cdrs.netentcdn.com https://gcl.netentcdn.com https://*.imggaming.com/ https://dice-gaming-live-us.akamaized.net https://*.dice-gaming-live-us.akamaized.net https://dice-gaming-live-ap.akamaized.net https://dice-gaming-live-eu.akamaized.net https://dice-gaming-live-sa.akamaized.net https://*.unas.tv https://sportradar-vie-ipv4.hs.llnwd.net https://*.hs.llnwd.net https://hs.llnwd.net https://sportradar-lco-ipv4.akamaized.net https://*.sportradar-lco-ipv4.akamaized.net https://sportradar-lco-ipv6.akamaized.net https://*.sportradar-lco-ipv6.akamaized.net https://sportradar-lco.akamaized.net https://*.sportradar-lco.akamaized.net https://*.live.edgefcs.net https://live.edgefcs.net https://*.fc.llnwd.net https://fc.llnwd.net blob: https://*.7777.bg https://7777.bg; frame-ancestors 'self' *.7777.bg ; report-uri https://6b25c6084321eddb53e6440a3a1ba4f3.report-uri.com/r/t/csp/enforce 1 default-src 'self'; connect-src 'self' www.google-analytics.com *.googlesyndication.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.veedi.com; font-src 'self' http://script.hotjar.com https://script.hotjar.com; frame-src * 'unsafe-inline'; img-src https://www.veedif.com 'self' floraassets.com *.florastatic.com www.google-analytics.com *.googlesyndication.com https://www.google-analytics.com data: https://cookie-cdn.cookiepro.com *.hotjar.com; media-src 'none'; object-src 'none'; script-src *.googlesyndication.com * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com 1 form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://checkout.stripe.com https://www.paypal.com https://www.paypalobjects.com https://cdn.paddle.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'self' 1 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1 default-src 'self'; connect-src 'self' *.etracker.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org *.etracker.com *.etracker.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 1 default-src *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.googleapis.com *.gstatic.com *.facebook.net *.justserve.org *.servir.org *.facebook.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: placehold.it placeholdit.imgix.net 'self' 'unsafe-inline' ws://localhost:3000 ws://10.0.2.2:3000 ws://localhost:8080 assets.adobedtm.com dpm.demdex.net 'unsafe-eval' cdn.tt.omtrdc.net ldschurch.tt.omtrdc.net *.tintup.com *.cloudfront.net players.brightcove.net vjs.zencdn.net edge.api.brightcove.com blob: * metrics.brightcove.com consent.truste.com consent-pref.truste.com;style-src *.fonts.net *.googleapis.com *.justserve.org *.servir.org *.lds.org *.ldscdn.org *.churchofjesuschrist.org 'self' 'unsafe-inline' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' * www.googletagmanager.com download.zohopublic.com https://css.zohocdn.com use.fontawesome.com www.googleadservices.com fontawesome.com connect.facebook.net stats.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net www.google.com www.youtube.com i.ytimg.com www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net; frame-ancestors 'self';style-src 'self' 'unsafe-inline' download.zohopublic.com salesiq.zohopublic.com css.zohostatic.com dyjgaef5vuq51.cloudfront.net fontawesome.com ping.typekit.net www.youtube.com i.ytimg.com p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net;img-src 'self' www.btcturk.com download.zohopublic.com salesiq.zoho.com img.zohostatic.com salesiq.zohopublic.com fontawesome.com www.googleadservices.com www.youtube.com i.ytimg.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com fontawesome.com az732725.vo.msecnd.net data:;object-src 'self' fontawesome.com ping.typekit.net p.typekit.net www.youtube.com i.ytimg.com use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; 1 default-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io 'unsafe-eval' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io 'unsafe-eval' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1 default-src data: https: http: wss://cctr-chat.dhl.com:8444; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'unsafe-inline' https: http: blob: 1 frame-ancestors http://*.stumbleupon.com 1 default-src 'none'; child-src 'self' ez.no static.addtoany.com www.youtube.com; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com static.addtoany.com cdnjs.cloudflare.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' static.addtoany.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' blob: data: static.addtoany.com www.google-analytics.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; form-action 'self'; 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; 1 default-src https:; script-src https://ewww.io https://ewww-io.exactdn.com 'unsafe-inline' 'unsafe-eval' https://checkout.stripe.com https://js.stripe.com https://api.carthook.com https://api.r.carthook.com https://code.jquery.com https://beacon-v2.helpscout.net https://cdn.sucuri.net https://js-agent.newrelic.com https://bam.nr-data.net https://downloads.mailchimp.com https://mc.us8.list-manage.com; style-src https://ewww.io https://fonts.googleapis.com https://cdn.sucuri.net https://downloads.mailchimp.com 'unsafe-inline'; img-src https://ewww.io https://ewww-io.exactdn.com https://ewww-io.exactdn.com https://example.exactdn.com https://secure.gravatar.com https://ps.w.org https://q.stripe.com https://s.w.org https://referoo.co https://gallery.mailchimp.com data:; font-src 'self' https://ewww-io.exactdn.com https://fonts.gstatic.com data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com *.go-mpulse.net plus.turnpages.nl plus-consumentenservice.custhelp.com *.akstat.io www.youtube-nocookie.com 1 default-src 'self'; script-src 'unsafe-inline' 'self' *.googleapis.com *.newrelic.com *.nr-data.net *.google-analytics.com *.google.com *.getsitecontrol.com *.gstatic.com *.kxcdn.com 'strict-dynamic' 'nonce-70d6930e378f85a542ad75d9'; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com *.bootstrapcdn.com; img-src 'self' * data:; frame-src 'self' *.google.com; font-src *.googleusercontent.com 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.apigee.com *.getsitecontrol.com *.apigee.net; report-uri /admin/config/system/seckit/csp-report 1 default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1 frame-ancestors 'self' https://*.mares.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de 1 default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com assets.rockwerchter.be *.typekit.net;img-src 'self' data: *.gstatic.com maps.googleapis.com www.facebook.com scontent.cdninstagram.com pbs.twimg.com i.ytimg.com scontent.xx.fbcdn.net external.xx.fbcdn.net assets.rockwerchter.be *.google-analytics.com *.doubleclick.net *.betrad.com *.quantserve.com *.evidon.com rockwerchter.be *.x.bidswitch.net *.google.com *.google.be *.consensu.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com connect.facebook.net graph.facebook.com *.instagram.com js-agent.newrelic.com bam.nr-data.net assets.rockwerchter.be *.googletagmanager.com *.google-analytics.com *.evidon.com *.quantserve.com *.betrad.com *.quantcount.com tagmanager.google.com *.googleadservices.com *.doubleclick.net *.bh.contextweb.com www.google.com *.google.com *.google.com *.gstatic.com *.consensu.org;style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com assets.rockwerchter.be *.tagmanager.google.com tagmanager.google.com *.typekit.net *.typekit.net;report-uri /nelmio/csp/report;connect-src www.googleapis.com 'self' *.betrad.com *.google-analytics.com *.consensu.org;frame-src www.youtube.com www.vimeo.com staticxx.facebook.com www.facebook.com web.facebook.com www.google.com 'self' *.betrad.com *.evidon.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com ccclib.bibliocms.com *.ccclib.bibliocms.com ccclib.org *.ccclib.org http://ccclib.org; 1 child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1 frame-ancestors 'self' cmsv2.zebrix.net 1 frame-ancestors 'self 1 default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.visa.com *.google-analytics.com www2.theticketfactory.com dpm.demdex.net thenationalexhib.tt.omtrdc.net *.salecycle.com; object-src data: 'unsafe-eval' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.visa.com *.queue-it.net tagmanager.google.com cookiesuksouth.blob.core.windows.net; img-src 'self' 'self' data: www.awin1.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com ajax.aspnetcdn.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk *.visa.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com d16fk4ms6rqz1v.cloudfront.net assets.adobedtm.com tagmanager.google.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.salecycle.com; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com *.visa.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com *.visa.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.salecycle.com; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1 default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://fullstory.com https://*.fullstory.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net *.ngpvan.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com tagmanager.google.com; img-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com fonts.googleapis.com;connect-src 'self' https://*.fullstory.com https://fullstory.com; report-uri https://accounts.ngpvan.com/oidc/csp/report 1 script-src 'self' apis.google.com appleid.cdn-apple.com www.papara.com papara.com cdn.test.papara.com cdn.papara.com api.instagram.com az416426.vo.msecnd.net maps.googleapis.com mc.yandex.ru www.googletagmanager.com tagmanager.google.com www.googleadservices.com graph.facebook.com staticxx.facebook.com connect.facebook.net stats.g.doubleclick.net www.google.com www.google-analytics.com ajax.googleapis.com www.google.com.tr www.gstatic.com apis.google.com appleid.cdn-apple.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fonts.googleapis.com tagmanager.google.com az732725.vo.msecnd.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.googleusercontent.com www.papara.com cdn.papara.com cdn.test.papara.com dkto9gpxgolik.cloudfront.net d23wms2coskb83.cloudfront.net d10blfc6f8pj7j.cloudfront.net papara.com s3-eu-west-1.amazonaws.com scontent.cdninstagram.com cdninstagram.com mc.yandex.ru lookaside.facebook.com platform-lookaside.fbsbx.com csi.gstatic.com maps.gstatic.com maps.googleapis.com graph.facebook.com scontent.xx.fbcdn.net www.googleadservices.com staticxx.facebook.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com www.google.com ssl.gstatic.com data:;object-src 'self';options eval-script 1 default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://swift-prod.prozorro.gov.ua https://cdn2.prozorro.gov.ua https://public.docs.openprocurement.org https://public.docs-sandbox.openprocurement.org https://lb.api-sandbox.openprocurement.org https://public.api.openprocurement.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn2.prozorro.gov.ua https://rawgit.com/ https://connect.facebook.net https://www.linkedin.com https://graph.facebook.com https://*.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://maps.googleapis.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com; frame-src 'self' https://www.youtube.com https://www.slideshare.net https://staticxx.facebook.com https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1 frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1 default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com googletagmanager.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com static.ads-twitter.com analytics.twitter.com app.humdash.com analytics.zortrax.com cf.zortrax.com ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com t.co/i/adsct app.humdash.com cf.zortrax.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' data.zortrax.com http://3dprint.zortrax.com 3dprint.zortrax.com *.luckyorange.net ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com ;media-src 'self' *.youtube.com *.youtube-nocookie.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; child-src pei-portal.rexx-systems.com piwik.itzbund.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1 img-src 'self' https://www.images-home.com http://www.pages06.net https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://googleads.g.doubleclick.net https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://d5xydlzdo08s0.cloudfront.net https://px.ads.linkedin.com https://p.adsymptotic.com data:;connect-src 'self' https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sport360.com https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com http://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js;font-src 'self' https://fonts.gstatic.com http://fonts.googleapis.com https://cdn.joinhoney.com data:;object-src 'self';media-src 'self';child-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://sport360.com https://4268196.fls.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://connect.facebook.net https://cse.google.com https://www.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com http://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js;form-action 'self' https://rakbankonline.ae https://connect.facebook.net https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;report-uri https://revamp.rakbank.ae/security/csp-report; 1 base-uri 'none'; default-src 'none'; child-src https://*.googletagmanager.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://*.googleapis.com https://*.findaphd.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.jove.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk https://*.jic.ac.uk https://*.findaphd.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.mt https://*.google.com.ua https://*.google.ie https://*.google.it https://*.google.se https://*.google.sk https://*.ytimg.com https://secure.gravatar.com https://*.bing.com https://stats.g.doubleclick.net blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.algolianet.com https://*.gstatic.com https://*.google.ae https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.mt https://*.google.com.ua https://*.google.de https://*.google.fr https://*.google.ie https://*.google.it https://*.google.ru https://*.google.sk https://*.bing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.google.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/john-innes-centre; report-to https://poirot.selesti.com/api/violation/john-innes-centre; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com slpl.bibliocms.com *.slpl.bibliocms.com https://www.slpl.org www.slpl.org *.www.slpl.org; 1 frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1 frame-ancestors https://*.omantel.om 1 default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://*.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com https://*.akstat.io; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 1 default-src 'self' data: blob: *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.webspellchecker.net *.cetrk.com s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.marketo.net *.marketo.com *.google.com *.webspellchecker.net; frame-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; frame-ancestors 'self' *.guidewire.com; child-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; font-src * data:; connect-src 'self' *.mktoresp.com *.listenloop.com *.bugsnag.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.addthis.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.crazyegg.com *.webspellchecker.net *.llnwd.net; report-uri /report-csp-violation 1 default-src 'self';img-src *; script-src *; 1 default-src 'self' data:; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://translate.google.com/translate_a/ 'unsafe-eval' https://translate.googleapis.com/translate_static/js/ https://translate.googleapis.com/translate_static/js/element/ https://translate.googleapis.com/translate_a/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://static.getclicky.com https://in.getclicky.com https://*.google.com http://*.google.com https://www.eventbrite.com.au https://form.jotform.co https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://clicky.com https://www.gstatic.com; style-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://*.google.com http://*.google.com https://static.getclicky.com; img-src 'self' https://www.google-analytics.com/ https://www.gstatic.com/images/ https://www.google.com/images/ https://translate.googleapis.com/translate_static/ https://bbox.blackbaudhosting.com/webforms/images/ data: https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://*.google.com http://*.google.com https://ssl.gstatic.com http://www.nfsa.gov.au https://www.nfsa.gov.au; frame-src 'self' https://bbox.blackbaudhosting.com/webforms/custom/mongo/scripts/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://w.soundcloud.com/player/ https://user-e3mlril.cld.bz https://www.googletagmanager.com https://www.eventbrite.com.au https://8696921.fls.doubleclick.net; font-src 'self' data: https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://fonts.gstatic.com/s/opensans/v13/ data:; connect-src 'self' https://svc.webspellchecker.net/spellcheck31/script/ https://translate.googleapis.com https://in.getclicky.com https://createsend.com https://www.google-analytics.com; report-uri /report-csp-violation 1 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 img-src blob: * android-webview-video-poster: data:; media-src * data:; connect-src 'self'; worker-src blob: 'self'; font-src * data:; default-src player.vimeo.com *.yourmoney.ch *.newsbox.ch *.cashgate.ch 'unsafe-eval' *.gstatic.com *.issuu.com *.tkb.ch 'self' tagmanager.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com e2.marco.ch *.adform.net 'unsafe-inline' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io wss://*.crisp.chat https://*.crisp.chat *.payline.com *.youtube.com; img-src 'self' data: *.zopim.com *.crisp.chat *.google-analytics.com *.gstatic.com *.googleapis.com; font-src 'self' data: *.zopim.com *.crisp.chat *.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors https://*.milwaukeetool.eu 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.infogram.com:* *.quiz-maker.com:* *.sharethis.com:* *.cloudflare.com:* *.bootstrapcdn.com:* *.poll-maker.com:* *.google-analytics.com:* *.ytimg.com:* *.twimg.com:* *.disquscdn.com:* disqus.com:* *.disqus.com:* *.googletagmanager.com:* *.consensu.org:* *.gstatic.com:* *.googleapis.com:* *.fontawesome.com:* *.addtoany.com:* *.unicef.org:* *.disqus.com:* *.facebook.com:* *.facebook.net:* *.google.com:* *.linkedin.com:* *.twitter.com:* *.umblr.com:* *.unicef.org:* *.unicef.org.au:* *.youtube.com:* *.instagram.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com:* *.gstatic.com:* *.googleusercontent.com:* *.googleapis.com:* *.googleapis.com:* *.fontawesome.com:* data:; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self' data:; 1 default-src https: 1 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1 default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src 'self' data: *; 1 default-src 'self'; allow 'self'; img-src * 1 default-src 'self' data: wss://*.altilly.com:2053 wss://*.altilly.com:2083 *.tokenoftrust.com *.qredit.cloud *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com; script-src 'self' 'nonce-0c9a43aa499326dcd5a37d5764536cff' *.qbox.me *.google.com *.googleusercontent.com *.altilly.com *.tokenoftrust.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.qbox.me *.tokenoftrust.com *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com *.googleapis.com 1 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; object-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.yourcloudlibrary.com; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomasbreads.com connect.facebook.net cdn.socialtwist.com ajax.googleapis.com www.googletagmanager.com assets.pinterest.com js-agent.newrelic.com *.pinterest.com https://www.google-analytics.com https://bam.nr-data.net https://chat.consumercare.net https://h6.consumercare.net https://ad.atdmt.com https://www.econsumeraffairs.com https://www.google.com https://www.gstatic.com https://widgets.socialtwist.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.econsumeraffairs.com *.consumercare.net *.socialtwist.com; connect-src 'self' *.revemarketing.com https://www.google-analytics.com https://stats.g.doubleclick.net wss://webchat.revemarketing.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com *.googleapis.com *.gstatic.com www.google.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com platform.twitter.com *.twimg.com ifoa.precedenthost.co.uk *.actuaries.org.uk cdn.rawgit.com e.issuu.com www.youtube.com s.ytimg.com tagmanager.google.com khan.github.io squizlabs.github.io script.crazyegg.com *.eu-west-2.amazonaws.com s3.amazonaws.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com d34l49dszxxnhj.cloudfront.net optimize.google.com optimize.google.com/* *.optimize.google.com ; object-src *.issuu.com flash.quantserve.com s3.amazonaws.com 'self' d34l49dszxxnhj.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com platform.twitter.com *.actuaries.org.uk tagmanager.google.com squizlabs.github.io *.eu-west-2.amazonaws.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com svc.webspellchecker.net d34l49dszxxnhj.cloudfront.net optimize.google.com optimize.google.com/* *.optimize.google.com ; img-src 'self' data: *.google-analytics.com www.googletagmanager.com maps.google.com *.gstatic.com *.googleapis.com rest.mollom.com rest-production.mollom.com bam.nr-data.net syndication.twitter.com platform.twitter.com *.twimg.com *.actuaries.org.uk live.sagepay.com *.doubleclick.net *.openathens.net squizlabs.github.io *.eu-west-2.amazonaws.com s3.amazonaws.com *.amazonaws.com svc.webspellchecker.net loader.webspellchecker.net d34l49dszxxnhj.cloudfront.net optimize.google.com optimize.google.com/* *.optimize.google.com ; frame-src 'self' embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com *.loader.webspellchecker.net svc.webspellchecker.net optimize.google.com optimize.google.com/* *.optimize.google.com embeds.audioboom.com; font-src 'self' data: *.gstatic.com ifoa.precedenthost.co.uk *.actuaries.org.uk *.eu-west-2.amazonaws.com d34l49dszxxnhj.cloudfront.net; connect-src 'self' bam.nr-data.net e.issuu.com; report-uri //IFoA.report-uri.io/r/default/csp/enforce 1 allow 'self'; frame-ancestors 'self' 1 script-src 'unsafe-inline' 'self' maps.google.com maps.googleapis.com 1 default-src 'self' https://*.gstatic.com; script-src 'self' https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://an.yandex.ru https://yandex.st https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com nonce-RAND 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net https://code.createjs.com; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' nonce-RAND http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net; img-src 'self' https://*.tns-counter.ru https://*.weborama.fr http://*.weborama.fr http://localhost:97/ https://localhost:97/ https://www.vidal.ru https://vidal.ru https://yandex.ru https://yandex.net https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://avatars-fast.yandex.net https://favicon.yandex.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com https://*.honcode.ch http://*.honcode.ch; media-src 'self' https://*.google.com https://*.google.ru https://*.yandex.net https://yandex.ru https://yandex.st https://yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io http://localhost:97 https://s0.2mdn.net; frame-src 'self' https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io http://localhost:* https://s0.2mdn.net https://px.adhigh.net http://webvisor.com; font-src https://*.gstatic.com https://s0.2mdn.net https://yandex.ru https://*.yandex.ru https://yastatic.net https://*.yastatic.net https://yastat.net https://*.yastat.net 'self'; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yastat.net https://*.yastat.net https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://localhost http://localhost https://s0.2mdn.net https://px.adhigh.net 1 default-src 'self' https://www.itsme.be https://business.itsme.be; script-src 'self' 'sha256-7cojap65Z8u7cb2zVYoh8EzAt9dpvJv+vWyXDuc1gDk=' https://www.itsme.be https://business.itsme.be *.google-analytics.com cdn.polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https://www.itsme.be https://business.itsme.be *.google-analytics.com *.doubleclick.net; font-src 'self' *.gstatic.com; object-src 'none' ; frame-src 'self' https://www.itsme.be https://business.itsme.be *.youtube.com *.youtube-nocookie.com; connect-src https://www.itsme.be https://business.itsme.be *.google-analytics.com; 1 base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1 default-src 'self' *.relay42.com vars.hotjar.com cba.nmrc.nl 6162542.fls.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.ampproject.org static.cloud.coveo.com *.doubleclick.net *.r42tag.com *.centraalbeheer.nl www.google-analytics.com *.facebook.net *.usabilla.com www.googleadservices.com googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com *.google.com *.svtrd.com onmarc.nl tags.nmrc.nl snap.licdn.com *.linkedin.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net *.relay42.com js.hsleadflows.net js.usemessages.com surfly.com az416426.vo.msecnd.net *.klue.nl www.dwin1.com www.zenaps.com *.onmarc.nl centraalbeheer.speed-trap.nl;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com unpkg.com;img-src data: 'self' https://www.googletagmanager.com img.youtube.com *.svtrd.com www.google-analytics.com www.facebook.com *.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net centraalbeheer.speed-trap.nl *.usabilla.com *.svtrd.com n01d05.cumulus-cloud.com *.relay42.com bat.bing.com www.googleapis.com clients1.google.com track.hubspot.com cba.imgix.net *.onmarc.nl *.r42tag.com www.googletagmanager.com forms.hubspot.com optimize.google.com imp2.nowinteract.com www.awin1.com www.zenaps.com *.onmarc.nl server.arcgisonline.com *.centraalbeheer.nl www.independer.nl px.ads.linkedin.com maps.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.doubleclick.net *.facebook.net *.centraalbeheer.nl *.hubapi.com *.achmea.nl www.google-analytics.com dc.services.visualstudio.com surfly.com sentry.io api.hubspot.com forms.hubspot.com cba.imgix.net vc.hotjar.io api.usabilla.com geocode.arcgis.com formulier.centraalbeheer.nl atosi.nl maps.googleapis.com;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com *.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com imp2.nowinteract.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action * 'self' t.svtrd.com embeddedsts.dev.local *.achmea.nl;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1 default-src 'self' *.google-analytics.com *.salesforce.com *.crazyegg.com bam.nr-data.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com bam.nr-data.net *.google-analytics.com js-agent.newrelic.com *.stripe.com s3.amazonaws.com/trk.cetrk.com/; style-src 'self' 'unsafe-inline'; img-src 'self' *.crazyegg.com bam.nr-data.net *.google-analytics.com *.doubleclick.net js-agent.newrelic.com *.stripe.com s3.amazonaws.com/trk.cetrk.com/; frame-src 'self' *.stripe.com *.salesforce.com *.vimeo.com; font-src 'self' 'unsafe-inline'; report-uri /report-csp-violation 1 frame-ancestors 'self' http://preview.ceros.com http://view.ceros.com http://*.mccarthy.com http://*.digcastle.com https://preview.ceros.com https://view.ceros.com https://*.mccarthy.com https://*.digcastle.com 1 frame-ancestors 'self' http://www.lugaro.com http://www.manfredijewels.com http://www.dutyfreediplomatic.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://ajax.googleapis.com/ https://maps.google.com/ https://maps.googleapis.com/ https://weatherwidget.io/; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://tripura.gov.in; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com https://tripura.gov.in https://cbpssubscriber.mygov.in https://w.bookcdn.com https://maps.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://tripura.gov.in/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com; media-src 'self' https://www.youtube.com/ ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com http://164.100.127.45 https://weatherwidget.io; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com http://fonts.googleapis.com; connect-src 'self' ; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors http://*.viewlift.com 1 default-src 'self' 'unsafe-inline' service.bzga.de piwik.bzga.de www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.de; style-src 'self' 'unsafe-inline'; 1 default-src 'self'; connect-src https://*.revo.com https://*.thelabnyc.com https://*.myshopify.com localhost:* *.hotjar.com *.hotjar.io facebook.com sentry.io *.yotpo.com storerocket.io *.mapbox.com www.google-analytics.com www.facebook.com wss://ws2.hotjar.com https://*.openshiftapps.com https://widget.us.criteo.com http://siteblock.exeloncorp.com https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/us_modal.html adservice.google.com stats.g.doubleclick.net *.fastly.net https://*.amplitude.com storerocket.global.ssl.fastly.net; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data:; frame-src 'self' *.doubleclick.net *.hotjar.com *.criteo.com *.criteo.net optimize.google.com www.googletagmanager.com connect.facebook.net www.facebook.com www.yahoo.com *.yahoo.com app.five9.com; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com connect.facebook.net *.hotjar.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.criteo.net *.criteo.com *.criteotilt.com *.experticity.com *.storerocket.io *.yotpo.com *.doubleclick.net *.jsdelivr.net *.mapbox.com tagmanager.google.com optimize.google.com *.list-manage.com z.moatads.com https://l.facebook.com app.five9.com *.fastly.net *.ads-twitter.com www.google.com *.google.com *.google-analytics.com https://*.twitter.com *.afterpay.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.yotpo.com tagmanager.google.com optimize.google.com fonts.googleapis.com app.five9.com; child-src blob:; report-uri https://sentry.io/api/1388394/security/?sentry_key=05cf1ae732d54995bff9b1d4ab1dfc07&sentry_environment=production 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com christchurch.bibliocms.com *.christchurch.bibliocms.com https://christchurch.bibliocms.com christchurch.bibliocms.com *.christchurch.bibliocms.com; 1 default-src 'self' *.zdassests.com *.cloudinary.com; connect-src https://*.devacurl.com https://*.devatech.us https://*.devatechpro.us https://*.myshopify.com https://*.openshiftapps.com localhost:* https://sentry.io *.yotpo.com www.google-analytics.com likeshop.me https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.hotjar.io https://*.hotjar.com https://devacurl.2m8f.net wss://widget-mediator.zopim.com https://*.doubleclick.net https://*.facebook.com https://*.trackedweb.net https://*.cookielaw.org https://*.onetrust.com/; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data: likeshop.me; frame-src *.doubleclick.net optimize.google.com *.phorest.me phorest.me phorest.com *.dotmailer-surveys.com *.hotjar.com *.youtube.com *.googletagmanager.com *.facebook.com; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.yotpo.com *.doubleclick.net *.google.com *.dashhudson.com *.google.com *.bing.com *.hotjar.com *.facebook.net *.zdassets.com https://widget-mediator.zopim.com *.dotmailer-surveys.com https://*.impactradius-event.com *.cookielaw.org https://*.trackedweb.net https://*.onetrust.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.yotpo.com *.google.com *.googleapis.com; report-uri https://sentry.io/api/1474106/security/?sentry_key=71495ca5d2814cc995ebaa6fa5461d8f&sentry_environment=prod; media-src 'self' *.zdassets.com *.cloudinary.com 1 default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * ;frame-ancestors * ;form-action * ;manifest-src * ; 1 default-src 'self'; base-uri 'none'; form-action 'self' https://www.pcuonline2.org; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.pcu.org https://www.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://onlineaccess.pcu.org https://www.pcuonline2.org https://pcu.staging.wpengine.com https://www.pcu.org https://pcu.dev https://secure.gravatar.com https://www.google-analytics.com https://www.pcu.org https://maps.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google.com https://connect.facebook.net https://ajax.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.pcu.org https://fonts.googleapis.com https://code.ionicframework.com; img-src 'self' https://www.pcu.org https://www.google.com https://www.googletagmanager.com https://i0.wp.com https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; media-src 'none'; frame-src 'self' https://www.google.com/ https://pcu.mortgagewebcenter.com; font-src 'self' data: https://www.pcu.org https://fonts.gstatic.com https://code.ionicframework.com; connect-src 'self' https://stats.g.doubleclick.net 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com librarypoint.bibliocms.com *.librarypoint.bibliocms.com https://www.librarypoint.org www.librarypoint.org *.www.librarypoint.org; 1 policy-uri /'unsafe-inline' 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; frame-src 'self' webcampub.multivista.com https:; frame-ancestors 'self' data: blob:; 1 default-src 'self'; img-src 'self'; style-src 'self'; 'unsafe-inline'; font-src 'self'; script-src 'self'; 'unsafe-inline'; connect-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://*.google-analytics.com https://*.google.com https://www.gstatic.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://tableaupublic.princeton.edu https://www.trumba.com/ https://*.twitter.com https://*.twimg.com https://widget.uservoice.com/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://*.twitter.com https://*.twimg.com https://p.typekit.net/ https://use.typekit.net/; img-src * data:; media-src *; frame-src *; child-src *; font-src 'self' data: https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://use.typekit.net/; connect-src 'self' https://www.google-analytics.com/; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: 'self' data:; img-src https: 'self' data:; 1 default-src *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; options inline-script eval-script 1 frame-ancestors 'self' iframe.diageo.thoriumd.com julefrokostibyen.dk summernights.dk 1 object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1 font-src * 'self' data:; img-src * 'self' data:; default-src 'self' https://*.veritix.com http://*.veritix.com http://*.ticketingcentral.com https://*.ticketingcentral.com http://*.flashseats.com https://flashseats.com http://*.googleapis.com https://*.google.com https://www.youtube.com https://*.adobedtm.com https://*.gstatic.com https://*.googletagmanager.com https://*.thunderhead.com http://*.addthis.com https://*.aegpresents.com https://*.msgapp.com https://*.axs.com http://*.axs.com https://*.tk3dapi.com https://privacy-policy.truste.com https://seal.digicert.com http://www.google-analytics.com https://www.google-analytics.com https://*.googleadservices.com https://*.ads-twitter.com https://*.facebook.net https://*.lytics.io https://*.facebook.com https://*.twitter.com https://t.co https://insight.adsrvr.org 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://www.google-analytics.com https://*.googletagmanager.com https://bam.nr-data.net https://*.doubleclick.net https://devcentral.f5.com:443 https://mpsnare.iesnare.com/snare.js 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: https://s.yimg.com http://cdn.printfriendly.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; media-src 'self'; frame-src 'self' data: https://static.addtoany.com https://fwb.malaysiaairports.com.my https://www.youtube.com https://www.google.com; frame-ancestors 'self' https://fwb.malaysiaairports.com.my; child-src 'self'; font-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com; report-uri //report-csp-violation 1 frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1 default-src 'self'; child-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru mc.yandex.ru accounts.google.com content.googleapis.com; connect-src 'self' wss://seolib.ru:8018 mc.webvisor.org mc.webvisor.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; font-src 'self' data: updates.seolib.ru seolib.ru fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru accounts.google.com content.googleapis.com; img-src 'self' data: favicon.yandex.net www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.webvisor.org ssl.gstatic.com www.gstatic.com www.google.com www.google.com.ua www.google.ru mc.yandex.ru reformal.ru media.reformal.ru http://traffic.alexa.com; media-src https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' updates.seolib.ru seolib.ru media.reformal.ru www.google-analytics.com www.googletagmanager.com tagmanager.google.com stats.g.doubleclick.net mc.webvisor.org d31j93rd8oukbv.cloudfront.net mc.yandex.ru www.google.com www.google.com.ua www.google.ru apis.google.com https://apis.google.com www.gstatic.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com seolib.ru www.google.com ajax.googleapis.com use.fontawesome.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; report-uri /csp/report 1 default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1 frame-ancestors www.flygresor.se secure.rentalcars.com brands.datahc.com hyrbil.flygresor.se 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1 base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-M8XGX9+3nNpdaDmxMelb3Cmj' 'nonce-Nf+mowkIJEzhGftP3QqJOUgJ' 'nonce-W38uSozXQDmkDhCzMam3btwE' 'nonce-mp2BsGYggehUBRiAJpRw8V2B' 'nonce-WqMSpjmICgzms697fg/i5xyk' 'nonce-1nZY1hHQ/pV8wS4G37RcHnpq' 'nonce-kxUEU6uYgRNpg7Y6OWaqDMyq' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 upgrade-insecure-requests; default-src 'self' https; connect-src 'self' plus.browsealoud.com babm.texthelp.com https://*.speechstream.net stats.g.doubleclick.net www.google-analytics.com m.addthis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com plus.browsealoud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com maps.googleapis.com www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com s7.addthis.com m.addthisedge.com m.addthis.com plus.browsealoud.com www.browsealoud.com fonts.googleapis.com apis.google.com www.youtube.com s.ytimg.com v4in1-si.click4assistance.co.uk az416426.vo.msecnd.net; img-src 'self' maps.gstatic.com maps.googleapis.com www.google-analytics.com prod3si.click4assistance.co.uk stats.g.doubleclick.net plus.browsealoud.com v4in1-si.click4assistance.co.uk data:; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; frame-src 'self' s7.addthis.com www.youtube.com v4in1-ti.click4assistance.co.uk; media-src 'self' https://*.speechstream.net; 1 default-src 'self' https://player.vimeo.com https://9169248.fls.doubleclick.net https://burgess.theatro360.com https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://cdn.dnky.co https://fonts.googleapis.com https://tagmanager.google.com https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com; img-src 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com; connect-src 'self' wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:; media-src 'self' https://vod-progressive.akamaized.net https://gcs-vimeo.akamaized.net https://skyfire.vimeocdn.com https://fpdl.vimeocdn.com https://video-dev.github.io https://player.vimeo.com blob:; report-uri https://burgessyachts.report-uri.com/r/d/csp/reportOnly; frame-src 'self' https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com; child-src blob: ; 1 frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1 connect-src 'self' https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com arapahoe.bibliocms.com *.arapahoe.bibliocms.com https://arapahoelibraries.org arapahoelibraries.org *.arapahoelibraries.org; 1 default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1 default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de https://www.betterplace.org https://betterplace-assets.betterplace.org https://i.vimeocdn.com https://raw.githubusercontent.com *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://okfde.github.io https://www.betterplace.org https://betterplace-assets.betterplace.org https://player.vimeo.com https://www.youtube-nocookie.com https://media.ccc.de https://challonge.com https://www.foodwatch.org/de/iframe/ https://js.stripe.com https://hooks.stripe.com https://www.paypal.com;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' https://static.frag-den-staat.de https://media.frag-den-staat.de https://api.betterplace.org/ https://sentry.okfn.de https://api.stripe.com;child-src 'self' blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu https://hooks.stripe.com https://stripe.com https://r.girogate.de;frame-ancestors 'self';report-uri https://sentry.okfn.de/api/3/security/?sentry_key=f00c20a879414df69051163a90597a8c; 1 default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension:; connect-src 'self' static.tfmetalsreport.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net 1 default-src: 'self' 'unsafe-inline'; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com smcl.bibliocms.com *.smcl.bibliocms.com https://smcl.org smcl.org *.smcl.org; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.theuppercrustpizzeria.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' blob: *.theuppercrustpizzeria.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; 1 frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; 1 default-src 'unsafe-inline' 'self' https:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; frame-src 'self' https:; connect-src 'self' https: wss://cs.onlim.com wss://bot.onlim.com 1 base-uri 'self' about:;block-all-mixed-content;child-src www.fallsviewer.ca 'self';connect-src 'self' data: *.youtube.com fonts.gstatic.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.readspeaker.com img.niagarafalls.ca cdn.monsido.com https://*.smartlook.com https://*.smartlook.cloud;default-src https: 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' null fonts.gstatic.com niagarafalls.ca;form-action 'self' *.paypal.com *.readspeaker.com niagarafalls.ca;frame-ancestors 'self' www.fallsviewer.ca niagarafalls.ca *.us.monsido.com; frame-src *.fallsviewer.ca *.readspeaker.com www.google.com www.youtube.com player.vimeo.com niagarafalls.ca *.transitapp.com ;img-src data: 'self' img.niagarafalls.ca *.readspeaker.com res.cloudinary.com https://www.google-analytics.com *.gstatic.com stats.g.doubleclick.net www.youtube.com *.monsido.com *.googleapis.com https://*.google.com https://*.google.ca;media-src *.readspeaker.com youtu.be youtube.com;object-src *.youtube.com 'self'; report-uri https://niagarafalls.ca/webservices/csp-enforce;script-src 'self' blob: *.google.com *.googleapis.com *.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.net extend.vimeocdn.com player.vimeo.com *.readspeaker.com cdn.monsido.com www.youtube.com api.transitapp.com *.ytimg.com https://*.smartlook.com https://*.smartlook.cloud 'unsafe-inline' 'unsafe-eval';style-src 'self' *.googleapis.com *.google.com *.readspeaker.com 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com/nr-1099.min.js https://sjs.bizographics.com/insight.min.js px.ads.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com gl.hostcg.com/js/genlead.js; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com; report-uri https://csp-report-uri.bureauveritas.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https *.cloudfront.net *.googleapis.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net graph.facebook.com rum-static.pingdom.net 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.gs1-germany.de https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com; style-src https: 'unsafe-inline' https://*.gs1-germany.de https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://www.google-analytics.com https://nexus.ensighten.com https://www.paypalobjects.com data: 'unsafe-inline' 'unsafe-eval'; img-src * https://stats.g.doubleclick.net data:; font-src 'self' https://www.paypalobjects.com/ data:; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://nexus.ensighten.com/ https://s94483084.t.eloqua.com/ data:; 1 default-src 'self';font-src 'self' data: fonts.gstatic.com;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.googleadservices.com *.glami.cz support.ebscohost.com *.facebook.net;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com;worker-src 'self' www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.glami.cz *.fg.cz *.placeholder.com *.uhk.cz support.ebscohost.com *.facebook.com;style-src 'self' 'unsafe-inline' *.googleapis.com analytics.monkeytracker.cz *.google.com;object-src 'self' 1 default-src 'none'; script-src 'self' https://*.googleadservices.com https://*.dynatrace.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://*.cxtrvl.com https://*.tstllc.net https://sandbox.tstllc.net *.sas.com *.aimatch.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cloud.webtype.com https://hello.myfonts.net https://*.googleapis.com https://*.cxtrvl.com 'unsafe-inline'; connect-src 'self' *.sas.com *.aimatch.com *.dynatrace.com https://*.cxtrvl.com *.foresee.com https://sandbox.tstllc.net *.cnxloyalty.com *.cnxloyalty.com; font-src 'self' https://cloud.webtype.com https://*.gstatic.com https://*.googleapis.com https://*.cxtrvl.com; img-src 'self' data: https://*.vacationsdirect.com https://*.cloudfront.net https://*.viator.com *.budget.com *.avis.com *.thrifty.com *.dollar.com *.rcstatic.com *.cartrawler.com *.enterprise.fr *.nationalcar.com *.alamo.com *.enterprise.com *.carhire-solutions.com https://*.cxtrvl.com *.cxloyalty.com https://*.tripadvisor.com https://pls.webtype.com *.orxenterprise.com https://www.google-analytics.com https://*.tripadvisor.com https://*.gstatic.com https://*.googleapis.com https://placehold.it https://placeholdit.imgix.net https://*.tacdn.com https://*.ehi.com reflected-xss block; form-action 'self' *.cxtrvl.com https://cxlvacations.cdev.infra.tstllc.net/cruise/cruises/rewards; frame-ancestors *.sas.com *.aimatch.com *.cnxloyalty.com; plugin-types application/pdf; frame-src ;object-src 'self' 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kalibrr.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 1 frame-ancestors 'self' http://pudtoday 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com sppl.bibliocms.com *.sppl.bibliocms.com https://sppl.org sppl.org *.sppl.org; 1 script-src 'self' 'nonce-08z4n0G87zgNsfBfwk98U0p8c6Ori7'; default-src 'self' 1 : default-src * 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 frame-ancestors https://*.cjis20.org 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com omaha.bibliocms.com *.omaha.bibliocms.com https://omahalibrary.org omahalibrary.org *.omahalibrary.org; 1 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.mouseflow.com cdn.jsdelivr.net www.edisoninvestmentresearch.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nr-data.net *.mouseflow.com www.edisoninvestmentresearch.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net typekit.net www.edisoninvestmentresearch.com p.typekit.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src om careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com www.edisoninvestmentresearch.com; frame-ancestors 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com www.edisoninvestmentresearch.com ; child-src 'self' www.edisoninvestmentresearch.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri //report-csp-violation 1 default-src 'self'; connect-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; font-src 'self' http://script.hotjar.com https://script.hotjar.com; frame-src https://vars.hotjar.com; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com *.hotjar.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-ad4748712f09e30be523e184f6157a12fbc31e12b2bd8468f49d623745ba1a19' 'nonce-6CF39DEF463CA2129AB469A32FAB6CCDDBDEA696190AE9EC51F2CEABBBFC241C' 'nonce-39413E715903D54BE4F21BCDA39277EF8FB746C4DD03C6400499595E19043F88' 'sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=' 'sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm'; 1 default-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self' http://online-training.projectwet.org; child-src 'self' *; font-src 'self' *; connect-src 'self' *; report-uri /report-csp-violation 1 default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1 default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * blob:;frame-ancestors 'self' ;form-action * ;manifest-src * ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.ampproject.org counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1 default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data:; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* https://www.google-analytics.com; manifest-src 'self' 1 frame-src http://webvisor.com 1 base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1 child-src 'self' blob:; connect-src 'self' https://cdn.polyfill.io facebook.com google-analytics.com; default-src 'self'; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io t.co; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src 'none'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.prismic.io maps.googleapis.com https://www.google.com https://www.gstatic.com https://siteimproveanalytics.com https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-eval' https://fill.dropandsign.is https://*.infogram.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com https://fill.dropandsign.is; frame-src https://*.islandsbanki.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://fill.dropandsign.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com; worker-src 'self' blob: 1 default-src https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1 worker-src 'self' data: blob: *.arcgisonline.com js.arcgis.com *.arcgis.com; default-src 'self' data: localhost:* *.google.com *.mopinion.com *.arcgisonline.com js.arcgis.com *.arcgis.com *.googleapis.com media.licdn.com scontent.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com; frame-src 'self' waterschappen.mijnstem.nl agv.mijnstem.nl app.mijnstem.nl mijnstem.sales.ivox.be waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com www.youtube.com www.google.nl www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com; script-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com *.ytimg.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline'; connect-src https: http: ws: wss:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com redbook.listerhill.com connect.facebook.net www.groovecar.com listerhill.groovecar.com use.fontawesome.com cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com *.inspectlet.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.stripe.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' *.google-analytics.com *.google.com www.groovecar.com listerhill.groovecar.com use.fontawesome.com cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; img-src 'self' data: www.facebook.com *.googletagmanager.com maps.gstatic.com www.groovecar.com listerhill.groovecar.com use.fontawesome.com cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com *.inspectlet.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com www.groovecar.com listerhill.groovecar.com use.fontawesome.com cdnjs.cloudflare.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com www.groovecar.com listerhill.groovecar.com use.fontawesome.com cdnjs.cloudflare.com *.listerhill.com; frame-src data: *.hotjar.com www.groovecar.com listerhill.groovecar.com use.fontawesome.com cdnjs.cloudflare.com *.listerhill.com *.google-analytics.com *.google.com *.stripe.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.typeform.com zlcuma.secure.fundsxpress.com; font-src 'self' data: *.google-analytics.com *.google.com fonts.gstatic.com www.groovecar.com listerhill.groovecar.com use.fontawesome.com cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; connect-src 'self' *.hotjar.com *.google-analytics.com *.inspectlet.com wss://ws.inspectlet.com 1 default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com epl.bibliocms.com *.epl.bibliocms.com https://epl.bibliocms.com epl.bibliocms.com *.epl.bibliocms.com; 1 frame-ancestors https://www.bdli.de/ https://staging.bdli.de *.ila-berlin.de localhost ila.lndo.site http://ila.lndo.site:8000; report-uri //report-csp-violation 1 child-src 'self' blob:; connect-src 'self' https://cdn.polyfill.io facebook.com google-analytics.com; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io t.co; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src 'none'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.prismic.io maps.googleapis.com https://www.google.com https://www.gstatic.com https://siteimproveanalytics.com https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-eval' https://fill.dropandsign.is https://*.infogram.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com https://fill.dropandsign.is; frame-src https://*.islandsbanki.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://fill.dropandsign.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com; worker-src 'self' blob: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com/; font-src 'self' *.gstatic.com; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 font-src 'self' static.flatfy.com *.gstatic.com; frame-src 'self' www.google.com/recaptcha/ *.hotjar.com *.hotjar.io; script-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.google.com/ads/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com fonts.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.google-analytics.com *.hotjar.com *.hotjar.io wss:; default-src 'self' static.flatfy.com *.gstatic.com *.hotjar.com *.hotjar.io 1 default-src https://ipara.com;https://ipara.com.tr 1 default-src 'self'; allow 'self'; script-src 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1 frame-ancestors 'self' *.ecoproductsstore.com; frame-src 'self' find.storesnear.me *.ecoproducts.com squadblog.ecoproducts.com brandfolder.com *.brandfolder.com https://brandfolder.com https://*.brandfolder.com *.amazonaws.com ads.p.veruta.com t.p.mybuys.com s7.addthis.com https://www.youtube.com/ http://blog.ecoproducts.com/ http://squadblog.ecoproducts.com/ *.ecoproductsstore.com 1 frame-ancestors 'self' http://*.webtradecenter.com https://*.webtradecenter.com 1 default-src 'self' *.soundcloud.com *.sndcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com tagmanager.google.com; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com *.openstreetmap.org; frame-src 'self' *.cloudfront.net *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io *.media567.com; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com vc.hotjar.io graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com; report-uri /report-csp-violation 1 frame-ancestors 'self' *.trade.com 1 script-src 'self' http://clicky.com *.getclicky.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors *; 1 default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1 script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors *.amboss.com *.miamed.de 1 default-src https: 'self'; script-src https: 'unsafe-inline' 'self'; style-src https: 'unsafe-inline' 'self' 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.kisd.de https://kisd.de https://*.typekit.net https://www.google-analytics.com https://*.googleapis.com; style-src https: 'unsafe-inline' https://*.kisd.de https://kisd.de https://*.typekit.net https://*.googleapis.com; 1 frame-ancestors 'self' 'https://accounts.login.idm.telekom.com' 'https://meinkonto.telekom-dienste.de' 'https://www.telekom.de' 'https://www.t-online.de' 1 frame-ancestors 'none'; 1 base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self'; object-src 'none'; script-src 'nonce-7adVK83Emj0Q3RRWE66wrg==' 'strict-dynamic'; style-src 'self' 'sha256-d4jKoEsY0npGbOevIEtDXcppNusLBHqAmsy909ztPuw='; worker-src 'self'; 1 frame-ancestors 'self', facebook.com, *.facebook.com 1 upgrade-insecure-requests; frame-ancestors 'self' https://secure.blooom.com; form-action 'self' https://api.blooom.com; object-src 'none'; base-uri 'self' https://optimize.google.com; report-uri /api/log_csp_event 1 : sandbox allow-scripts 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com bibliocms.com *.bibliocms.com bibliocms.com *.bibliocms.com http://bibliocms.com; 1 default-src 'self'; block-all-mixed-content; connect-src 'self' syndication.twitter.com www.google-analytics.com assets.pinterest.com; font-src 'self' stackpath.bootstrapcdn.com; frame-ancestors *; frame-src *; img-src 'self' s3-eu-west-1.amazonaws.com platform.twitter.com www.facebook.com data: web.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.uk; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.pinterest.com log.pinterest.com connect.facebook.net platform.twitter.com syndication.twitter.com tfw-current.s3.amazonaws.com www.google.com www.gstatic.com cdnjs.cloudflare.com stevenlevithan.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com 1 upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1 frame-ancestors https://www.redvalentino.com/ https://www.redvalentino.com/ ; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com www.googleadservices.com ajax.googleapis.com www.google-analytics.com connect.facebook.net www.googletagmanager.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' ind.millenniumbcp.pt www.google-analytics.com maps.gstatic.com maps.googleapis.com 9563960.fls.doubleclick.net stats.g.doubleclick.net www.facebook.com www.google.com www.google.pt data:; font-src 'self' fonts.gstatic.com; frame-src 'self' lt.morningstar.com apps.millenniumbcpageas.net activobank.cc.oneit.pt 9563960.fls.doubleclick.net; connect-src: 'self' api.transferwise.com optimize.google.com 1 default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 1 allow 'self'; script-src 'self'; img-src *; media-src *; object-src 'none'; frame-src 'none'; xhr-src 'none'; 1 default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self'; 1 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data: 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com securesurf.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.parnassys.net/; connect-src 'self'; font-src 'self'; child-src 'self'; frame-src 'self' 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.google-analytics.com *.abtasty.com https://movein.assurant.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://movein.assurant.com; img-src *; child-src https://movein.assurant.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://movein.assurant.com 1 default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer strict-origin-when-cross-origin; 1 default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info www.google.com www.gstatic.com; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr; report-uri /nelmio/csp/report 1 frame-src https://*.ngrok.io https://*.partsfinder.com https://*.cybersource.com https://*.sisense.com https://*.partssource.com 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://translate.google.com/ https://translate.googleapis.com/ https://www.gstatic.com/ https://www.google.com/ 1 default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.etracker.com *.etracker.de ; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com; font-src *; img-src data: *; frame-ancestors 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; frame-src 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; object-src 'self'; media-src *; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.ethicspoint.eu cdn.pendo.io; connect-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.ethicspoint.eu static.navexone.eu api.gw-prodeu.navexone.eu *.navexglobal.eu *.ethicspoint.eu *.navexglobal.com *.pendo.io *.truste.com *.newrelic.com *.nr-data.net ; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.ethicspoint.eu static.navexone.eu api.gw-prodeu.navexone.eu *.navexglobal.eu *.ethicspoint.eu *.navexglobal.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net; img-src 'self' data: analytics.ethicspoint.eu *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' analytics.ethicspoint.eu *.navexglobal.com *.policytech.com player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com; frame-ancestors 'self' *.pendo.io; 1 child-src 'self' *.youtube.com *.vimeo.com europa.eu *.europa.eu *.facebook.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; frame-src 'self' *.youtube.com *.vimeo.com europa.eu *.europa.eu *.facebook.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.skeyes.be http://*.belgocontrol.be https://www.openstreetmap.org http://opendatacommons.org https://www.google.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://www.linkedin.com https://platform.linkedin.com https://static.licdn.com https://www.youtube.com https://create.smart2vr.com https://ssl.google-analytics.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com 1 allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com gcpl.bibliocms.com *.gcpl.bibliocms.com gcpl.bibliocms.com *.gcpl.bibliocms.com http://gcpl.bibliocms.com; 1 default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1 frame-ancestors 'self' *.finq.com 1 frame-ancestors *.scaledrone.com 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com halifax.bibliocms.com *.halifax.bibliocms.com https://www.halifaxpubliclibraries.ca www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca; 1 base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net www.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.googleusercontent.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=bPAWP1%2fT1k1uixbuJJg3M%2fbCEmc0wriyS7ymmFtL6hgRwtlu%2bv1V4nyK2qOO4rG8dTCPl%2ftyyU0kaCA4ORYYsHEbSq3%2bbQrLZAcRM1BCun7L%2bLGO8YDfSr5yM7ynEwYBVJurpq8CJ9CqYR6Tr7O1U5FbZbHNtiypBr3Iz1U1zXZige718kIrOdjdcpRCWPQR; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /report-csp-violation 1 default-src 'unsafe-inline' https://fonts.googleapis.com https://surfly.io https://maxcdn.bootstrapcdn.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 1 frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; report-uri //report-csp-violation 1 default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:* *.googleadservices.com *.google-analytics.com *.google.com https://*.youtube.com https://*.ytimg.com cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com vimeo.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jotfor.ms *.jotform.com *.jotform.io *.jotform.us *.jotformpro.com *.multiview.com *.paypal.com *.paypalobjects.com *.texmed.org *.twimg.com *.twitter.com *.unitednetworksofamerica.com *.yahooapis.com *.zkcdn.net code.jquery.com https://t.co https://feed.jquery-plugins.net *.unitednetworksofamerica.com; frame-src 'self' *; 1 referrer no-referrer 1 block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1 default-src 'self' fonts.googleapis.com cdn-static.event.gs mafo1.myaudience.de www.etracker.de *.twitter.com *.twimg.com 'unsafe-inline'; child-src 'self' ibb.hh-kunde.de mafo1.myaudience.de www.eventmanager-online.com www.etracker.de www.google.com *.twitter.com www.youtube.com; img-src 'self' data: mafo1.myaudience.de *.twitter.com *.twimg.com www.etracker.de; script-src 'self' mafo1.myaudience.de www.google.com www.gstatic.com platform.twitter.com www.youtube.com s.ytimg.com *.etracker.com *.etracker.de *.twimg.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1 allow 'self'; options inline-script eval-script; frame-ancestors 'self' 1 default-src 'self' data: https:; object-src 'self'; script-src * data: 'unsafe-inline' https:; style-src 'self' data: 'unsafe-inline' https:; img-src * data: https:; 1 font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1 frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com 1 upgrade-insecure-requests, frame-ancestors 'self' *.ariba.com *.sciquest.com *.punchout2go.com *.colamco.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.com use.typekit.net www.google-analytics.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com; style-src 'self' 'unsafe-inline' use.typekit.com use.typekit.net; img-src 'self' p.typekit.net www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' maps.google.com www.google.com www.youtube.com s7.addthis.com; font-src 'self' 'unsafe-inline' use.typekit.com use.typekit.net; connect-src 'self' performance.typekit.net m.addthis.com s7.addthis.com; report-uri /en/report-csp-violation; upgrade-insecure-requests 1 frame-ancestors https://*.cpcworldwide.com 1 default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://www.youtube.com http://www.gstb-rlp.de https://www.kosdirekt.de; img-src 'self' https://img.youtube.com https://www.google-analytics.com https://vat.db-app.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://de.ioam.de https://s.ytimg.com https://script.ioam.de https://www.google-analytics.com https://www.youtube.com https://vat.db-app.de/; style-src 'self' 'unsafe-inline' 1 style-src 'self' 'unsafe-inline' 1 child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.youtube.com *.dailymotion.com *.vimeo.com *.youtube-nocookie.com *.europa.eu *.twitter.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.youtube.com *.dailymotion.com *.vimeo.com *.youtube-nocookie.com *.europa.eu *.twitter.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buttercms.com *.griddynamics.com *.sentry-cdn.com *.apis.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.ads-twitter.com cdn.jsdelivr.net www.feedrapp.info *.pardot.com *.yandex.ru; style-src 'self' 'unsafe-inline' *.buttercms.com *.googleapis.com *.sentry-cdn.com; img-src 'self' data: *.buttercms.com grid-dynamics-blog.ghost.io *.griddynamics.com *.gstatic.com *.apis.google.com *.googleapis.com *.google.com *.google.com.ua *.google-analytics.com *.doubleclick.net stats.g.doubleclick.net mc.webvisor.org *.yandex.ru; font-src 'self' data: *.googleapis.com *.gstatic.com 1 default-src 'self' https://www.google.com; connect-src 'self' https://vimeo.com https://sentry.io https://app.zencoder.com https://checkout.stripe.com https://www.google-analytics.com https://ssl.google-analytics.com https://rs.fullstory.com https://www.facebook.com 1q-askvert-assets-prod.s3.amazonaws.com 1q-video-input-prod.s3.amazonaws.com blob:; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://player.vimeo.com http://player.vimeo.com https://platform.twitter.com https://checkout.stripe.com https://staticxx.facebook.com fbrpc://call; img-src * data: blob:; media-src blob: https://d3g65oypf6prn3.cloudfront.net https://d1rhiywm6dcjyw.cloudfront.net; script-src 'self' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://platform.twitter.com https://checkout.stripe.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://fullstory.com https://vimeo.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; report-uri https://sentry.io/api/1263064/security/?sentry_key=8a5ec54260bb45868b737b446557eaa0 1 urbanohio.com 1 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https: 1 frame-ancestors http://my.rotary.org https://my.rotary.org 'self'; 1 default-src *;object-src 'none';style-src * 'unsafe-inline' 'unsafe-eval';img-src * data: 'unsafe-inline' 'unsafe-eval';media-src *;font-src * data: blob:;script-src * 'unsafe-inline' 'unsafe-eval'; 1 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' blob: 1 allow 'self' default-src 'self' 'unsafe-inline' www.google-analytics.com *.twitter.com *.facebook.com *.facebook.net *.google.com 1 default-src data: https: http:; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'unsafe-inline' https: http: blob: 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com web-start.org ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 allow 'self' 'unsafe-inline' 'unsafe-eval' https://jako-dev.ivp.co.jp https://jako-staging.ivp.co.jp https://jako-mobile.ivp.co.jp https://jako-refactor.ivp.co.jp https://jako-vex.ivp.co.jp https://p-bandai.jp https://auctions.yahooapis.jp https://webservices.amazon.co.jp https://mws.amazonservices.jp https://shopping.yahooapis.jp https://accounts.google.com https://googleapis.com https://pt01.mul-pay.jp https://api-robot.com https://amazon.co.jp https://yahoo.co.jp https://auctions.c.yimg.jp https://wing-auctions.c.yimg.jp https://item-shopping.c.yimg.jp https://thumbnail.image.rakuten.co.jp https://www.googletagmanager.com/ https://www.google-analytics.com/ https://translate.google.com/ https://translate.googleapis.com/ https://j.wovn.io/ https://uh.nakanohito.jp/ https://*.rakuten.co.jp https://*.facebook.com https://*.sandbox.paypal.com https://*.api-robot.com https://*.amazon.co.jp https://*.yahoo.co.jp img-src * 'self' 1 default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com tacoma.bibliocms.com *.tacoma.bibliocms.com https://www.tacomalibrary.org www.tacomalibrary.org *.www.tacomalibrary.org; 1 default-src 'self';object-src 'none';object-src allow-forms allow-same-origin allow-scripts;base-uri 'self';upgrade-insecure-requests;frame-ancestors 'none';script-src 'self' 'unsafe-inline' ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' ajax.aspnetcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com;font-src font-src 'self' ajax.aspnetcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com data:;img-src data: 'self'; 1 default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de *.facebook.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sejda.com *.polyfill.io *.sites-appleby.vuturevx.com https://sites-appleby.vuturevx.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.googleapis.com *.fonts.net *.algolianet.com data: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.fonts.net https://fast.fonts.net ; font-src 'self' *.fonts.net https://fast.fonts.net *.gstatic.com data: ; img-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.gravatar.com *.doubleclick.net data: ; connect-src 'self' *.sejda.com *.google-analytics.com *.algolia.net *.algolianet.com data: ; frame-src 'self' *.google.com *.vimeo.com *.vuturevx.com *.brightcove.net data: ; 1 default-src 'self' *.ctctcdn.com *.google.com *.constantcontact.com *.gstatic.com maps.googleapis.com *.usersnap.com *.google-analytics.com; script-src 'self' 'unsafe-inline' *.ctctcdn.com *.google.com *.gstatic.com cdnjs.cloudflare.com maps.googleapis.com *.usersnap.com cdn.rawgit.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.typekit.net *.ctctcdn.com fonts.googleapis.com cdnjs.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com *.usersnap.com raw.githubusercontent.com cdn.rawgit.com *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com; font-src 'self' *.typekit.net fonts.gstatic.com *.bootstrapcdn.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com; frame-src https://www.google.com 'self'; 1 frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com; connect-src 'self' https://yoast.com 1 upgrade-insecure-requests default-src 'self' *.alacrity.net; 1 connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1 default-src * 'unsafe-inline' 'unsafe-eval' https: data: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org pagead2.googlesyndication.com www.googletagservices.com adservice.google.com adservice.google.de pagead2.googlesyndication.com www.tsviewer.com static.tsviewer.com www.gstatic.com www.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src * data:; media-src 'self'; frame-src 'self' www.google.com googleads.g.doubleclick.net; font-src 'self'; connect-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com https://cdn.ckeditor.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://cdn.ckeditor.com; img-src 'self' data: www.gstatic.com www.google-analytics.com https://cdn.ckeditor.com; media-src 'unsafe-inline'; frame-src 'self' https://www.google.com ; frame-ancestors 'self'; font-src 'self'; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.g.doubleclick.net https://s.ytimg.com https://fonts.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://infra.mcit.gov.sa https://cdn.ckeditor.com https://www.google.com/maps/embed https://maps.google.com/maps https://usf.maps.arcgis.com/apps/TimeAware/index.html https://www.google.com/videohp https://mcit.gov.sa/sites/default/files/fileAr.pdf https://api.darksky.net https://youtu.be/ https://www.youtube.com https://egis.mcit.gov.sa/; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://c.evidon.com https://munchkin.marketo.net https://stats.sa-as.com https://www.google-analytics.com https://zscalertwo.net https://*.zscalertwo.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: https://l.betrad.com https://c.evidon.com https://stats.sa-as.com; media-src 'self' https: data: blob:; frame-src 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; frame-ancestors 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; child-src 'self'; font-src 'self' https: data: blob: http://go.gewwmarketing.com/; connect-src 'self' https: https://324-zbg-118.mktoresp.com; report-uri /report-csp-violation 1 frame-ancestors 'self' www.skaki64.gr skaki64.gr 1 default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl 1 default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://chat.userlike.com cdn.delight-vr.com data: 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors 'self' *.tracegains.net *.tracegains.com; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; 1 default-src 'self' www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com; frame-src 'self' www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.tactical-store.com 1 default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.lamapoll.de; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src 'self' data: lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de *.facebook.com; media-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de youtube.com youtube-nocookie.com; object-src 'self'; connect-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de; frame-src 'self' player.vimeo.com www.youtube.com www.youtube-nocookie.com 1 frame-ancestors *.pulseportal.com 1 default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com avero.speed-trap.nl googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com celebrus.avero.nl;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net avero.speed-trap.nl *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com;font-src 'self' fonts.gstatic.com;connect-src 'self' *.hotjar.com cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1 img-src blob: * android-webview-video-poster: data:; font-src * data:; child-src tel: *; default-src beta.idisign.ch *.cashgate.ch 'unsafe-eval' *.gstatic.com www.newhome.ch www.wuestpartner.com 'self' *.googleapis.com start.unblu.com wss://*.unblu.com dis.swisscom.ch *.sgkb.ch *.unblu.com 'unsafe-inline' recruitingapp-1154.umantis.com test.idisign.ch 1 default-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com https://*.googlevideo.com 'unsafe-inline' 'unsafe-eval'; media-src https://www.mediengruppe-rtl.de blob:; img-src 'self' data: https://yt3.ggpht.com https://i.ytimg.com; script-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; style-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com 'unsafe-inline' 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safesurfs.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self' themes.googleusercontent.com www.google-analytics.com stats.g.doubleclick.net data: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com adservice.google.com adservice.google.ru adservice.google.com.ua adservice.google.co.uz ulogin.ru *.ulogin.ru vk.com google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru ; object-src 'self' *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com ; img-src 'self' * data: blob: filesystem:; media-src 'self' ; font-src 'self' *.gstatic.com *.googleapis.com netdna.bootstrapcdn.com; frame-src 'self' *.doubleclick.net www.youtube.com vk.com *.vk.com ulogin.ru *.ulogin.ru; connect-src 'self' adservice.google.com *.google-analytics.com *.gstatic.com *.googlesyndication.com 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; frame-src *; style-src * 'unsafe-inline'; 1 frame-ancestors 'self' https://corp.millenniumbim.co.mz https://ind.millenniumbim.co.mz https://inst.millenniumbim.co.mz 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' ; img-src 'self' data: https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' 'unsafe-inline';img-src 'self' 'unsafe-inline' data: optanon.blob.core.windows.net www.google-analytics.com www.gstatic.com; media-src 'self' 'unsafe-inline';font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com optanon.blob.core.windows.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com fonts.googleapis.com;script-src 'nonce-{NONCE}' 'nonce-{NONCE}' 'self' 'unsafe-inline' www.google.com www.gstatic.com static.addtoany.com www.googletagmanager.com www.google-analytics.com code.jquery.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com optanon.blob.core.windows.net rum-static.pingdom.net;frame-src 'self' 'unsafe-inline' www.youtube.com player.vimeo.com 1 script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1 font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.curator.io;img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://stats.g.doubleclick.net https://dc.yieldify.com https://dwmvwp56lzq5t.cloudfront.net https://scontent.cdninstagram.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://bat.bing.com https://ad.doubleclick.net https://go.flx1.com https://secure.adnxs.com https://cookiea1.veinteractive.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://hey.hellobar.com http://cookiea1.veinteractive.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://cdsaus2.veinteractive.com https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://cm.g.doubleclick.net https://veads.veinteractive.com https://insight.adsrvr.org https://sync.adap.tv https://assets.yieldify.com https://ads.yahoo.com https://pixel.advertising.com https://curatorio.s3.amazonaws.com https://cdn.curator.io https://x.bidswitch.net https://adservice.google.com https://d2nq7dn4e4z508.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://match.adsrvr.org https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://cdn.livechatinc.com https://tags.w55c.net https://us-u.openx.net https://i.w55c.net https://t.mookie1.com https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://su.addthis.com https://ad.sxp.smartclip.net https://cdn-image.otherlevels.com https://www.google.com https://www.google.com.au;style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://dwmvwp56lzq5t.cloudfront.net https://cdn.curator.io https://platform.twitter.com https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://www.wufoo.eu https://configaus2.veinteractive.com https://bat.bing.com https://script.crazyegg.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://my.hellobar.com https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://d33wq5gej88ld6.cloudfront.net https://www.google.com https://www.gstatic.com https://dcc4iyjchzom0.cloudfront.net https://platform.instagram.com https://platform.twitter.com https://cdn.curator.io https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://d1l6p2sc9645hc.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://s.adroll.com https://d.adroll.com https://ib.adnxs.com https://www.wufoo.com https://secure.wufoo.com https://apps.rokt.com https://roktcdn1.akamaized.net https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdn.taboola.com https://www.eventbrite.com.au https://woobox.com https://trc.taboola.com https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com https://googleads.g.doubleclick.net;default-src 'self' https://images.wineselectors.com.au https://configaus2.veinteractive.com https://vars.hotjar.com https://www.google.com https://www.facebook.com https://roktcdn1.akamaized.net;connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://api.curator.io https://appsapihk.veinteractive.com https://cookiea1.veinteractive.com https://c.flx1.com wss://ws1.hotjar.com https://cdsaus2.veinteractive.com https://bacon.section.io https://in.hotjar.com https://apps.rokt.com https://stats.g.doubleclick.net https://www.facebook.com https://trc.taboola.com https://sessionapihk.veinteractive.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com;media-src 'self' https://images.wineselectors.com.au https://cdn.livechatinc.com;object-src 'self' https://images.wineselectors.com.au;child-src 'self' https://www.youtube.com https://www.google.com https://vars.hotjar.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://syndication.twitter.com https://www.instagram.com https://wineevents.wufoo.eu https://wineevents.wufoo.eu https://configaus2.veinteractive.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://apps.rokt.com https://www.google.com.au https://secure.livechatinc.com https://woobox.com https://wineselectors.ipscape.com.au; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com yourconnectivity.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://secure-mailgate.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.twitter.com; script-src 'self' 'unsafe-inline' *.googleapis.com:* *.google.com *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com:* *.highcharts.com cdn.jsdelivr.net:* *.twitter.com *.twimg.com data:; style-src 'self' 'unsafe-inline' *.googleapis.com:* cdn.jsdelivr.net:* *.twitter.com; img-src 'self' *.bootstrapcdn.com:* *.googleapis.com:* *.googleusercontent.com:* *.google-analytics.com *.twitter.com *.twimg.com *.gstatic.com data: ; frame-src 'self' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com * data:; child-src 'self' 'unsafe-inline' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.twimg.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://ssl.google-analytics.com https://seal-alaskaoregonwesternwashington.bbb.org https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://cdn.cookielaw.org 1 frame-ancestors https://www.facebook.com https://www.venetacucine.com 1 default-src 'self' 'unsafe-inline' data: * 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-scripts.com *.addthis.com *.addthisedge.com *.linkedin.com *.pinterest.com *.facebook.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.gstatic.com *.google.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.usemessages.com *.hsleadflows.net *.googleadservices.com *.sumome.com *.doubleclick.net *.facebook.net *.b-cdn.net *.youtube.com *.ytimg.com *.kxcdn.com *.hubspot.com *.hsforms.net *.hsadspixel.net *.sumo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.kxcdn.com *.b-cdn.net *.google.com; img-src 'self' *.hubspot.com *.acquia-sites.com data: *.ckeditor.com *.webspellchecker.net sumo.com *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hubspot.net *.ytimg.com *.gstatic.com *.googleapis.com *.facebook.com *.google.co.za *.google.it *.google.co.uk *.google.co.id *.google.de *.google.pl *.google.fr *.google.ru *.google.cn *.google.es *.google.com.br *.google.co.nz *.google.com.pr *.google.hr *.google.com.pa *.google.at *.google.ca *.google.gr *.google.com.au *.google.com.hk *.google.com.ph *.google.com.tr *.google.fi *.google.co.jp *.google.com.kh *.google.com.my *.google.co.ke *.google.se *.google.co.il *.google.com.sg *.google.co.th *.google.co.in *.google.ae *.google.co.kr *.google.lk *.googletagmanager.com *.google.com.do *.google.bg *.google.rs *.google.hu *.google.pt *.google.ro *.google.com.co *.google.ch *.google.com.mx *.google.lv *.google.com.vn *.google.no; frame-src 'self' *.google.com *.addthis.com *.youtube.com *.vrcloud.co vrcloud.co *.vrcloud.com vrcloud.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.facebook.net *.hubspot.com; font-src 'self' *.gstatic.com *.addthis.com; connect-src 'self' *.addthis.com *.webspellchecker.net sumo.com *.hubspot.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.hubapi.com; report-uri /admin/config/system/seckit/csp-report 1 default-src * 'unsafe-inline' cdn.ckeditor.com 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ https://*.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b05-apps.nl http://localhost:8080 https://www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://assets.adobedtm.com http://assets.adobedtm.com https://api.tiles.mapbox.com; worker-src blob: 1 frame-ancestors 'self' *.kapow.com *.cvent.com http://*.cvent.com *.kapownp.com http://*.kapow.com:*; 1 frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1 default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 'self' 'unsafe-inline'; img-src https: data: blob: 'self'; frame-src https: 'self' ; style-src https: 'self' 'unsafe-inline'; 1 default-src 'self' rufilmtv.pro rufilm.tv rufilmtv.org *.twitch.tv player.twitch.tv cdn.jsdelivr.net *.union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru 6xuar.gdn; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: accommon.info rufilmtv.club *.rufilmtv.pro videoroll.net utarget.pro utarget.ru accommon.info kinoversus.info mediasmrt.info rx-tds.com vidroll.ru 100widgets.com *.youtube.com *.newsadsppush.com newsadsppush.com *.union-site-data.com *.pbcde.com *.nshes.ru pbcde.com nshes.ru *.gnezdo.ru news.gnezdo.ru news.2xclick.ru theyhat.com smartpush1.info smartpush11.info smartpush10.info smartpush0.info *.q-sht-zidjk.co q-sht-zidjk.co adbetnet.advertserve.com json.bannersvideo.com adfill.me fcrgzqkbtgu.co octomarket.com adtrak.org advmaker.su yt.advmaker.su json.bannersvideo.com bannersvideo.com 1plus1.video *.adbetclickin.pink http://serving.bepolitee.eu adlmerge.com gynax.com bgrndi.com https://fqtag.com osnn.work hydr.work luxup2.ru http://marvin.pw/ https://c.fqtag.com/ rufilm.tv brokeloy.com widefox.ru slowpoker.ru hgbn.network cdn7.network www.resttort.ru resttort.ru deenomo.com lolaken.com lopireto.com roklerok.com am15.net kadanoda.ru vakadiki.ru tozipoto.com zirifaha.ru kibitaqa.ru kiviraha.ru kilisaqa.ru retaraka.ru tisatama.ru tisataga.ru tozimoto.com tozikoto.com toziroto.com tozitoto.com tozipoto.com vogorana.ru vogozaw.ru vogozae.ru uuidksinc.net imdj.3793369.pix-cdn.org rtb.kadam.ru vogozae.ru aurumforyou.com yandex.ru yandex.st mc.yandex.ru www.google-analytics.com vk.com ulogin.ru luxup.ru *.luxup.ru *.am15.net *.thor-media.ru qepath.info zakoofoo.info zoobynu.info hbkii.xyz nucegu.info duxyve.info qezuqa.info cyjycu.info cpasmrttds.info accommon.info samnioc.info dialected.info *.supuv2.com alphamrkt.com 6xuar.gdn mylma.gdn xml.adbetnet.com *.adbetnet.com *.braun634.com m-shes.ru adbetnet.com etcxx.com mxccs.com mdapi.ru mdsrc.ru *.rtbsystem.com *.marketgid.com *.mgid.com *.steepto.com *.adlabs.ru dodrek.com psma01.com psma02.com psma03.com adservone.com *.onedmp.com *.videoviewer.ru bequri.com gotriki.com cdn.hgdat.com *.twitch.tv player.twitch.tv cdn.jsdelivr.net hghit.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' rufilmtv.org rufilmtv.pro rufilm.tv *.reyden-x.com reyden-x.com *.twitch.tv player.twitch.tv cdn.jsdelivr.net stream.reyden-x.com http://fonts.googleapis.com; font-src 'self' rufilm.tv fonts.gstatic.com data:; object-src 'self' rufilm.tv *.am15.net am15.net; frame-src 'self' data: advertise.ru apyecom.com vidroll.ru kanalukraina.tv *.yandex.md tsystatic.com statica.site *.reyden-x.com *.twitch.tv player.twitch.tv *.braun634.com cdn.jsdelivr.net *.union-site-data.com union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru *.videomore.ru videomore.ru samnioc.info https://ad.anistar.me ad.anistar.me *.adbetnet.com t.co ad.anistar.me stream.reyden-x.com tvzvezda.ru 1plus1.video out.pladform.ru https://fqtag.com allmovie.pro http://allmovie.tv http://player.ictv.ua https://kaztube.kz ren.tv tvc.ru m-shes.ru www.tvc.ru rufilm.tv rufilmtv.org rufilmtv.pro am15.net yt.advmaker.su advmaker.su my.mail.ru uuidksinc.net *.amazonaws.com ok.ru *.ok.ru vk.com veterok.tv www.youtube.com *.ivi.ru *.vgtrk.com *.1ru.tv *.1tv.ru *.ntv.ru *.gnezdo.ru *.am15.net rutube.ru *.videomore.ru *.my.mail.ru ictv.ua rmbn.net psma01.com psma02.com psma03.com *.onedmp.com ovva.tv cdn7.network www.videokub.net *.adbetclickin.pink; connect-src 'self' rufilm.tv videoroll.net ws://brokeloy.com:8040 *.google-analytics.com stream.reyden-x.com *.reyden-x.com samnioc.info yt.advmaker.su mc.yandex.ru rtb.kadam.ru *.twitch.tv player.twitch.tv cdn.jsdelivr.net 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com tech-connect.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-NaXtdx5T9YmY+ZkFTvft4VBkkU0u6SpScShWZ2lBO7M=' 1 default-src * 'self' 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: * 1 frame-ancestors 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com; frame-src 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com http://*.youtube.com https://*.youtube.com; 1 'nosniff'; 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com; connect-src 'self' whaleshares.io pubrpc.whaleshares.io api.whaleshares.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1 default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com 'unsafe-inline' 1 default-src 'self' *.cerved.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.cerved.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.it *.doubleclick.net; frame-src 'self'; font-src 'self' *.googleapis.com *.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' mautic.duo.be use.typekit.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.hotjar.net *.hotjar.com js.hs-analytics.net tagmanager.google.com cdn.jsdelivr.net apis.google.com https://optimize.google.com/optimize/ optimize.google.com cdn.ampproject.org https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' use.typekit.net cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com optimize.google.com p.typekit.net; img-src 'self' mautic.duo.be p.typekit.net data: www.google-analytics.com www.facebook.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net www.google.com https://www.google.be/ads/ga-audiences https://optimize.google.com/optimize/ optimize.google.com https://www.googletagmanager.com; font-src 'self' *.typekit.net data: https:; connect-src 'self' mautic.duo.be www.google-analytics.com performance.typekit.net *.hotjar.com:* wss: https://stats.g.doubleclick.net; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.ivideon.com https://yastatic.net https://*.yandex.ru https://mc.yandex.ru yandex.ru https://*.yandex.net https://*.gstatic.com http://fonts.gstatic.com https://*.googleapis.com *.i-exam.ru i-exam.ru https://mypage.i-exam.ru http://*.reformal.ru reformal.ru www.slideshare.net www.youtube.com; report-uri https://test.i-exam.ru/collector.php 1 default-src 'self' data: *.infotechexpress.com *.google-analytics.com *.stripe.com 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri http://auth.eyerideonline.com/identity/csp/report 1 default-src 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1 connect-src 'self' wss: https://app.trustev.com https://zpa87232.live.dynatrace.com https://performance.typekit.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' https: 'nonce-faCwpcIAtKeoxnHib4OItVSSjPw=' 'strict-dynamic' https://www.google-analytics.com https://app.trustev.com https://www.googletagmanager.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.kwikrewards.com https://use.typekit.net https://p.typekit.net;font-src 'self' data: https://use.typekit.net https://cloud.typography.com https://www.kwikrewards.com;frame-src 'self' https://app.trustev.com https://cdn.trustev.com https://www.facebook.com https://www.googletagmanager.com;object-src 'none';base-uri 'none'; 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://mc.yandex.ru; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self'; frame-ancestors 'none'; frame-src https://staticxx.facebook.com/ https://www.facebook.com https://www.youtube.com https://yandex.ru https://broadcast.comdi.com; img-src 'self' data: https://*.yandex.ru https://login.vk.com https://sk.ru https://vk.com https://www.facebook.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://mc.yandex.ru https://s.ytimg.com https://vk.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://broadcast.comdi.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; report-uri /nelmio/csp/report 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamlogin.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 default-src 'self';script-src 'self' d37lvg1a3lx4p1.cloudfront.net dh3ffmqb753zk.cloudfront.net is.gd v.gd;style-src 'self' d1aj68wm8thgzo.cloudfront.net;img-src 'self' d7zdwfnl56dxf.cloudfront.net;font-src 'self' d2v7h451ts6l32.cloudfront.net;frame-src codesandbox.io;connect-src 'self' dh3ffmqb753zk.cloudfront.net;report-uri /csp-report 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self' mailto: https://piwik.bzga.de; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com friscolibrary.bibliocms.com *.friscolibrary.bibliocms.com https://friscolibrary.com friscolibrary.com *.friscolibrary.com; 1 frame-ancestors https://secure.dodo.it/ http://www.dodo.it/ ; 1 allow 'self'; base-uri 'self'; 1 frame-ancestors 'self' spoxy3.insipio.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gettwistedpizza.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gettwistedpizza.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1 script-src sharedpro.in 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors *; form-action *; reflected-xss block; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; 1 frame-ancestors apps.facebook.com flydreamers.com 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safebrowsing.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self'; style-src 'self' 'unsafe-inline' 1 policy-uri /'self' 1 frame-ancestors 'self' insights.hotjar.com 1 default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com esurf.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self' tagmanager.google.com www.google-analytics.com;font-src 'self' fonts.gstatic.com *.typekit.net *.typekit.com data: *.bootstrapcdn.com kariera.fg.cz;connect-src 'self' analytics.monkeytracker.cz *.typekit.net *.zeerat.com fullstory.com wss://collector.zeerat.com https://rs.fullstory.com/rec/page *.doubleclick.net *.google-analytics.com *.sociablekit.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz maps.google.com *.googleapis.com *.typekit.net *.typekit.com *.facebook.net *.twimg.com *.geoplugin.net *.zeerat.com *.fullstory.com fullstory.com *.rs.fullstory.com *.sociablekit.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com kariera.fg.cz;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' *.youtube.com *.facebook.com *.facebook.net www.googletagmanager.com *.sociablekit.com https://indd.adobe.com;worker-src 'self' *.youtube.com *.facebook.com *.facebook.net www.googletagmanager.com *.sociablekit.com https://indd.adobe.com;frame-ancestors 'self';img-src 'self' data: *.gstatic.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.gstatic.com *.googleapis.com *.typekit.net *.typekit.com *.facebook.com *.facebook.net *.twimg.com www.google.com *.google.cz *.youtube.com *.fg.cz *.google.ie *.sociablekit.com *.fbcdn.net kariera.fg.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.typekit.net *.typekit.com tagmanager.google.com *.sociablekit.com *.bootstrapcdn.com *.google.com *.googleapis.com kariera.fg.cz 1 allow 'self'; gtp.com.au 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.jsdelivr.net maps.googleapis.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com csi.googleapis.com csi.gstatic.com khms0.googleapis.com khms1.googleapis.com www.google-analytics.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: youtube.com www.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: themes.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1 base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com; connect-src 'self' https://vimeo.com https://*.resengo.com https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://www.resengo.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://www.resengo.com https://*.resengo.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://www.resengo.com 'unsafe-inline'; 1 frame-ancestors https://www.justcavalli.com/ https://www.justcavalli.com/ ; 1 frame-ancestors www.bps.ac.uk 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net siteimproveanalytics.com *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com; report-uri /report-csp-violation 1   default-src 'self';   base-uri 'self';   style-src 'self' 'unsafe-inline';   script-src 'self' 'unsafe-eval' *.google.com;  object-src 'self' multimedia.gsb.bund.de;   media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org;   child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com;   img-src 'self' data: *.google.com *.gstatic.com *.youtube.com;   frame-ancestors 'none'; 1 child-src https://us-uat.digital.computershare.com/ https://www.village-bank.com/ 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googleapis.com https://*.sharethis.com https://*.vimeocdn.com; style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://*.sharethis.com https://*.googleapis.com https://*.gstatic.com https://*.googleapis.com https://*.gstatic.com; img-src 'self' data: https://*.sharethis.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.twimg.com https://*.vimeocdn.com; connect-src 'self' https://www.google-analytics.com https://*.sharethis.com; frame-src 'self' https://*.sharethis.com https://*.vimeo.com https://*.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1 default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors itzbund.preview.prod.gsb.bund.zivb.net 1 frame-ancestors https://*.posylka.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; img-src 'self' www.google.com www.google.co.uk ssl.google-analytics.com; frame-src 'self' youtube.com; report-uri /admin/settings/seckit/csp-report 1 frame-ancestors 'self' https://*.tyrolia.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' *.crazyegg.com; child-src 'self' https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com; frame-ancestors 'self'; 1 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1 script-src 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1 frame-ancestors 'self' https://*.pressebox.de 1 default-src *; 1 frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.test01.netivity.nl https://matrabike.test01.netivity.nl http://www.google.com 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net nautadutilh.api-a.connexys.nl nautadutilh.api.connexys.nl matomo.nautadutilh.com matomo.a.nautadutilh.com; style-src 'self' 'unsafe-inline' hello.myfonts.net nautadutilh.api.connexys.nl nautadutilh.api-a.connexys.nl; img-src 'self' matomo.nautadutilh.com matomo.a.nautadutilh.com; media-src 'self' player.vimeo.com gcs-vimeo.akamaized.net vod-progressive.akamaized.net https://fpdl.vimeocdn.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com/ https://player.vimeo.com/; font-src 'self' fonts.gstatic.com *.cloudfront.net; connect-src 'self' nautadutilh.api.connexys.nl nautadutilh.api-a.connexys.nl; report-uri /report-csp-violation 1 default-src 'self' localhost maps.googleapis.com themes.googleusercontent.com fonts.gstatic.com googleads.g.doubleclick.net ads.optad360.com http://ads.optad360.com csync.smartadserver.com secure-assets.rubiconproject.com ec-ns.sascdn.com track.adform.net api.deep.bi; block-all-mixed-content; img-src 'self' data: blob: google-analytics.com www.google-analytics.com fonts.googleapis.com csi.gstatic.com maps.google.com maps.gstatic.com maps.googleapis.com adx.adform.net www3.smartadserver.com creatives.sascdn.com ad.doubleclick.net pixel.adsafeprotected.com x.bidswitch.net cm.g.doubleclick.net d5p.de17a.com sync.clickonometrics.pl ib.adnxs.com ma.wp.pl cm.adgrx.com cm.adform.net c1.adform.net server.seadform.net sync-eu.exe.bid track.adform.net sync.bumlam.com s1.adform.net pre.glotgrx.com dt.adsafeprotected.com pro.hit.gemius.pl gremimedia.pl cdn.uwazamrze.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.historia.uwazamrze.pl fonts.googleapis.com csi.gstatic.com maps.google.com maps.gstatic.com maps.googleapis.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com ced.sascdn.com ced-ns.sascdn.com s1.adform.net adx.adform.net pagead2.googlesyndication.com adservice.google.com googleads.g.doubleclick.net www3.smartadserver.com adservice.google.pl pixel.yabidos.com pixel.adsafeprotected.com track.adform.net static.adsafeprotected.com code.createjs.com radar.cedexis.com cdn.rp.pl cdn.uwazamrze.pl www.youtube.com s.ytimg.com api.deep.bi sync.smartadserver.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com blob: cdn.rp.pl cdn.uwazamrze.pl 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1 default-src 'self' https://www.surveymonkey.com *.feathr.co www.googletagmanager.com *.paypal.com *.youtube.com www.mag.org www.googletagmanager.com *.facebook.com *.spreaker.com secure.mag.org www.google-analytics.com https://www.google.com https://docs.google.com https://calendar.google.com https://accounts.google.com *.buzzsprout.com *.twitter.com;style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://widget.surveymonkey.com *.feathr.co *.paypal.com *.spreaker.com www.googletagmanager.com *.twimg.com platform.twitter.com *.facebook.com *.facebook.net secure.mag.org www.google-analytics.com *.buzzsprout.com;font-src 'self' fonts.gstatic.com;img-src 'self' data: about: https://secure.surveymonkey.com *.paypal.com https://stats.g.doubleclick.net *.feathr.co https://match.adsrvr.org https://www.paypalobjects.com http://www.coolfundraisingideas.net stats.g.doubleclick.net *.mag.org *.twimg.com *.twitter.com *.facebook.com www.google-analytics.com; 1 default-src * 'unsafe-inline' data: ; font-src * 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval' https: 1 frame-ancestors *.rlicorp.com 1 default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; reflected-xss block; report-uri https://kvrlp.report-uri.io/r/default/csp/enforce; 1 default-src 'self' *.fuelrats.com *.stripe.com blob:; connect-src 'self' wss://*.fuelrats.com; base-uri 'none'; script-src 'self' 'nonce-b72e482b-9063-4929-916d-1aa023b36cbc' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.fuelrats.com *.stripe.com; img-src 'self' *.fuelrats.com *.stripe.com api.adorable.io *.wp.com blob:; media-src 'self'; object-src 'self'; font-src 'self' fonts.gstatic.com 1 frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://newapp.etracker.com/ https://www.google.com/; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.twitter.com *.twimg.com www.youtube.com s.ytimg.com c.leadlab.click; object-src 'self'; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net; img-src 'self' blob: data: *.google.com *.gstatic.com *.google-analytics.com *.twitter.com *.twimg.com *.youtube.com t.leadlab.click; 1 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net sdk.companywebcast.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com sdk.companywebcast.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com sdk.companywebcast.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1 default-src 'self';font-src 'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src 'self' analytics.monkeytracker.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.doubleclick.net;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net;child-src 'self' www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com www.facebook.com kariera.rako.cz www.kariera.rako.cz c.imedia.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com kariera.rako.cz www.kariera.rako.cz;object-src 'self' 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://azure.mhiaa.com.au https://*.googleadservices.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.mhiaa.com.au https://*.googletagmanager.com https://static.addtoany.com https://*.zopim.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1 script-src 'self' https://*.variance.hu/* https://variance.hu/* https://*.inlock.io/* https://inlock.io/* blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.google.com *.gstatic.com; connect-src 'self'; frame-src *.google.com 1 frame-ancestors https://*.hole19golf.com 1 child-src *.jobs.ch *.still-forklift.is *.still.gr *.still-forklift.mk *.still.ua *.still.ma *.still.by *.still.ee *.still.lv *.still.mu *.still.tn *.still.co.za *.still.si *.still-forklift.lt *.still.hr *.still.rs *.still-salesinfo.com *.still.shop *.hostingkunde.de *.still.de1.biz *.still.de *.still.dk *.still.at *.still.it *.still.hr *.still.sk *.still.ch *.still.si *.still.co.uk *.still.es *.still.cz *.still.rs *.still.pl *.still.hu *.still.nl *.still.fr *.still.be *.still.se *.still.com.ru *.still.lu *.still.ro *.still.com.br *.still.com.tr *.still.no *.still.pt *.still.fi *.still.eu blob: *.still.de1.biz *.still.de *.still.dk *.still.at *.still.it *.still.hr *.still.sk *.still.ch *.still.si *.still.co.uk *.still.es *.still.cz *.still.rs *.still.pl *.still.hu *.still.nl *.still.fr *.still.be *.still.se *.still.com.ru *.still.lu *.still.ro *.still.com.br *.still.com.tr *.still.no *.still.pt *.still.fi *.still.eu *.still.at *.still.com.br http://www.edge-cdn.net https://www.edge-cdn.net http://media.cdn.edge-cdn.net https://media.cdn.edge-cdn.net https://www.youtube.com https://player.vimeo.com *.video-cdn.net; frame-src https://still-bienen.kiongroup.net *.jobs.ch *.still-forklift.is *.still.gr *.still-forklift.mk *.still.ua *.still.ma *.still.by *.still.ee *.still.lv *.still.mu *.still.tn *.still.co.za *.still.si *.still-forklift.lt *.still.hr *.still.rs *.still-salesinfo.com *.still.shop *.hostingkunde.de *.yandex.ru *.comagic.ru http://www.still.de http://www.still.no *.still.de1.biz *.still.de *.still.dk *.still.at *.still.it *.still.hr *.still.sk *.still.ch *.still.si *.still.co.uk *.still.es *.still.cz *.still.rs *.still.pl *.still.hu *.still.nl *.still.fr *.still.be *.still.se *.still.com.ru *.still.lu *.still.ro *.still.com.br *.still.com.tr *.still.no *.still.pt *.still.fi *.still.eu http://www.still.at *.still.at http://www.om-still.it *.om-still.it http://www.still.com.br *.still.com.br http://www.edge-cdn.net https://www.edge-cdn.net http://media.cdn.edge-cdn.net https://media.cdn.edge-cdn.net http://e.video-cdn.net https://e.video-cdn.net https://www.youtube.com https://player.vimeo.com *.kursguiden.no https://issuu.com https://www.google.com *.efs-survey.com *.livechatinc.com *.video-cdn.net; default-src 'self' *.jobs.ch *.still-forklift.is *.still.gr *.still-forklift.mk *.still.ua *.still.ma *.still.by *.still.ee *.still.lv *.still.mu *.still.tn *.still.co.za *.still.si *.still-forklift.lt *.still.hr *.still.rs *.still-salesinfo.com *.still.shop *.hostingkunde.de wss://server.comagic.ru *.yandex.ru *.comagic.ru *.matelso.de *.hotjar.com *.comagic.ru *.video-cdn.net *.etracker.de *.leady.com; style-src 'self' 'unsafe-inline' *.jobs.ch *.still-forklift.is *.still.gr *.still-forklift.mk *.still.ua *.still.ma *.still.by *.still.ee *.still.lv *.still.mu *.still.tn *.still.co.za *.still.si *.still-forklift.lt *.still.hr *.still.rs *.still-salesinfo.com *.still.shop *.hostingkunde.de *.comagic.ru *.googleapis.com *.google.com *.video-cdn.net; img-src 'self' data: *.jobs.ch *.still-forklift.is *.still.gr *.still-forklift.mk *.still.ua *.still.ma *.still.by *.still.ee *.still.lv *.still.mu *.still.tn *.still.co.za *.still.si *.still-forklift.lt *.still.hr *.still.rs *.still-salesinfo.com *.still.shop *.hostingkunde.de http://www.gabelstapler.de http://www.still.de http://www.still.at http://www.om-still.it http://www.still.com.br http://dl.edge-cdn.net https://dl.edge-cdn.net *.facebook.com *.google-analytics.com *.googletagmanager.com *.etracker.com *.etracker.de *.gstatic.com *.googleapis.com *.doubleclick.net *.still.de1.biz *.still.de *.still.dk *.still.at *.still.it *.still.hr *.still.sk *.still.ch *.still.si *.still.co.uk *.still.es *.still.cz *.still.rs *.still.pl *.still.hu *.still.nl *.still.fr *.still.be *.still.se *.still.com.ru *.still.lu *.still.ro *.still.com.br *.still.com.tr *.still.no *.still.pt *.still.fi *.still.eu *.google.com *.unsplash.com placehold.it http://www.google.de https://www.google.de *.livechatinc.com *.video-cdn.net *.google.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jobs.ch *.still-forklift.is *.still.gr *.still-forklift.mk *.still.ua *.still.ma *.still.by *.still.ee *.still.lv *.still.mu *.still.tn *.still.co.za *.still.si *.still-forklift.lt *.still.hr *.still.rs *.still-salesinfo.com *.still.shop *.hostingkunde.de *.adform.net *.yandex.ru *.google.com *.google-analytics.com *.googleapis.com chart.apis.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com/ads/* *.fontdeck.com *.etracker.com *.etracker.de *.cloudfront.net *.facebook.net *.matelso.de cdn.trackduck.com *.comagic.ru *.livechatinc.com *.leady.com *.video-cdn.net *.gstatic.com; font-src 'self' *.fontdeck.com *.gstatic.com *.comagic.ru *.livechatinc.com *.imedia.cz *.hotjar.com; frame-ancestors 'self' *.jobs.ch *.still-forklift.is *.still.gr *.still-forklift.mk *.still.ua *.still.ma *.still.by *.still.ee *.still.lv *.still.mu *.still.tn *.still.co.za *.still.si *.still-forklift.lt *.still.hr *.still.rs *.still-salesinfo.com *.still.shop *.hostingkunde.de *.still.de1.biz *.still.de *.still.dk *.still.at *.still.it *.still.hr *.still.sk *.still.ch *.still.si *.still.co.uk *.still.es *.still.cz *.still.rs *.still.pl *.still.hu *.still.nl *.still.fr *.still.be *.still.se *.still.com.ru *.still.lu *.still.ro *.still.com.br *.still.com.tr *.still.no *.still.pt *.still.fi *.still.eu blob: *.still.de1.biz *.still.de *.still.dk *.still.at *.still.it *.still.hr *.still.sk *.still.ch *.still.si *.still.co.uk *.still.es *.still.cz *.still.rs *.still.pl *.still.hu *.still.nl *.still.fr *.still.be *.still.se *.still.com.ru *.still.lu *.still.ro *.still.com.br *.still.com.tr *.still.no *.still.pt *.still.fi *.still.eu *.still.at *.still.com.br http://www.edge-cdn.net https://www.edge-cdn.net http://media.cdn.edge-cdn.net https://media.cdn.edge-cdn.net https://www.youtube.com https://player.vimeo.com *.video-cdn.net 1 default-src 'self'; script-src 'self' 'unsafe-inline' io.clickguard.com connect.facebook.net www.googleadservices.com trustlogo.comodo.com ajax.googleapis.com platform.twitter.com www.google-analytics.com s.yimg.com bat.bing.com static.ads-twitter.com sp.analytics.yahoo.com analytics.twitter.com *.google-analytics.com cdnjs.cloudflare.com seal.websecurity.norton.com 0.r.msn.com www.googletagmanager.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https://essiac-newsletter-images.s3.ca-central-1.amazonaws.com essiacproducts.com www.essiacproducts.com stats.g.doubleclick.net www.facebook.com trustlogo.comodo.com googleads.g.doubleclick.net *.google-analytics.com bat.bing.com www.google.com www.google.ca t.co seal.websecurity.norton.com tracking.admarketplace.net; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' s.yimg.com www.google-analytics.com static.ads-twitter.com stats.g.doubleclick.net *.essiacproducts.com io.clickguard.com 1 script-src 'nonce-a4UXxmoj/gViWRb1T3hPeMp9pF0=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1 default-src 'self' *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.youtube.com *.progress.ie 46.137.108.103 *.onlinebanking.progress.ie *.onlinebankingws.progress.ie 1 default-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://trck.spoteffects.net https://trck.spoteffects.net http://www.youtube.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; child-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://m.lotto.de https://m.lotto.de http://www.lotto.de https://www.lotto.de http://miframe.lotto.de http://iframe.lotto.de https://miframe.lotto.de https://iframe.lotto.de http://www.youtube.com https://www.youtube.com http://trck.spoteffects.net https://trck.spoteffects.net; connect-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://www.googleapis.com https://www.googleapis.com; font-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://fonts.gstatic.com https://fonts.gstatic.com data: ; img-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://trck.spoteffects.net https://trck.spoteffects.net data: ; block-all-mixed-content; reflected-xss block; base-uri 'self' 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' vit.tube wss://peer.vit.tube https://media.vit.tube https://newmedia.vit.tube https://peer.vit.tube api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self' vit.tube touchit.social blob:; report-uri /api/v1/csp_violation 1 default-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/; script-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/; style-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/ 1 frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 1 default-src https: https://*.gstatic.com https://tagmanager.google.com https://*.hotjar.com; frame-src https://*.lightcast.com https://*.libsyn.com https://api.quickstream.westpac.com.au https://www.google.com https://*.hotjar.com https://www.googletagmanager.com https://e.issuu.com/embed.html https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://s7.addthis.com/static/ https://www.facebook.com/tr/ https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://*.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://trc.taboola.com https://eb2.3lift.com https://ads.yahoo.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://*.jobadder.com/ https://*.lightcast.com https://*.libsyn.com https://api.quickstream.westpac.com.au https://*.salesforce.com https://tagmanager.google.com https://www.gstatic.com https://m.addthisedge.com/live/ https://*.addthis.com/ https://e.issuu.com/embed.js https://dnn506yrbagrg.cloudfront.net/pages/scripts/0022/9283.js https://7217441.collect.igodigital.com/collect.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1619154008352119 https://www.google-analytics.com/plugins/ua/ec.js https://jobadder.com/widgets/V1/Jobs/RenderJobList https://apps.jobadder.com/widgets/V1/Jobs/RenderJobList https://jobadder.com/widgets/V1/Jobs/RenderJobDetails https://tagmanager.google.com https://*.hotjar.com https://script.crazyegg.com https://*.adroll.com https://*.facebook.net; connect-src 'self' https://api.quickstream.westpac.com.au https://compassionau.force.com https://api.compassion.com.au https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com/j/collect https://www.facebook.com/tr/ https://jobadder.com/widgets/V1/Error/LogError https://apps.jobadder.com/widgets/V1/Error/LogError https://m.addthis.com/live/red_lojson/100eng.json https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: https://media.ci.org https://images.ctfassets.net https://images.contentful.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://stats.g.doubleclick.net/r/collect https://nova.collect.igodigital.com/c2/7217441/track_page_view https://www.facebook.com/tr/ https://nova.collect.igodigital.com/c2/7217441/track_cart https://nova.collect.igodigital.com/c2/7217441/track_conversion https://auproddownloads.blob.core.windows.net/compassion/ https://jobadder.com/widgets/ https://apps.jobadder.com/widgets/ http://*.tile.openstreetmap.org/ https://server.arcgisonline.com/ArcGIS/ https://d33wubrfki0l68.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://*.gstatic.com https://*.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://trc.taboola.com https://eb2.3lift.com https://ads.yahoo.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://tags.bluekai.com https://p.adsymptotic.com https://pippio.com/ https://cm.g.doubleclick.net/ https://*.googletagmanager.com https://*.google.com https://*.youtube.com 1 default-src 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https://img.youtube.com https://seal.websecurity.norton.com https://www.google-analytics.com https://widgets.trustedshops.com ; 1 frame-ancestors 'self' *.lightning.force.com *.lightning.salesforce.com *.salesforce.com *.force.com *.visualforce.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' doo.net *.doo.net *.db-app.de *.swmh.de www.youtube.com *.ytimg.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.stry.tl *.podigee.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.doo.net *.db-app.de www.google.com *.stry.tl *.podigee.com; img-src 'self' data: *.doo.net *.db-app.de www.youtube.com *.ytimg.com www.google.com www.google-analytics.com www.googletagmanager.com *.stry.tl *.podigee.com; media-src 'self' www.youtube.com; frame-src 'self' doo.net *.doo.net *.swmh.de *.db-app.de www.youtube.com *.ytimg.com www.google.com www.gstatic.com *.stry.tl *.screenpaper.io *.podigee.com; font-src 'self' data: *.doo.net *.db-app.de www.google.com *.podigee.com; connect-src 'self' 1 font-src 'self' data: use.typekit.net footer.diageohorizon.com try.abtasty.com www.googletagmanager.com 4533016.fls.doubleclick.net www.tripadvisor.co.uk www.googleadservices.com assetscdn.stackla.com www.jscache.com ws.sharethis.com connect.facebook.net platform.twitter.com www.youtube.com www.google-analytics.com p.typekit.net web.diageoagegate.com cdnjs.cloudflare.com googleads.g.doubleclick.net widget.stackla.com www.tripadvisor.com w.sharethis.com l.sharethis.com www.google.com www.google.lk performance.typekit.net www.facebook.com stats.g.doubleclick.net s.ytimg.com staticxx.facebook.com syndication.twitter.com stats.g.doubleclick.net bid.g.doubleclick.net fonts.googleapis.com static.tacdn.com t.sharethis.com p.travelsmarter.net fonts.gstatic.com edge.sharethis.com vjs.zencdn.net static.tacdn.com assetscdn.stackla.com scontent.cdninstagram.com assets.pinterest.com slc2.stats.paypal.com lvs.stats.paypal.com b.stats.paypal.com slc.stats.paypal.com ssl.kaptcha.com c.paypal.com assets.braintreegateway.com www.paypalobjects.com js.braintreegateway.com log.pinterest.com dcinfos.abtasty.com staging.web.diageoagegate.com www.drinkwise.org.au *.diageoagegate.com *.diageoapi.com *.facebook.com *.bundabergrum.com.au players.brightcove.net *.brightcove.net *.google.com *.ns-staging.com.au *.bootstrapcdn.com *.gstatic.com secure.brightcove.com f1.media.brightcove.com metrics.brightcove.com *.brightcove.com *.googleapis.com bcove.video *.zencdn.net bit.ly diageo-rumshine.magapa1.ns-staging.com.au *.googleusercontent.com *.ggpht.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.wakwak.com seal.globalsign.com ssif1.globalsign.com www.googletagmanager.com www.google-analytics.com *.chatplus.jp;allow 'self' 'unsafe-inline' 'unsafe-eval' data: www.wakwak.com seal.globalsign.com ssif1.globalsign.com www.googletagmanager.com www.google-analytics.com *.chatplus.jp 1 default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: https://players.brightcove.net https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: https://a.idio.co/ https://i.idio.co; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://browser.sentry-cdn.com https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ https://s.idio.co/ia.js https://js.idio.co/1473.js https://s.idio.co/ip.js https://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/; style-src * 'unsafe-inline'; 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mailsentinel.net https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 default-src 'self' ;options inline-script eval-script;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org; 1 default-src 'self' *.waic.com https://fonts.googleapis.com http://waic.kayako.com 'unsafe-inline'; style-src http: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; img-src data: http: https: 'unsafe-eval' 'unsafe-inline'; font-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.waic.com 1 base-uri 'https://*.pchome.co.th'; 1 frame-ancestors https://*.veygo.com https://*.nonprod-veygo.com https://*.preprod-veygo.com 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://www.spamfilter.io https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 frame-ancestors 'self' http://localhost http://*.raiffeisenmarkt24.de https://*.raiffeisenmarkt24.de http://*.raiffeisenmarkt.de https://*.raiffeisenmarkt.de http://*.agravis.tld https://*.agravis.tld http://mszapcman01.agravis.tld https://mszapcman01.agravis.tld http://mszapcman02.agravis.tld https://mszapcman02.agravis.tld 1 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report 1 default-src 'self' player.vimeo.com app.validic.com content.healthwise.net media.healthwise.net 'unsafe-eval' fcm.googleapis.com content.motivationalliance.com www.activeu.org; style-src 'self' content.healthwise.net assetpool.healthwise.net media.healthwise.net 'unsafe-inline' fcm.googleapis.com content.motivationalliance.com;img-src 'self' data: blob: dck0i7x64ch95.cloudfront.net app.validic.com www.edamam.com nyexercisedb.blob.core.windows.net content.motivationalliance.com content.healthwise.net cdn.healthwise.net media.healthwise.net www.activeu.org; media-src 'self' content.motivationalliance.com content.healthwise.net media.healthwise.net www.activeu.org; connect-src 'self' content.motivationalliance.com content.healthwise.net media.healthwise.net fcm.googleapis.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1 frame-src 'self' imagisoft.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.google-analytics.com *.msecnd.net *.visualstudio.com; font-src 'self' data: 1 frame-ancestors https://cvtst.strauss-water.com http://swcallvutst.str.corp.strauss.co.il http://swcallvuprd.str.corp.strauss.co.il https://www.tami4.co.il https://cv.strauss-water.com; report-uri /report-csp-violation 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; media-src 'self' blob: https:; object-src 'self' blob: https:; worker-src 'self' blob: https:; font-src https: data:; 1 Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' ; 1 default-src 'self' https://media.entrepot-du-bricolage.fr; img-src 'self' https://www.facebook.com https://www.google.fr https://www.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://uploads.entrepot-du-bricolage.fr data:; script-src 'self' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://js-agent.newrelic.com js-agent.newrelic.com https://bam.nr-data.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self'; frame-src 'self' *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ 1 default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; 1 default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1 unsafe-eval default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://api-iam.intercom.io https://js.intercomcdn.com https://widget.intercom.io https://maxcdn.bootstrapcdn.com https://nexus-long-poller-b.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://cdn.lr-ingest.io/logger.min.js https://r.lr-ingest.io https://*.rollout.io 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline'; 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.night-optics.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net use.typekit.net *.consumercare.net h6.consumercare.net www.googletagmanager.com www.google-analytics.com cdn.ckeditor.com woobox.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net woobox.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net use.typekit.net *.consumercare.net h6.consumercare.net maxcdn.boostrapcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.ckeditor.com; img-src 'self' 'unsafe-inline' stats.g.doubleclick.net www.google-analytics.com cdn.ckeditor.com p.typekit.net www.facebook.com www.google.com; media-src 'self' 'unsafe-inline' ballparkbuns.s3.us-east-2.amazonaws.com; frame-src woobox.com connect.facebook.net www.facebook.com *.googleadservices.com *.doubleclick.net.; font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.jsdelivr.net use.typekit.net; connect-src 'self' performance.typekit.net *.doubleclick.net stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 frame-src 'self' 1 frame-ancestors 'self' *.transbank.cl *.portaltransbank.cl 1 allow 'self' *.sekeha.com *.enamad.ir *.shaparak.ir *.google.com; options inline-script eval-script; img-src *; script-src 'self' *.sekeha.com *.google-analytics.com *.doubleclick.net; style-src 'self' *.sekeha.com; frame-ancestors none; 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; media-src 'self' data: blob: https:; font-src 'self' data: https:; form-action *; 1 default-src 'self' http: https: *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1 frame-ancestors 'self' http://pangea.emotionandtechnologies.com https://pangea.emotionandtechnologies.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://www.googletagmanager.com http://www.google-analytics.com https://maps.googleapis.com https://www.images-home.com 1 default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch tag.myaspectra.ch; script-src https://www.islonline.net tag.myaspectra.ch https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ; frame-src 'self' https://www.youtube.com ; font-src 'self' https://fonts.gstatic.com ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com ; img-src 'self' tag.myaspectra.ch 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://*.tile.openstreetmap.org 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleapis.com www.youtube.com *.ytimg.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' 1 default-src 'self' *.intelliflo.com and *.test.intelliflo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intelligent-office.net *.intelliflo.com *.test.intelliflo.com; object-src 'self'; style-src * 'unsafe-inline'; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com data: *.intelliflo.com; media-src 'self'; frame-src https:; font-src 'self' data:; connect-src 'self' *.intelliflo.com and *.test.intelliflo.com and *.amazonaws.com; 1 default-src 'self' https://*.adilasdata5.biz https://*.adilas.biz https://*.adilascontent.biz; script-src 'self' 'unsafe-inline' https://*.adilasdata5.biz https://*.adilas.biz https://ajax.googleapis.com https://code.jquery.com https://maxcdn.bootstrapcdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://use.edgefonts.net https://fonts.googleapis.com https://code.jquery.com; frame-src 'self'; font-src 'self' data https://fonts.gstatic.com https://fonts.googleapis.com ms-appx-web://microsoft.microsoftedge; img-src 'self' https://*.adilas.biz https://code.jquery.com; report-uri https://id0r2ah41c.execute-api.us-east-1.amazonaws.com/latest 1 default-src 'self' www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1 default-src 'self'; img-src 'self' analytics.meine-krankenkasse.de vbu.gesundheitsformulare.de s.ytimg.com f.vimeocdn.com data:; font-src 'self' vbu.gesundheitsformulare.de data:; style-src 'self' 'unsafe-inline' vbu.gesundheitsformulare.de s.ytimg.com f.vimeocdn.com analytics.meine-krankenkasse.de; script-src 'self' 'unsafe-inline' tagmanager.google.com *.criteo.com *.criteo.net *.adform.net *.google-analytics.com www.googletagmanager.com analytics.meine-krankenkasse.de vbu.gesundheitsformulare.de s.ytimg.com f.vimeocdn.com; child-src 'self' tagmanager.google.com *.criteo.com *.criteo.net *.adform.net *.google-analytics.com www.googletagmanager.com vbu.gesundheitsformulare.de www.youtube-nocookie.com player.vimeo.com analytics.meine-krankenkasse.de 360.nexpics.com *.meine-gesundheitsplattform.de bkk-vbu.limequery.org; frame-ancestors 'self' analytics.meine-krankenkasse.de; 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsforyou.com 1 default-src 'self'; img-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ajax.aspnetcdn.com https://cdnjs.cloudflare.com/ajax/libs/bootstrap-select/ https://code.jquery.com; frame-src 'self' https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://ajax.aspnetcdn.com/ajax/bootstrap/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-select/; font-src 'self' https://ajax.aspnetcdn.com/ajax/bootstrap/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.gstatic.com/ 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.comhttps://code.jquery.com *.cloudfront.net ; connect-src 'self' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net ; img-src 'self' data: *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net ; style-src 'self' 'unsafe-inline' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net ; frame-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net 1 frame-ancestors 'self' *.ratingruneta.ru ratingruneta.ru webvisor.com http://webvisor.com metrika.yandex.ru *.yandex.net 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com; style-src 'unsafe-inline' 'self' https://tagmanager.google.com https://fonts.googleapis.com; 1 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com *.obi4wan.com *.pusher.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.obi4wan.com *.amazonaws.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googleapis.com *.avis-verifies.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.gstatic.com *.aspnetcdn.net *.aspnetcdn.com *.google.fr *.facebook.com *.facebook.net *.bing.com *.netreviews.eu *.googletagmanager.com *.plyr.io *.vimeo.com *.avis-verifies.com *.videostep.com *.cedexis.com *.segment.com *.google.com *.taboola.com *.geoportail.gouv.fr *.kxcdn.com *.cedexis-radar.net *.gstatic.com beeker.io *.mailgun.net *.realytics.net *.realytics.io *.hotjar.com *.outbrain.com *.cloudflare.com *.rawgit.com *.hotjar.io *.hotjar.com *.abtasty.com *.addthis.com *.addthisedge.com *.olark.com wss://*.hotjar.com *.youtube.com *.pacte-energie-solidarite.fr; report-uri /report-csp-violation 1 connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1 default-src 'self' data: https://wp.freemius.com/ https://www.google.com/ https://*.stockdio.com https://player.vimeo.com https://www.youtube-nocookie.com/ https://cdn.whisky-circle.info https://analytics.edlinger.at/ https://*.youtube.com https://staticxx.facebook.com ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com https://consent.cookiebot.com/ https://www.gstatic.com/ https://analytics.edlinger.at/ https://cdn.polyfill.io https://onesignal.com/ https://*.onesignal.com/ https://cdn.onesignal.com/ https://twitter.com https://*.twimg.com https://twitter.com https://ton.twitter.com https://*.cloudfront.net https://*.cloudflare.com https://code.angularjs.org https://www.dropbox.com/ https://app.box.com https://*.live.net/ https://*.google.com http://*.hotjar.com https://*.hotjar.com http://cdn.jsdelivr.net https://cdn.jsdelivr.net www.google.com staticxx.facebook.com facebook.com www.googletagmanager.com connect.facebook.net www.google-analytics.com ajax.googleapis.com https://cdn.polyfill.io; object-src 'self' data: https://cdn.whisky-circle.info https://*.cloudfront.net; style-src 'self' data: 'unsafe-inline' https://www.gstatic.com/ https://onesignal.com/ https://*.cloudfront.net https://cdn.whisky-circle.info https://*.googleapis.com/ https://www.whisky-circle.info/a-guide-to-driving-in-scotland/ ; img-src 'self' data: https://*.googleusercontent.com http://opensharecount.com https://analytics.edlinger.at/ https://www.blogheim.at http://*.osm.org https://cdn.whisky-circle.info https://*.google.at https://themeadviser.com https://www.google-analytics.com https://www.facebook.com s.w.org https://stats.g.doubleclick.net https://www.gravatar.com/avatar/ https://secure.gravatar.com/ ps.w.org https://www.google.com https://*.googleapis.com/; media-src 'self' data: https://cdn.whisky-circle.info; child-src 'self' data: https://*.vimeo.com https://*.cloudfront.net https://*.youtube.com https://*.youtube-nocookie.com https://staticxx.facebook.com https://cdn.polyfill.io https://*.hotjar.com; font-src 'self' data: https://cdn.whisky-circle.info https://*.gstatic.com; connect-src 'self' data: https://my.yoast.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://yoast.com/ 1 img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleapis.com *.gstatic.com apis.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.mouseflow.com *.youtube.com *.vimeo.com *.google.com *.google.nl *.mijnwefact.nl *.ytimg.com *.feedbackcompany.nl 'unsafe-inline' 'unsafe-eval' 1 default-src *.mymontebenefits.com *.jquery.com *.google-analytics.com *.google.com *.vimeo.com; script-src *.mymontebenefits.com 'unsafe-inline' *.jquery.com *.google-analytics.com 'unsafe-eval' *.google.com *.cloudflare.com *.vimeo.com; style-src *.mymontebenefits.com *.jquery.com 'unsafe-inline' *.google.com; img-src *.mymontebenefits.com 'unsafe-inline' *.jquery.com *.google-analytics.com *.doubleclick.net *.google.com; report-uri /report-csp-violation 1 img-src data: 'self' *; worker-src unsafe-inline 'self' blob: 1 allow *; options inline-script eval-script; frame-ancestors self 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.com platform.twitter.com 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.google.com https://*.typekit.net https://metrics.mehrwert.de https://www.google-analytics.com/; style-src https: 'unsafe-inline' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.typekit.net https://metrics.mehrwert.de; frame-ancestors https://www.fortuna-koeln.de https://verein.fortuna-koeln.de https://verein.www.fortuna-koeln.de https://www.fortuna-koeln.de https://twitter.com https://*.twitter.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com data: 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mail-scanner.eu https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 default-src 'self'; script-src 'self' ajax.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com data:;connect-src 'self' fonts.googleapis.com fonts.gstatic.com netdna.bootstrapcdn.com; report-uri https://infostation.dart.org/Sitefinity/Authenticate/OpenID/csp/report 1 default-src 'self' 'unsafe-eval' https://www.youtube.com:* 'unsafe-inline' https://bam.nr-data.net:* https://www.google.com:* https://www.googleapis.com:* https://clients1.google.com:* https://code.jquery.com:* https://js-agent.newrelic.com:* https://cdn.printfriendly.com:* https://cdn.jsdelivr.net:* https://www.google-analytics.com:* https://cse.google.com:* https://ds-4047.kxcdn.com:*; report-uri /admin/config/system/seckit/csp-report 1 allow 'self'; frame-ancestors dev.togostanza.org 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.googleapis.com *.eventbrite.com *.surveymonkey.com *.mailchimp.com *.google.com *.gstatic.com; object-src 'self' *.eventbrite.com *.surveymonkey.com *.mailchimp.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com maps.googleapis.com maps.gstatic.com *.eventbrite.com *.surveymonkey.com *.mailchimp.com data:; media-src 'self'; frame-src 'self' *.youtube.com *.google.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com *.eventbrite.com *.surveymonkey.com *.mailchimp.com *.youtube.com; connect-src 'self' www.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com elpl.bibliocms.com *.elpl.bibliocms.com https://www.elpl.org www.elpl.org *.www.elpl.org; 1 default-src 'self'; script-src 'self' yastatic.net cdn.socket.io iplayer.org main.yayoye.com.ua 'unsafe-eval' 'unsafe-inline' *.pix-cdn.org yandex.st www.gstatic.com ad.iplayer.org:3000 pagead2.googlesyndication.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; object-src *; style-src 'self' iplayer.org *.pix-cdn.org 'unsafe-inline'; img-src 'self' * data: *.pix-cdn.org www.liveinternet.ru pagead2.googlesyndication.com counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com main.yayoye.com.ua gamegame.2974600.pix-cdn.org; media-src 'self'; frame-src 'self' googleads.g.doubleclick.net *; font-src 'self'; connect-src 'self' iplayer.org api.iplayer.org mc.yandex.ru; report-uri https://caspr.io/endpoint/66066cdcb23dc03b223f90743a46265c96c10554feec61cf620e5a2768bc4a6f 1 media-src *, script-src self 'unsafe-eval' 'unsafe-inline' https://lktest.sparm.com https://mc.yandex.ru https://xn--62-dlchecl2bsdax2n.xn--p1ai https://google.com https://www.gstatic.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost; 1 default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.comellasrestaurants.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' blob: *.comellasrestaurants.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; 1 default-src 'self' data: *.halkbank.com.tr *.doubleclick.net t.co *.facebook.com *.facebook.com.tr *.gstatic.com *.google.com *.google.com.tr *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.creative-serving.com *.ads-twitter.com *.twitter.com; 1 default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src 'self'; img-src 'self' https://analytics.monetra.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1 frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1 object-src 'self' 1 default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri https://www.asbestossafety.gov.au/report-csp-violation 1 frame-ancestors 'self' https://www.bluebiz.com 1 default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl www.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl;img-src data: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com *.onmarc.nl ssl.google-analytics.com www.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl www.prolife.nl stats.g.doubleclick.net bat.bing.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com *.cloudfront.net d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl;upgrade-insecure-requests;block-all-mixed-content; 1 default-src 'self' https://*.triplevision.nl; child-src 'self' https://*.triplevision.nl https://triplevisiondigital.com https://www.google.com https://paypal.com https://vimeo.com https://youtube.com https://twitter.com https://*.logrocket.com data: blob:; connect-src 'self' wss://*.hotjar.com wss://*.triplevision.nl https://*; font-src 'self' https:; frame-src 'self' https://blackfire.io https://vars.hotjar.com/; img-src 'self' data: http: https:; script-src 'self' https://*.triplevision.nl https://ajax.googleapis.com https://cdn.ampproject.org https://cdn.logrocket.com https://code.jquery.com https://platform.twitter.com https://maps.googleapis.com/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com data: https: 'unsafe-inline'; style-src 'self' https://*.triplevision.nl https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://*.twimg.com 'unsafe-inline'; 1 default-src 'self' *.massagetables.com *.spatables.com *.smartystreets.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/massagetables.com *.smartystreets.com https://s3-us-west-2.amazonaws.com/mfesecure-public/* www.google-analytics.com www.googletagmanager cdnjs.cloudflare.com google-analytics.com ajax.googleapis.com fonts.googleapis.com; style-src data: 'unsafe-inline' *.massagetables.com *.paysimple.com https://oakworks-cdn.sirv.com https://oakworks.sirv.com cdn.ywxi.net www.mcafeesecure.com www.google.com fonts.googleapis.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com ssl.p.jwpcdn.com; img-src 'self' data: *.massagetables.com *.spatables.com www.google-analytics.com oakworks-cdn.sirv.com oakworks.sirv.com oakworks.sirv.com oakworks.sirv.com cdnjs.cloudflare.com google-analytics.com ajax.googleapis.com ssl.google-analytics.com www.mcafeesecure.com web-assets-prod.s3.amazonaws.com stats.g.doubleclick.net www.paypal.com cdn.ywxi.net www.paypalobjects.com jwpltx.com; font-src 'self' data: *.massagetables.com https://oakworks-cdn.sirv.com oakworks.sirv.com stats.g.doubleclick.net fonts.googleapis.com fonts.gstatic.com ssl.p.jwpcdn.com www.google.com; frame-src 'self' www.massagetables.com https://www.google.com *.paysimple.com 1 ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com 1 frame-ancestors http://programasgratis.searchmgr.com/ 1 frame-ancestors 'self' www.pro-agent.com www.google.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * ; img-src 'self' https://assets.bbulibrary.com https://p.typekit.net https://tags.w55c.net https://www.google-analytics.com https://www.google.com https://*.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://t.sharethis.com https://ws.sharethis.com https://www.google.com/ https://youtu.be https://c.sharethis.mgr.consensu.org; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src https://*.vcstest.com https://js.stripe.com https://api.stripe.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self' *.fg.cz localhost localhost-promo;font-src 'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.fg.cz localhost-promo *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net api.bileto.zone;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.fg.cz localhost-promo analytics.monkeytracker.cz https://connect.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com;form-action 'self' *.fg.cz localhost localhost-promo;frame-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz localhost localhost-promo *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com;child-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz localhost localhost-promo *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com;frame-ancestors 'self' *.fg.cz localhost localhost-promo;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.fg.cz localhost localhost-promo analytics.monkeytracker.cz *.doubleclick.net *.google.com *.facebook.com *.bileto.com *.google.cz *.zopim.com *.instagram.com *.cdninstagram.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.fg.cz localhost localhost-promo;object-src 'self' *.fg.cz localhost localhost-promo 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.g.doubleclick.net https://s.ytimg.com/yts/jsbin/ *.googleadservices.com *.google.com *.google.cz http://platform.linkedin.com https://www.transguardgroup.com 1 sandbox allow-forms allow-scripts allow-top-navigation allow-popups allow-popups-to-escape-sandbox; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.jquery.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; object-src 'self' www.google-analytics.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'unsafe-eval' ; img-src 'self' *.googleapis.com *.google-analytics.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com 192.168.2.248 dev.nixa.ca:8248; font-src 'self' *.gstatic.com *.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' webcode.telekom-dienste.de fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com *.wbtrk.net lo.v.liveperson.net accdn.lpsnmedia.net *.facebook.net *.intelliad.de *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.cloudflare.com empathy-portal.de lpcdn.lpsnmedia.net *.usabilla.com *.cloudfront.net *.adform.net; object-src 'self'; style-src 'self' 'unsafe-inline' webcode.telekom-dienste.de www.telekom.de fonts.googleapis.com *.cloudfront.net; img-src data: 'self' cdn.smarthome.de webcode.telekom-dienste.de *.doubleclick.net fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com lpcdn.lpsnmedia.net *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com empathy-portal.de *.brodos.com *.facebook.com *.intelliad.de tracking.mlsat02.de *.cloudfront.net *.usabilla.com; media-src 'self' fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com lpcdn.lpsnmedia.net; frame-src 'self' *.rfihub.com t23.intelliad.de *.youtube-nocookie.com *.youtube.com lptag.liveperson.net lpcdn.lpsnmedia.net *.lo.cobrowse.liveperson.net server.lon.liveperson.net email-telekom.de shopsuche.telekom.de *.facebook.com *.facebook.net/ ebs08-stg.telekom.de ebs08.telekom.de https://d6tizftlrpuof.cloudfront.net *.usabilla.com; font-src 'self' *.gstatic.com data: https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://fonts.googleapis.com; connect-src 'self' wss://gwe-dmz-cc.telekom.de https://gwe-dmz-cc.telekom.de https://rest.ice-search.de https://iss-staging-backend.ice-search.de https://ebs01-stg.telekom.de ebs01.telekom.de https://d6tizftlrpuof.cloudfront.net *.usabilla.com; form-action 'self' shopsuche.telekomshop.de *.facebook.net *.facebook.com 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data:; report-uri https://login.gordian.com/csp/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google-analytics.com *.stripe.com *.cloudflare.com *.gravatar.com *.wp.com *.wordpress.com wordpress.com *.woocommerce.com *.facebook.com *.pinterest.com *.youtube.com *.mightycovers.com *.google.com data: 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; upgrade-insecure-requests; style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline'; 1 connect-src 'self' https://www.googleapis.com/customsearch/v1 https://dc.services.visualstudio.com ; frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ ; default-src 'self' ; img-src 'self' data: https://*.tmcdn.co.nz https://www.google.co.nz/ads https://www.google.com/ads https://www.facebook.com https://www.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.co-operativebank.co.nz https://tagmanager.google.com https://fonts.googleapis.com ; media-src blob: ; font-src 'self' data: 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.guncases.com 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com www.theweedtube.com emb.d.tube player.twitch.tv www.twitch.tv gleam.io js.gleam.io; connect-src 'self' smoke.io rpc.smoke.io wss://rpc.smoke.io https://rpc.smoke.io pubrpc.smoke.io; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com open.spotify.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net assets.mantisadnetwork.com mantodea.mantisadnetwork.com ecs.mantisadnetwork.com 'sha256-9MdCJGZqoXb6/d816rvLgJt14oUMkZptgCfncCZfl5k=' secure.quantserve.com rules.quantcount.com gleam.io js.gleam.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.shoptics.com 1 *xtremeidiots.com;*xtremeidiots.net 1 frame-ancestors https://www.msm.gov.ar/ 1 base-uri 'none'; form-action 'self'; default-src 'none'; script-src 'self' https://piwik.wut.de; style-src 'self'; img-src 'self' https://piwik.wut.de; frame-src 'self' https://piwik.wut.de; font-src 'self'; connect-src 'self'; frame-ancestors 'self'; report-uri /util/e-wwwww-rp-smww-000.php; 1 frame-ancestors 'self' *.sscwp.org 1