Values for x-content-security-policy:
frame-ancestors 'self' 382
img-src *; media-src * data:; 129
allow 'self'; 110
default-src 'self'; img-src *; media-src * data:; 97
report-uri /report-csp-violation 42
default-src 'self'; script-src 'self'; 42
default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 38
default-src 'self' 37
default-src 'self' 'unsafe-inline' 32
report-uri /report-csp-violation; upgrade-insecure-requests 30
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 27
frame-ancestors 'none' 24
default-src 'self'; script-src 'self' 'unsafe-inline' 22
upgrade-insecure-requests 21
default-src 'self'; 20
15
frame-ancestors https://*.marketo.com 13
allow-scripts allow-popups allow-same-origin; 12
frame-ancestors 'self'; 12
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 12
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 12
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 12
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 11
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 10
script-src 'self' 10
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 10
sandbox allow-scripts allow-popups allow-same-origin; 9
frame-ancestors *.windstream.net 8
default-src https: data: 'unsafe-inline' 'unsafe-eval' 8
frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com 8
allow 'self'; media-src *; img-src *; script-src *; style-src *; 8
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 7
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; 7
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 7
img-src * data: 7
frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 7
frame-ancestors https://*.canalplus.com https://*.canal-plus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 https://*.canalplus.com:3000 6
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 6
frame-ancestors * 6
frame-ancestors 'self' https://optimize.google.com/ 6
nosniff 6
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 6
frame-ancestors https://*.mediamarkt.se 'self' 6
block-all-mixed-content 5
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 5
default-src https: 'unsafe-inline' 5
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 5
frame-ancestors 'self'; report-uri /report-csp-violation 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 5
frame-ancestors 'self' weleda.sabio.de 5
default-src * 5
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 5
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 5
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 5
upgrade-insecure-requests; 4
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 4
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 4
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https:; report-uri /report-csp-violation 4
frame-ancestors 'self' *.sncf-connect.com; report-uri /report-csp-violation; upgrade-insecure-requests 4
default-src matomo.iserv.eu forms.www-marketing.iserv.eu 'self'; script-src matomo.iserv.eu 'self'; style-src 'self'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu; font-src 'self' data:; 4
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 4
default-src 'self'; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 4
default-src *.hotjar.com wss://*.hotjar.com 'self' http: bott-tc.nautilus https: vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus foerderrechner.bosch-thermotechnology.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' data: script.hotjar.com fonts.gstatic.com www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' *.bosch-thermotechnology.com cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org urldefense.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net; report-uri /report-csp-violation 4
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 4
frame-scr 'self' 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 4
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 4
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4
default-src 'self' ;options inline-script eval-script;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 4
self 4
default-src 'unsafe-inline' 'self' https: wss: data: blob:; object-src 'none' 4
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self' https://actionverb.applytojob.com;frame-ancestors 'none';frame-src prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io;style-src 'self' 'unsafe-inline';worker-src 'self'; 3
frame-ancestors https://members.cafepress.com  https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 3
frame-ancestors 'self' tvn24.pl *.tvn24.pl 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 3
script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'  3
default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com 3
frame-ancestors www.red-gate.com; 3
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com app.veertly.com; report-uri /report-csp-violation 3
report-uri /admin/config/system/seckit/csp-report 3
connect-src * 'self' 3
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/ https://wchat.eu.freshchat.com https://paysera.eu.webpush.freshchat.com; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com https://wchat.eu.freshchat.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com https://wchat.eu.freshchat.com 'unsafe-inline'; report-uri /v2/csp-violations/report 3
default-src 'self' *.googleapis.com cdnjs.cloudflare.com danord.gdi-sh.de efi2.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com landesportal-sh.dwebanalytics.de danord.gdi-sh.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr *.schleswig-holstein.de https://danord.gdi-sh.de https://cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.vimeo.com https://matomo.schleswig-holstein.de 'sha256-Z63e+VFsLCeJvcIIADffuk58gwH7zpv5jIPJITytEps=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' *.schleswig-holstein.de 'sha256-Iv6+ueUCwCo7hxRPKs4x5N9MLe5bAOcJqKOJNkpFa4Q=' 'sha256-hwQ3jJFF76RYXz5z/h9KPxxCmJrIWmkrPI/0ue3TTVA=' 'sha256-jJH1V3gDESBl63xPMOf/g+/WVSLp61k6VjeyPRt1KKQ=' https://danord.gdi-sh.de 'sha256-4klLXXsGOpjKz3t5aaLNu/fwLVb7TxsGq0CBc4UUkGM=' cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com *.materna.de; object-src 'none' 'self' multimedia.gsb.bund.de; media-src 'self' blob: https://multimedia.gsb.bund.de *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookies.com https://youtu.be https://vimeo.com; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de https://danord.gdi-sh.de *.podigee-cdn.net *.readspeaker.com *.kaltura.com *.seminareonlinebuchen.de; frame-src cdn.podigee.com *.podigee-cdn.net *.umweltdaten.landsh.de *.schleswig-holstein.de danord.gdi-sh.de *.google.com *.gstatic.com *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.fr danord.gdi-sh.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr https://matomo.schleswig-holstein.de *.schleswig-holstein.de https://danord.gdi-sh.de https://sg.geodatenzentrum.de *.seminareonlinebuchen.de *.umweltdaten.landsh.de *.cdninstagram.com land-sh.termine-regional.de hht.infomaxnet.de dam.destination.one admin.die-netzwerkstatt.de *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net; worker-src blob: 'self'; frame-ancestors 'self'; 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 3
frame-ancestors none; 3
connect-src 'self' 3
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3
default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com 'unsafe-inline' 'unsafe-eval' data: 3
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 3
default-src 'self' https://accesso.com https://px.ads.linkedin.com https://p.adsymptotic.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://pi.pardot.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://accesso.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com; img-src 'self' https://accesso.com https://www.accesso.com https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://privacy-policy.truste.com data:; connect-src 'self' https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; font-src 'self' https://cloud.typography.com https://use.fontawesome.com data:; frame-src 'self' https://bid.g.doubleclick.net https://player.vimeo.com/ https://hello.accesso.com/ https://polaris.brighterir.com https://www.youtube.com; 3
default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 3
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 3
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 3
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 3
font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 3
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 3
default-src 'self' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com smetrics.chadstone.com.au smetrics.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com 'unsafe-eval'; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com *.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com smetrics.*.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com about:; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com; object-src *.googlesyndication.com; media-src dai.google.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com form-action *.google.com; worker-src blob: *.google.com prefetch-src *.googlesyndication.com 3
frame-ancestors 'self' https://mycourses.w3schools.com; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.realsimple.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 2
base-uri 'self'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;block-all-mixed-content;object-src 'self';frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com;frame-ancestors 'self'; 2
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com https://act.nrdc.org; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.instyle.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2
frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 2
frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub141debbb5c4dc4c0034c0aedd3e2f56c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 2
frame-ancestors 'self' *.iza.org; 2
default-src 'self' data: https://*.nskes.ru:* https://*.youtube.com/ https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://bitrix.info https://*.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com httsp://code.jivosite.com https://*.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://yastatic.net:* https://bitrix.info:* https://widget.beesender.com; style-src 'self' 'unsafe-inline' https://code.jivosite.com:* https://*.yandex.ru:* https://widget.beesender.com https://*.googleapis.com https://*.gstatic.com:*; img-src 'self' data: https://code.jivosite.com:* https://*.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://*.googletagmanager.com https://widget.beesender.com:* https://nskes.ru/ https://*.nskes.ru:*; font-src 'self' https://*.gstatic.com:*; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src 'self' 'unsafe-inline' *.royalroad.com fonts.googleapis.com ajax.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'none'; img-src 'self' www.royalroadl.com www.royalroad.com cdn.royalroadlegends.com www.royalroadcdn.com www.gravatar.com data:; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 2
default-src 'self'; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com *.g.doubleclick.net https://cookie-cdn.cookiepro.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com https://optimize.google.com optimize.google.com data: https://cookie-cdn.cookiepro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com https://cookie-cdn.cookiepro.com https://code.jquery.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://cookie-cdn.cookiepro.com 2
frame-ancestors 'self' *.chilis.com 2
frame-ancestors 'self' *.magenta.at *.t-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 2
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 2
default-src 'self' https://*.tv1.eu http://*.tv1.eu 2
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2
default-src 'self' *.unad.edu.co; 2
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com fast.wistia.com *.wistia.net embedwistia-a.akamaihd.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/ cdn.evgnet.com cdn.getsmartcontent.com s.getsmartcontent.com v1.addthisedge.com z.moatads.com www.youtube.com view.ceros.com *.wistia.com *.wistia.net src.litix.io; img-src 'self' data: ssl.gstatic.com/ embed.wistia.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net secure.adnxs.com ib.adnxs.com/ www.google.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com pixel.mathtag.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com *.amazonaws.com cx.atdmt.com www.linkedin.com/ *.fls.doubleclick.net cm.g.doubleclick.net assets.getsmartcontent.com id.rlcdn.com/464526.gif match.prod.bidr.io/cookie-sync/demandbase segments.company-target.com block.opendns.com images.ctfassets.net pippio.com aa.agkn.com; frame-src 'self' m.addthis.com s7.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com cdn.getsmartcontent.com *.bound360.com tagmanager.google.com www.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net pi.pardot.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz *.fls.doubleclick.net connect.guardiangroupbenefits.com; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian guardianlife.us-1.evergage.com bat.bing.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz maps.googleapis.com api.company-target.com segments.company-target.com m.addThis.com; font-src 'self' data: fonts.gstatic.com *.wistia.com; media-src 'self' blob: data: www.podbean.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net 2
frame-ancestors 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
default-src 'self' www.googletagmanager.com www.google-analytics.com fonts.gstatic.com px.ads.linkedin.com stats.g.doubleclick.net snap.licdn.com ajax.googleapis.com fonts.googleapis.com code.jquery.com use.fontawesome.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net; 2
frame-ancestors 'self' eon.de *.eon.de 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; font-src 'self' *.googleapis.com *.gstatic.com acsbapp.com data:; connect-src 'self' * blob:; report-uri /report-csp-violation 2
frame-ancestors 'self' mein.kabelplus.at newapp.etracker.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' https://code.jquery.com/ https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://static.cloudflareinsights.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://snap.licdn.com/ https://js-agent.newrelic.com/ https://*.nr-data.net/ 'unsafe-inline' 'unsafe-eval'; object-src 'self'; frame-ancestors 'self'; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com members.ahcancal.org; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com ahcancal.wufoo.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; child-src 'self'; font-src 'self' data; form-action https:; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; worker-src 'none' 2
frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://wordpress-54524-1231354.cloudwaysapps.com https://usagym.wpmudev.host https://wordpress-54524-2596185.cloudwaysapps.com; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 2
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
script-src 'self'; 2
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://*.hs-koblenz.de https://player.vimeo.com; style-src 'self' 'unsafe-inline'; default-src https://*.hs-koblenz.de 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data:; script-src https://*.hs-koblenz.de 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' https://*.tile.openstreetmap.de data: 'self'; 2
sandbox; 2
default-src 'self' data: blob: https: *.boschtools.com  *.mycliplister.com *.hotjar.com *.linkedin.com a19948120449.cdn.optimizely.com 10097804.fls.doubleclick.net adservice.google.com adservice.google.de ad.doubleclick.net errors.client.optimizely.com logx.optimizely.com px.ads.linkedin.com visitor-service-eu-central-1.tealiumiq.com; font-src 'self' data: gallery.sprinklr.com ; object-src data: 'self'; img-src https: data: blob: scontent-iad3-2.cdninstagram.com scontent.cdninstagram.com thumb.sprinklr.com collect.tealiumiq.com gwmtracking.com pbs.twimg.com; style-src 'self' 'unsafe-inline' https: 10097804.fls.doubleclick.net gallery.sprinklr.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com gallery.sprinklr.com bosch-tools-resultpage.com cvg-bosch.widget.custhelp.com s.webtrends.com tags.tiqcdn.com cdn.optimizely.com cdn.pricespider.com platform.twitter.com snap.licdn.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hmfoundation.com/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
frame-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us; child-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us 2
default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; report-uri /csp-report 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com munchkin.marketo.net; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; 2
frame-ancestors *; report-uri /report-csp-violation 2
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 2
frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 2
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net dpm.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com *.bitdefender.co.jp bitdefender.co.jp new.bitdefender.co.uk store.bitdefender.com bitdefender-html.test 2
default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com  ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com qcqcdn.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net  collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com  data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src www.google-analytics.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 2
frame-ancestors 'self' *.force.com *.salesforce.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net; 2
default-src 'self' https://www.youtube.com detergents.lidl-info.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com form.lidl.com lidl.media01.eu fpm.climatepartner.com services.melixa.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 2
default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.logs.datadoghq.eu https://*.visualforce.com https://stats.g.doubleclick.net https://*.bing.com https://*.virtualearth.net https://hcaptcha.com https://*.hcaptcha.com https://*.cookieinformation.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com  https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com https://*.adobedtm.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://www.rumiview.com https://twin-iq.kickfire.com https://tag.simpli.fi https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://*.bing.com https://*.virtualearth.net https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com https://twin-iq.kickfire.com https://www.rumiview.com https://*.bing.com https://*.virtualearth.net https://*.salesforce.com https://*.force.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://hcaptcha.com https://*.hcaptcha.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://*.doubleclick.net https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 2
frame-ancestors https://*.smartrecruiters.com 2
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de  *.newsletter2go.com; media-src 'self' blob: multimedia.gsb.bund.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io; img-src 'self' blob: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com twemoji.maxcdn.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de  *.newsletter2go.com; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com; connect-src 'self' nzdf.test:8080; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 2
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 2
default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; prefetch-src https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.qenta.com; navigate-to 'self' https: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 2
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com region1.google-analytics.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co; frame-src 'self' *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com; worker-src 'self' blob: 2
frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com lvccld.bibliocms.com *.lvccld.bibliocms.com https://thelibrarydistrict.org thelibrarydistrict.org *.thelibrarydistrict.org; 2
frame-ancestors 'self' localhost:* *.tason.com 2
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it  mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline';child-src * blob:; object-src 'none';img-src * blob: data:  ws: wss: gap:;frame-ancestors 'self';connect-src * data: blob: 'unsafe-inline'; worker-src data: blob: 'unsafe-inline';font-src 'self' data: *;script-src * 'unsafe-inline' 'unsafe-eval' 2
default-src 'none';  script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 2
report-uri //report-csp-violation 2
default-src 'self'; block-all-mixed-content; connect-src 'self' https://embed.tawk.to https://upload.tawk.to https://va.tawk.to wss://*.tawk.to; font-src 'self' data: https://embed.tawk.to; img-src 'self' data: https://embed.tawk.to https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://embed.tawk.to 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs *.emmezeta.si emmezeta.si; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data\: ; style-src 'self' 'unsafe-inline'; font-src 'self' 2
default-src 'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 2
frame-ancestors http://*.viewlift.com 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self'; 2
allow 'self'; options inline-script eval-script$t_avatar_img_allow; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 2
style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 2
script-src 'self' 'unsafe-inline' https://kariera.pregis.cz https://cdn.jsdelivr.net https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://t.leady.com https://connect.facebook.net https://www.linkedin.com https://sjs.bizographics.com https://px.ads.linkedin.com; object-src 'none'; font-src * data:; frame-ancestors 'none'; 2
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 2
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 2
frame-ancestors 'self' https://*.etracker.com 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 2
default-src 'self';object-src 'none'; base-uri 'self';img-src 'self' data:;style-src 'self' 'unsafe-inline';frame-ancestors https://dan.bo; 2
frame-ancestors 'self' *.volusion.com 2
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 2
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 2
allow 'self' 2
default-src wss://*.hotjar.com 'self' http:  https: bott-fs.kittelberger.net *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src data: 'self' www.bosch-thermotechnology.us bosch-thermotechnology.us fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' www.bosch-thermotechnology.us bosch-thermotechnology.us static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
default-src 'self' https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://cmill.de https://www.cmill.de https://*.hcaptcha.com https://hcaptcha.com; script-src 'self' 'unsafe-eval' https://*.laborpublisher.de https://static.newsletter2go.com https://piwik.limbachgruppe.com maps.googleapis.com cdnjs.cloudflare.com https://cdn1.jameda-elements.de https://*.hcaptcha.com https://hcaptcha.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hcaptcha.com; frame-ancestors 'self'; frame-src 'self' https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://*.hcaptcha.com; font-src 'self' fonts.gstatic.com; 2
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src *; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups allow-pointer-lock 2
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; report-uri https://stats.uno.uk/ruri/r/d/csp/enforce 2
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1
default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-i7fEQF8q64h77+HpQj9MAw=='; style-src 'self' 'unsafe-inline' 1
policy-uri /parivahan//'self' 1
default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://lodz.pl https://*.lodz.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://lodz.pl https://*.lodz.pl  https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://lodz.pl https://*.lodz.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://lodz.pl https://*.lodz.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net  data:; object-src 'none'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1
frame-ancestors 'self' icrc.org *.icrc.org 1
default-src 'self'; object-src 'none'; block-all-mixed-content; script-src 'self' 'nonce-05286c6c-872e-4ce6-b1d9-79b6e7a4fadd' https://*.groww.in/ wss://*.groww.in/ wss://groww.in/ https://*.freshchat.com/ https://*.webengage.com/ http://cdn.widgets.webengage.com/ https://connect.facebook.net/ https://*.razorpay.com/ https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://storage.googleapis.com/ https://www.googletagmanager.com/ https://tagmanager.google.com https://www.google-analytics.com/ https://ssl.google-analytics.com https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.google.com/ https://www.google.co.in/ https://fonts.googleapis.com/ https://www.youtube.com/ https://www.youtube.com/iframe_api https://www.youtube-nocookie.com/ https://*.ingest.sentry.io https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com/ https://hv-central-config.s3.ap-south-1.amazonaws.com/ https://hypersnapweb.hyperverge.co/ https://*.quora.com/; img-src 'self' data: blob: https://groww.in/ https://*.groww.in/ https://img.youtube.com/ https://i.ytimg.com https://i3.ytimg.com https://s3.amazonaws.com/cdn.freshdesk.com/ https://viewlogo.s3.amazonaws.com/ https://wchat.freshchat.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.googleusercontent.com/ https://www.google.com/ https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect https://www.google.co.in/ads/ga-audiences https://*.ingest.sentry.io https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com/ https://hv-central-config.s3.ap-south-1.amazonaws.com/ https://hypersnapweb.hyperverge.co/ https://*.quora.com/; style-src 'self' https://*.groww.in/ 'unsafe-inline' https://accounts.google.com https://wchat.freshchat.com/; font-src 'self' https://*.groww.in/ data:; connect-src 'self' data: blob: https://*.groww.in/ wss://*.groww.in/ wss://groww.in/ https://*.webengage.com/ https://*.razorpay.com/ https://*.delighted.com/ https://accounts.google.com https://www.google-analytics.com/ https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://*.googleapis.com/ https://*.ingest.sentry.io https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com/ https://hv-central-config.s3.ap-south-1.amazonaws.com/ https://hypersnapweb.hyperverge.co/ https://*.quora.com/; frame-src 'self' https://*.webengage.co https://*.google.com/ https://www.youtube.com/ https://www.facebook.com https://*.groww.in/ wss://groww.in/ wss://*.groww.in/ https://wchat.freshchat.com/ https://growwapi.firebaseapp.com/ https://www.youtube.com/embed/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.ingest.sentry.io https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com/ https://hv-central-config.s3.ap-south-1.amazonaws.com/ https://hypersnapweb.hyperverge.co/ https://*.quora.com/; media-src https://*.groww.in/ blob: 1
default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-5cCckOX4DoSzwb5VWupVqKPhaB8DdVftKRJY9tdPyLPZfwSK'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.shape.com 1
img-src *; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfamily.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de blob: data:; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1
frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 1
frame-ancestors 'self' *.griffith.edu.au 1
base-uri 'none'; default-src 'none'; script-src 'self' 'strict-dynamic' https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com 'nonce-c68fc73e54c2251cd5d6b3ef6475f834a69d6b6f28c5' 'nonce-fb00a4fd78085fdae7a33a6ccfe45339ddaf819dde2a' 'nonce-abef9b7b7833e884dcd4c0b26b55a3637bb410f2d321' 'nonce-eae9ea7f3c6e465b1d9659e8aea0cfc7d80ca09faab2' 'nonce-16a29a444dd1e72a4b4c41c21479cb3b93a4b765eec9' 'sha256-Izuaqj8IASWeIQNMSUxTAu1xfVkuxZoh0HWp2vXWmUw=' 'sha256-S8ATmooPrdQ2Nay6tf/47R9k0cAO7UBRkHxsOAoBYRo=' 'sha256-XAx0QTkeSMxVYPyFrbBVIhj8CvKfaJdR3Qo0gvrp16k=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI=' 'sha256-RGXYkM5eJnPMRMF6GxqO4fwBZJ/0smjrg583vrlggxY=' 'sha256-BPN1prcoxE8YZc+BJbj+01KDy+hnAfk8B9aj+H5nFh4=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'nonce-03e5ff76ea02f4124fc472bc985e56152fc4e3011dff' 'nonce-fc950f5e5a76dbf6da0f490bef84c7ce4610a7909ace' 'nonce-a11139a22fdf9d355b12d28f09ab6e4ce872e28eff7f' 'nonce-ef9150dd713ef1cee78a8ad5186f8c9a87f02621fc25' 'nonce-865e79f8d7213d1ace398bfd1cdb60c51b9fab7f1787'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; prefetch-src 'self' *.boltdns.net *.googleapis.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com connect.facebook.net static.ads-twitter.com *.twitter.com snap.licdn.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net bat.bing.com *.bat.bing.com static.ads-twitter.com t.co px.ads.linkedin.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca?command=logout assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com bat.bing.com *.bat.bing.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com bid.g.doubleclick.net *.bat.bing.com *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://cdn.mises.org; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.learnreligions.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1
frame-ancestors 'self' *.yatra.com 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com 1
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu endpoint-app.cognigy.ai wss://endpoint-app.cognigy.ai 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  1
default-src 'self'; connect-src 'self' https://*.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.browsealoud.com https://*.speechstream.net blob: https://en.wikipedia.org https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/; script-src 'self' https://*.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.browsealoud.com https://*.speechstream.net 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://*.intercom.io https://js.intercomcdn.com https://analytics.twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com 'nonce-166389412558800' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic.dev.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com; img-src * data: https://optimize.google.com https://script.hotjar.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic.dev.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic.dev.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' courses.ecu.edu.au *.instructure.com *.canvaslms.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1
frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
default-src https:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' http: www.google-analytics.com ajax.googleapis.com; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 1
frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 1
report-uri /main/report-csp-violation; upgrade-insecure-requests 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
default-src 'self' http: https: pages.addigy.com go.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: pages.addigy.com;img-src 'self' data: https://app-dev.addigy.com https://app-prod.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com  http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://aorta.clickagy.com;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io siteintercept.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net; report-uri /report-csp-violation 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru  *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com *.jivo.ru webhost1.bitrix24.ru *.roistat.com cfv4.com qoopler.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch; font-src 'self' 'unsafe-inline' data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch; frame-ancestors *.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.chimpstatic.com; frame-src 'self' *.test *.azurewebsites.net *.cablex.ch *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.chimpstatic.com; img-src 'self' data: http://*.tile.osm.org https://*.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch; upgrade-insecure-requests 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
frame-ancestors https://bid.g.doubleclick.net/ https://streetview.my/ https://safedepositboxjb.streetview.my https://s.hongleongconnect.my https://hlbmc.demdex.net https://8791613.fls.doubleclick.net/ https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data: blob: 'unsafe-inline' znovsqrc.micpn.com sitecoremedia.blob.core.windows.net stats.g.doubleclick.net *.stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net *.hotjar.com ad.doubleclick.net; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: https://cdn-prod.wdesk.com/ixbrl-viewer/1.0.0/ixbrlviewer.js znovsqrc.micpn.com optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' data: 'unsafe-inline' *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com *.hotjar.com; connect-src 'self' recengine.margera.co *.onetrust.com wss://*.hotjar.com/api/v2/client/ws *.analytics.google.com www.google.gr optimize.google.com *.visualstudio.com *.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org *.hotjar.com *.hotjar.io; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com  auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net addthis.com *.addthis.com 'unsafe-inline' 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com; report-uri /report-csp-violation 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com https://virtualtour.csbsju.edu 1
frame-ancestors https://*.randstad.es; 1
connect-src 'self' *.mux.com; default-src 'self' *.googleapis.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org siteimproveanalytics.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com; *.mux.com; frame-src multimedia.gsb.bund.de *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.readspeaker.com *.saarland.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.openlayers.org openlayers.org *.openstreetmap.org *.geodatenzentrum.de *.siteimproveanalytics.io; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
frame-ancestors 'self' *.vergic.com 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
script-src 'nonce-6a1c8342f8714bf2876f75f86f431996' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dap.digitalgov.gov *.google-analytics.com *.typekit.net *.mycreditunion.gov *.silvercloudinc.com *.mpeasylink.com *.googletagmanager.com; img-src 'self' data: *.mycreditunion.gov *.google-analytics.com *.typekit.net *.amazonaws.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self' s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.silvercloudinc.com; connect-src 'self' performance.typekit.net *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.mpeasylink.com 1
default-src 'self' https://*.gstatic.com; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yastat.net https://*.yastat.net https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net https://*.doubleclick.net https://relap.io; font-src data: https://*.gstatic.com https://s0.2mdn.net https://yandex.ru https://*.yandex.ru https://yastatic.net https://*.yastatic.net https://yastat.net https://*.yastat.net 'self' https://relap.io; frame-src 'self' https://relap.io https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net http://webvisor.com https://www.googletagmanager.com http://www.googletagmanager.com https://relap.io; img-src 'self' https://*.stripocdn.email https://*.tns-counter.ru https://*.medkongress.ru http://*.medkongress.ru https://*.nesterovskie-chteniya.ru http://nesterovskie-chteniya.ru https://*.tns-counter.ru https://*.weborama.fr http://*.weborama.fr https://www.vidal.ru https://vidal.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com https://*.honcode.ch http://*.honcode.ch https://yastatic.net https://*.yastatic.net https://relap.io https://cm.p.altergeo.ru https://*.relap.io; media-src 'self' data: https://*.google.com https://*.google.ru https://*.yandex.net https://*.strm.yandex.ru https://strm.yandex.ru https://yandex.ru https://yandex.st https://yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://*.yandex.ru https://*.admetrica.ru https://www.googletagmanager.com https://relap.io https://cm.p.altergeo.ru; script-src 'self' https://relap.io https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://an.yandex.ru https://yandex.st https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net https://code.createjs.com https://www.googletagmanager.com http://www.googletagmanager.com https://*.ampproject.org https://relap.io https://js.ad-score.com; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://relap.io 1
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data:audio 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data:image/gif data:image/png data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src wss://endpoint.chatbot-suite.bosch.tech 'self' https: mycliplister.com 1
frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src * blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=VO9wi5b7yPIqlaS38vR%2BNAEifNKUGraPbSPj7z6HMM6e91nJBeLKrhDoMRS1CAMILSYYwTkEMjtOuVNbeD%2BYvA%3D%3D; 1
base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=8WaadZjWcYERmFMQ5n60wN%2Fz8htvucXc6oritZh8SslUyGDcknGT%2FsuuukIjsK0cHCKUNd4Miixtl%2BBii70%2F8w%3D%3D; 1
default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv https://cdn01.spd.de ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de https://socialwall.spd.de https://cdn01.spd.de http://*.spd.de https://*.openstreetmap.de ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net https://sipg.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de ; connect-src 'self' https://analytics.spd.de https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de ; 1
default-src 'self' portal.dimdi.de icd11restapi-de-prerelease.azurewebsites.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.who.int; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/ https://banners-ads.sakani.sa/; report-uri /ar/report-csp-violation 1
: default-src * 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn  'self'; 1
frame-ancestors 'self' harri.com bam.harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com live.harri.com; 1
policy-uri /'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' https://aws.demdex.net https://dpm.demdex.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://*.amazonpay.com; default-src 'self'; 1
default-src 'self'; script-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
default-src 'self' https://widget-v4.tidiochat.com; style-src 'self' https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://api.midtrans.com https://cdn.appsflyer.com https://cdn.ampproject.org https://cdn.amplitude.com https://api.amplitude.com/ https://s.yimg.com https://sp.analytics.yahoo.com https://api.midtrans.com https://stats.g.doubleclick.net https://fcm.googleapis.com *.xendit.co *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://websdk.appsflyer.com https://maps.googleapis.com https://googleapis.com blob: https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://cdnjs.cloudflare.com https://www.google.com https://js.xendit.co/v1/xendit.min.js 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com *.sentry-cdn.com https://www.instagram.com/embed.js https://code.tidio.co https://widget-v4.tidiochat.com https://js.appboycdn.com; img-src 'self' https://*.google.co.in https://*.google.co.id https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com http://www.linkdokter.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.xendit.co *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://js.xendit.co/v1/xendit.min.js https://www.gstatic.com https://px.ads.linkedin.com https://p.adsymptotic.com https://twemoji.maxcdn.com https://s3.eu-west-1.amazonaws.com https://tidio-images-messenger.s3.amazonaws.com https://ciwss.com; connect-src 'self' https://pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://cdn.ampproject.org https://cdn.amplitude.com https://api.amplitude.com/ https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://sentry.io https://fcm.googleapis.com *.midtrans.com *.xendit.co *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com http://gcp.stage.halodoc.com http://gcp.prod.halodoc.com https://web.prod.halodoc.com http://localhost:14000 https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event https://js.xendit.co/v1/xendit.min.js https://api.xendit.co *.sentry.io https://sentry-new.tidio.co https://socket.tidio.co https://api-v2.tidio.co wss://sentry-new.tidio.co wss://socket.tidio.co wss://api-v2.tidio.co https://sdk.iad-05.braze.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data:; object-src 'self' https://*.cloudfront.net http://*.cloudfront.net; frame-src * 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
script-src 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineaccess1.com https: dc.services.visualstudio.com dl.episerver.net s.ytimg.com js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net  d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com www.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net connect.facebook.net bat.bing.com cdn.cookielaw.org js.hsforms.net forms.hsforms.com js.hsleadflows.net js.hs-scripts.com js.hs-analytics.net *.onetrust.com cdn.cookielaw.org js.hs-banner.com *.hotjar.com *.hotjar.io www.gstatic.com lh3.googleusercontent.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 8316073.fls.doubleclick.net www.googleadservices.com *.google.com ssl.google-analytics.com www.youtube.com js.adsrvr.org *.umpquabank.com; style-src 'self' 'unsafe-inline' https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com dl.episerver.net js.hs-scripts.com js.hs-analytics.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com *.ads.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net *.hotjar.com connect.facebook.net bat.bing.com cdn.cookielaw.org 8316073.fls.doubleclick.net js.hsforms.net forms.hsforms.com js.hs-banner.com fonts.googleapis.com tagmanager.google.com; img-src 'self' 'unsafe-inline' https: lh3.googleusercontent.com dc.services.visualstudio.com *.hotjar.com *.hotjar.io *.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com stats.g.doubleclick.net bat.bing.com px.ads.linkedin.com *.hubspot.com p.adsymptotic.com gateway.zscalerthree.net cdn.cookielaw.org *.umpquabank.com www.googletagmanager.com insight.adsrvr.org  www.linkedin.com pixel.advertising.com  ib.adnxs.com  pixel.rubiconproject.com  *.adsrvr.org  cm.g.doubleclick.net  t.co  x.bidswitch.net   dsum-sec.casalemedia.com  simage2.pubmatic.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' wss://*.hotjar.com https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com *.hotjar.com:* *.hotjar.io www.google-analytics.com cdn.cookielaw.org *.hubspot.com forms.hsforms.com stats.g.doubleclick.net rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' https: *.q4cdn.com *.adsrvr.org www.theroishop.com www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com forms.hsforms.com *.umpquabank.com *.hotjar.com *.hotjar.io bid.g.doubleclick.net player.megaphone.fm 9395210.fls.doubleclick.net platform.mi.spglobal.com *.youtube.com *.onetrust.com cdn.cookielaw.org player.ooyala.com *.q4web.com; font-src 'self' 'unsafe-inline' https: *.umpquabank.com *.hotjar.com *.hotjar.io fonts.gstatic.com data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.eelv.fr/ https://*.issuu.com/ https://sourcemaps.issuu.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://www.youtube.com/ http://*.ufederation.com/; img-src 'self' data: blob: https://*.eelv.fr/ https://*.ytimg.com/ https://*.twimg.com/ https://platform.twitter.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://*.dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ https://www.youtube.com/ http://*.ufederation.com/; object-src 'self' data: blob: https://*.eelv.fr/ https://*.youtube.com/ https://www.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://*.spotify.com/ https://*.issuu.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.soundcloud.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://typeform.com/ https://*.dailymotion.com/ https://dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ http://*.ufederation.com/; frame-src 'self' data: blob: https://*.eelv.fr/ https://*.youtube.com/ https://www.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://*.spotify.com/ https://*.issuu.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.soundcloud.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://typeform.com/ https://*.dailymotion.com/ https://dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ http://*.ufederation.com/; 1
default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; frame-ancestors 'self' https://admin.unicef-irc.org 1
default-src https:; script-src 'self' 'nonce-M9mnlAXJbT52JVN9is8Wj3okTv7u0wQT' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; style-src 'self' 'nonce-LIcnh25H8zU7XeJesS+w2OWqcn8jJsg+' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; img-src 'self' data: https://*; object-src 'self' data: https://*; frame-src 'self' data: https://*; form-action 'self' data: ; 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center *.akamaized.net; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com https://test-gpc-1.sg.va.sabio.cloud s.yimg.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.zdassets.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io https://test-gpc-1.sg.va.sabio.cloud https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://tagmanager.google.com https://www.googletagmanager.com *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-2B5MB1HgwhVD48Gp' static.cloud.coveo.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com www.pingvp.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com www.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu www.pingvp.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl defriesland.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src https: 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://api.openhive.network https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com https://hivebuzz.me https://peakd.com https://api.deathwing.me https://api.ha.deathwing.me *.ibytedtos.com wss://hive-auth.arcange.eu; default-src 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com cdn.embedly.com; frame-ancestors 'none'; frame-src 'self' https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com *.tiktokcdn.com *.ttwstatic.com; report-uri /api/v1/csp_violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai data.reactandshare.com; media-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai cdn.reactandshare.com data.reactandshare.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai networkmigri.boost.ai prh.boost.ai data.reactandshare.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
frame-src 'self' blob: *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net; font-src 'self' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com; style-src 'unsafe-inline' 'self' *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 1
frame-ancestors 'self' *.gohunt.com 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bpl.bibliocms.com *.bpl.bibliocms.com https://www.bpl.org www.bpl.org *.www.bpl.org; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net; frame-ancestors 'self'; 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com 1
upgrade-insecure-requests; default-src * data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com data: 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://cdn.plyr.io https://player.vimeo.com https://static.cloud.coveo.com https://cdn.jsdelivr.net https://view.ceros.com; style-src 'self' data: 'unsafe-inline' https://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.plyr.io https://static.cloud.coveo.com; img-src * 'self' data: https://*.hotjar.com; font-src 'self' data: https://*.hotjar.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com; frame-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com https://view.ceros.com; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1
default-src 'self';script-src * 'unsafe-eval' 'unsafe-inline' 'self';connect-src *.z8games.com remotejs.com api.sjpf.io api.fpjs.io stats.g.doubleclick.net *.onstove.com api.gate8.com *.gate8.com z8games.akamaized.net br-crossfire.akamaized.net crossfire.akamaized.net www.google-analytics.com 'self';img-src * data:;style-src *.typekit.net *.bootstrapcdn.com fonts.googleapis.com *.z8games.com cdnjs.cloudflare.com br-crossfire.akamaized.net z8games.akamaized.net cfx.game.onstove.com cfx.game.gate8.com crossfirex.akamaized.net *.onstove.com *.crossfirex.com crossfirex.com code.jquery.com webfonts.creativecloud.com cdn.rawgit.com cdn.jsdelivr.net 'unsafe-inline' 'self';font-src * data: 'self';frame-src www.surveymonkey.com z8games.akamaized.net *.z8games.com *.crossfirex.com crossfirex.com cfx.game.onstove.com cfx.game.gate8.com www.google.com www.facebook.com www.youtube.com *.openbucks.com *.boku.com *.paysafecard.com *.doubleclick.net *.googletagmanager.com googletagmanager.com player.twitch.tv clips.twitch.tv 'self';frame-ancestors *.z8games.com *.crossfirex.com crossfirex.com cfx.game.onstove.com cfx.game.gate8.com platform.twitter.com 'self';media-src z8games.akamaized.net crossfirex.com crossfirex.akamaized.net cfx.game.onstove.com cfx.game.gate8.com * 'self';manifest-src *.z8games.com z8games.akamaized.net 'self'; 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://js-agent.newrelic.com/nr-1216.min.js https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://www.google-analytics.com/gtm/optimize.js https://googleads.g.doubleclick.net http://wcs.naver.net http://wcs.naver.net/wcslog.js https://fs.bizspring.net https://fs.bizspring.net/fs4/bstrk.1.js https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/6.37.0/otBannerSdk.js https://sjrtp8-cdn.marketo.com https://sjrtp8-cdn.marketo.com/rtp-api/v1/rtp.js https://hm.baidu.com https://hm.baidu.com/hm.js https://cdn.livechatinc.com https://cdn.livechatinc.com/tracking.js https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://cdn.parsely.com/keys/videojet.com/p.js https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://munchkin.marketo.net/161/munchkin.js http://63475.tctm.co http://63475.tctm.co/p.js https://api.livechatinc.com https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js http://63475.tctm.co http://63475.tctm.co/t.js http://app-sj04.marketo.com http://app-sj04.marketo.com/js/forms2/js/forms2.min.js http://cdn.livechatinc.com http://cdn.livechatinc.com/tracking.js http://munchkin.marketo.net http://munchkin.marketo.net/munchkin.js http://www.google-analytics.com http://www.google-analytics.com/analytics.js https://api.livechatinc.com https://api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.mouseflow.com https://cdn.mouseflow.com/projects/a9954248-100f-48af-93d9-4f38aeb12d06.js https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1005853898/ https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com https://www.google-analytics.com/gtm/js https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com http://www.googletagmanager.com https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.mouseflow.com https://cdn.mouseflow.com/fonts/gstatic_droidsans.woff2 https://s0.wp.com; frame-src 'self' https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com http://www.googletagmanager.com https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.livechatinc.com/widget/static/media/new_message.34190d36.ogg%27 https://cdn.livechatinc.com; worker-src 'none'; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' *.buechen.de; 1
default-src 'self' *.relay42.com vars.hotjar.com 6162542.fls.doubleclick.net;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.centraalbeheer.nl *.doubleclick.net *.facebook.net *.google.com *.googlesyndication.com *.hs-scripts.com *.linkedin.com *.r42tag.com *.relay42.com *.svtrd.com *.usabilla.com achmeadpm.achmea.nl:9999 ajax.googleapis.com api.usabilla.com app.contentsquare.com bat.bing.com cba.nmrc.nl cdn.ampproject.org cdn.harvest.graindata.com d6tizftlrpuof.cloudfront.net googleads.g.doubleclick.net https://www.googleoptimize.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net js.monitor.azure.com js.usemessages.com maps.googleapis.com player.quadia.net r.bing.com script.hotjar.com snap.licdn.com static.cloud.coveo.com static.hotjar.com surfly.com t.contentsquare.net tags.nmrc.nl www.dwin1.com www.google-analytics.com www.googleadservices.com www.youtube.com www.zenaps.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com;img-src data: 'self' *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.r42tag.com *.relay42.com *.svtrd.com *.svtrd.com *.usabilla.com adservice.google.com adservice.google.nl bat.bing.com c.az.contentsquare.net c.contentsquare.net cba.imgix.net clients1.google.com d6tizftlrpuof.cloudfront.net forms.hubspot.com https://www.googletagmanager.com l.contentsquare.net linkedin.com maps.googleapis.com maps.gstatic.com optimize.google.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com server.arcgisonline.com track.hubspot.com www.advieskeuze.nl www.awin1.com www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com www.zenaps.com;font-src 'self' fonts.gstatic.com script.hotjar.com;connect-src 'self' *.achmea.nl *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.hubapi.com *.nxtid.nl api.advieskeuze.nl api.hsforms.com api.hubspot.com api.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net calculations.figlo.com cba.imgix.net cba.nmrc.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com forms.hubspot.com formulier.centraalbeheer.nl geocode.arcgis.com https://*.hotjar.com https://*.hotjar.io k-aeu1.contentsquare.net l.contentsquare.net  maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com surfly.com t.svtrd.com vc.hotjar.io wss://*.hotjar.com wss://bat.bing.com www.google-analytics.com www.google.com;media-src 'self' ;object-src 'self' ;child-src blob: 'self' youtube.com *.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net localfocuswidgets.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1
allow 'self'; options inline-script; img-src 'self' data: 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com chicago.bibliocms.com *.chicago.bibliocms.com https://www.chipublib.org www.chipublib.org *.www.chipublib.org; 1
default-src 'self' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com; form-action 'self'; img-src 'self' maps.googleapis.com maps.gstatic.com www.google-analytics.com; font-src 'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com ; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-fCZZE7OzkqaU/0LhjGl3gQ==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.go-mpulse.net plus.turnpages.nl plus-consumentenservice.widget.custhelp.com plus-consumentenservice.custhelp.com *.akstat.io www.youtube-nocookie.com www.gstatic.com www.google.com app.checkjemedicijn.nl www.checkmijnmedicijn.nl *.contentsquare.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com *.quantummetric.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com *.google-analytics.com *.analytics.google.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com *.quantum-metric.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com *.google-analytics.com *.analytics.google.com *.quantummetric.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com static.hotjar.com script.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net js.hs-banner.com collectie.averoachmea.nl https://www.googletagmanager.com https://surfly.com d6tizftlrpuof.cloudfront.net js.usemessages.com https://js.hscollectedforms.net *.collectie.centraalbeheer.nl https://cdn.harvest.graindata.com https://collectie.centraalbeheer.nl https://www.youtube.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com track.hubspot.com forms.hubspot.com d6tizftlrpuof.cloudfront.net https://googleads.g.doubleclick.net *.ads.linkedin.com https://i.ytimg.com *.google-analytics.com *.analytics-google.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.hubapi.com api.hubspot.com forms.hubspot.com vc.hotjar.io cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net *.ave01.pre.connectis.io https://www.google-analytics.com https://surfly.com https://sentry.io *.hsforms.com *.averoachmea.nl *.collectie.centraalbeheer.nl https://controle.achmea.consentmonitor.nl https://collectie.centraalbeheer.nl dc.services.visualstudio.com *.google-analytics.com *.analytics-google.com;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com d6tizftlrpuof.cloudfront.net *.surfly.com surfly.com app.hubspot.com forms.hsforms.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl *.hsforms.com;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1
script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * ;frame-ancestors * ;form-action * ;manifest-src * ; 1
allow *; options inline-script eval-script; frame-ancestors 'self'; 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de; script-src 'strict-dynamic' 'nonce-6dc724cc7a57b527e7b972501f5c173a' 'nonce-39d9d32a2f5fbd0940aa52eaf82ca1e7' 'nonce-86b54fdab62ffcdd3040f165b5a33932' 'nonce-eea30aa271cba3afc569d3ec0a68af0d' 'nonce-cce0bad9ab759dc58c75045fe1fe9431' 'nonce-7fb1890542a21c39f3a6652ddcb471dd' 'nonce-714173c4e0b2e8a95f5f906f9414a1cf' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6dc724cc7a57b527e7b972501f5c173a' 'nonce-39d9d32a2f5fbd0940aa52eaf82ca1e7' 'nonce-86b54fdab62ffcdd3040f165b5a33932' 'nonce-eea30aa271cba3afc569d3ec0a68af0d' 'nonce-cce0bad9ab759dc58c75045fe1fe9431' 'nonce-7fb1890542a21c39f3a6652ddcb471dd' 'nonce-714173c4e0b2e8a95f5f906f9414a1cf' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self';frame-src 'self' blob: js.driftt.com *.google.com *.youtube.com *.trustarc.com;child-src 'self' blob: js.driftt.com *.youtube.com;script-src 'unsafe-hashes' 'unsafe-inline' 'self' *.google.com www.googletagmanager.com www.google-analytics.com script.crazyegg.com js.driftt.com consent.trustarc.com *.trumba.com *.cloudflare.com fast.wistia.com snap.licdn.com img.en25.com *.newrelic.com *.nr-data.net *.gstatic.com *.googleadservices.com;connect-src 'self' *.crazyegg.com www.google-analytics.com *.eloqua.com *.trumba.com *.wistia.com *.litix.io *.doubleclick.net *.eloqua.com *.nr-data.net *.akamaihd.net;style-src 'unsafe-inline' 'self' *.google.com *.trumba.com *.googleapis.com *.cloudflare.com;font-src 'self' data: fonts.gstatic.com *.googleapis.com *.wistia.com;img-src 'self' data: images.ctfassets.net www.google-analytics.com *.google.com www.googleapis.com www.googletagmanager.com consent.trustarc.com *.trumba.com *.contentful.com *.cloudfront.net *.wistia.com *.linkedin.com p.adsymptotic.com *.eloqua.com *.doubleclick.net *.on24.com;media-src 'self' blob: js.driftt.com;frame-ancestors 'self';form-action 'self'; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' analytics.interpolis.nl *.r42tag.com *.mopinion.com *.interpolis.nl az416426.vo.msecnd.net analytics.twitter.com  www.google-analytics.com static.ads-twitter.com www.googleoptimize.com www.googletagmanager.com *.doubleclick.net *.googleadservices.com opzeggen.nl www.opzeggen.nl cdn.harvest.graindata.com widget.greenonline.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://js.arcgis.com https://vc.hotjar.io *.googleanalytics.com https://optimize.google.com https://admin.relay42.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net js.arcgis.com widget.greenonline.nl optimize.google.com;img-src data: 'self' *.google-analytics.com www.google.com https://t.co/i/adsct  www.googletagmanager.com https://i.ytimg.com/ img.youtube.com services.arcgisonline.com server.arcgisonline.com www.google.nl interpolis.imgix.com js.arcgis.com fls.doubleclick.net interpolis.imgix.net  https://script.hotjar.com http://script.hotjar.com optimize.google.com www.gstatic.com https://analytics.twitter.com;font-src data: 'self' fonts.gstatic.com js.arcgis.com widget.greenonline.nl http://script.hotjar.com https://script.hotjar.com ;connect-src 'self' *.mopinion.com *.interpolis.nl dc.services.visualstudio.com *.google-analytics.com https://www.opzeggen.nl interpolis.imgix.net controle.achmea.consentmonitor.nl http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com services.arcgisonline.com adservice.google.com geocode.arcgis.com;media-src 'self' *.interpolis.nl;object-src 'self' ;child-src 'self' blob: t.svtrd.com youtube-nocookie.com www.youtube-nocookie.com *.doubleclick.net *.hotjar.com e.interpolis.nl widgets.bnr.nl www.youtube.com art19.com optimize.google.com;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net e.interpolis.nl https://vars.hotjar.com optimize.google.com;form-action 'self' t.svtrd.com http://trx.ae https://transaction.acceptemail.com;manifest-src 'self' t.svtrd.com *.interpolis.nl broker.nxtid.nl;upgrade-insecure-requests;block-all-mixed-content;report-uri https://interpolis.ams.report-uri.com/r/t/csp/enforce; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://matomo.subdelirium.ovh/; img-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://media.giphy.com/; object-src 'self' data: blob: https://matomo.subdelirium.ovh/; frame-src 'self' data: blob: https://matomo.subdelirium.ovh/; 1
default-src wss://ws.ttsep.com/ accounts.google.com 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src  'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de *webview.isb-mopa.de; frame-ancestors 'self'; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
frame-ancestors 'self' piwik.currence.nl; 1
frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' blod: data: * 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-Q9s/INgvcVYMFEm+' static.cloud.coveo.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com www.pingvp.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com www.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu www.pingvp.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl defriesland.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com  cdn.sajari.net cdn.sajari.com analytics.twitter.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com  *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com  *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com  www.google-analytics.com ajax.googleapis.com assets.adobedtm.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com ok8static.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1
default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://cdn.fhstp.ac.at https://sentry.fhstp.ac.at/ https://my2.siteimprove.com https://rest.visitlead.com https://stats.g.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://*.pagestrip.com https://pagestrip.com; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://my2.siteimprove.com/ https://www.podbean.com https://*.doubleclick.net; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://i1.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://app.visitlead.com https://www.filmspektakel.at https://*.pagestrip.com https://bat.bing.com; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com https://*.pagestrip.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://cdn.siteimprove.net/cms/overlay.js https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://js.pagestrip.com https://browser-update.org https://unpkg.com https://bat.bing.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://js.pagestrip.com; 1
default-src https: ;     form-action https: ;     script-src  https://optimize.google.com https://www.google.com https://maps.googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://www.gstatic.com https://www.youtube.com https://assets.adobedtm.com https://widgets.trustedshops.com https://assets.pixlee.com https://googleads.g.doubleclick.net https://test.adyen.com https://live.adyen.com https://www.paypal.com  https://www.sandbox.paypal.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://*.mayoral.com https://*.mayoral.net https://*.abelandlula.com https://*.abelandlula.net data: https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://assets.pxlecdn.com ;     style-src   https://optimize.google.com https://fonts.googleapis.com https://widgets.trustedshops.com 'unsafe-inline' https://*.mayoral.com https://*.mayoral.net https://*.abelandlula.com https://*.abelandlula.net https://tagmanager.google.com https://fonts.googleapis.com https://mayoral.demdex.net;     img-src     * data: https://www.paypal.com https://www.sandbox.paypal.com ;     font-src    * ;     connect-src https://*.mayoral.com https://*.mayoral.net https://*.abelandlula.com https://*.abelandlula.net https://analytics.google.com https://www.google-analytics.com https://www.facebook.com https://www.google.es https://www.googleapis.com https://maps.googleapis.com https://inbound-analytics.pixlee.com https://dpm.demdex.net https://stats.g.doubleclick.net https://*.fls.doubleclick.net https://gw1.api.trustedshops.com https://shops-si.trustedshops.com https://api.trustedshops.com https://api.trustbadge.etrusted.com https://trustbadge.api.etrusted.com https://logging.trustbadge.com https://www.paypal.com https://www.sandbox.paypal.com ;     frame-src   * ;     block-all-mixed-content; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://thirdiron-assets.s3.amazonaws.com/ https://maps.googleapis.com https://www.youtube.com/ https://www.google.com https://www.gstatic.com/; img-src 'self' data: https://thirdiron.com https://thirdiron-assets.s3.amazonaws.com https://assets.thirdiron.com https://secure.gravatar.com; object-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; frame-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
img-src https://* data: blob:; script-src https://* 'unsafe-eval' 'unsafe-inline'; frame-src https://* 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com https://r.bing.com https://www.bing.com; frame-src 'self' us.llama.ai https://www.youtube.com https://help.llama.ai https://sisense.prod.llamaprod.net https://insights.llamasoft3d.us; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com https://dev.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com https://r.bing.com https://www.bing.com; frame-src 'self' us.llama.ai https://www.youtube.com https://help.llama.ai https://sisense.prod.llamaprod.net https://insights.llamasoft3d.us; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com https://dev.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net; worker-src blob: 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com https://*.intercom.io https://mainnet.infura.io https://kovan.infura.io/ https://*.binance.org https://*.binance.org:8545 https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc-mumbai.maticvigil.com https://forno.celo.org https://alfajores-forno.celo-testnet.org https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc wss://*.bridge.walletconnect.org wss://*.intercom.io https://registry.walletconnect.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io;default-src 'self';font-src 'self' data: https://*.hotjar.com;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com/ https://*.hotjar.com https://*.intercom.io;img-src 'self' data: https://*.polkastarter.com https://*.hotjar.com https://registry.walletconnect.com https://img.youtube.com https://*.google-analytics.com;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget.intercom.io https://js.intercomcdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com http://*.hotjar.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1
upgrade-insecure-requests; default-src 'none'; font-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; form-action 'self' https://www.paypal.com https://www.paypalobjects.com; base-uri 'self'; script-src 'self' https://www.paypal.com https://www.paypalobjects.com 'unsafe-eval' 'unsafe-inline'; content-security-policy-report-only; frame-ancestors 'self'; object-src 'self' ; worker-src 'self'; child-src 'self' www.paypalobjects.com *.paypal.com; frame-src 'self' www.paypalobjects.com *.paypal.com; img-src 'self' data: *.paypal.com www.paypalobjects.com; connect-src 'self' *.paypal.com www.paypalobjects.com; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net yandex.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com;img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.google.com *.google.nl *.googletagmanager.com www.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.google.com https://maps.gstatic.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.google-analytics.com *.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://developers.google.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com;style-src https://www.wefact.nl 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.webinargeek.com *.licdn.com *.typekit.net;font-src https://fonts.gstatic.com data: *.webinargeek.com *.mouseflow.com *.typekit.net;child-src *.mouseflow.com *.facebook.com *.facebook.net;manifest-src https://www.wefact.nl;frame-src https://www.youtube.com https://bid.g.doubleclick.net *.webinargeek.com *.mouseflow.com *.facebook.com *.facebook.net *.linkedin.com *.loom.com 1
default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src 'self' *.progress.ie www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ;style-src 'self' 'unsafe-inline';img-src 'self' data: *.progress.ie www.gravatar.com umbraco.tv;font-src 'self' *.progress.ie; 1
frame-ancestors 'self' http://preview.ceros.com http://view.ceros.com http://*.mccarthy.com http://*.digcastle.com https://preview.ceros.com https://view.ceros.com https://*.mccarthy.com https://*.digcastle.com 1
default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org;  style-src 'self' 'unsafe-inline' *.bootstrapcdn.com; connect-src 'self' *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net *.google-analytics.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com 1
 default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self'; frame-src 'self'  *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.doctify.com/ *.webspellchecker.net/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline'  *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://www.doctify.com/ *.webspellchecker.net/  https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com *.okta.com *.hipay.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-DRDcpvVLTSpszkFU6rXLp6+Y49OthFjkna20wK3Q940=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com; connect-src 'self' *.run.app *.appspot.com *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.okta.com *.oktacdn.com; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app; frame-ancestors 'none' 1
default-src 'self'; img-src 'self'; style-src 'self'; 'unsafe-inline'; font-src 'self'; script-src 'self'; 'unsafe-inline';  connect-src 'self'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de  www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1
default-src 'self'; block-all-mixed-content; img-src 'self' www.google-analytics.com www.googletagmanager.com; script-src 'self' www.google-analytics.com www.googletagmanager.com; report-uri /nelmio/csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com *.adsrvr.org *.cdc.gov *.ads-twitter.com *.bamboohr.com *.cmgdigital.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.jeffersoncms.org *.livestream.com *.marchex.io *.scribd.com *.serving-sys.com *.sharethis.com *.slideshare.net *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.wufoo.com *.youtube.com *.yudu.com gis.fema.gov http://kff.org http://oig.hhs.gov http://rocket.nwood-kensett.k12.ia.us http://www.ncbi.nlm.nih.gov https://badge.facebook.com https://block.opendns.com https://capwiz.com https://cdn.tinymce.com https://centro.pixel.ad https://clickserv.pixel.ad https://clickserv.sitescout.com https://connect.facebook.net https://cqrcengage.com https://data.healthcare.gov https://dpm.demedex.net https://feedburner.google.com https://fonts.googleapis.com https://fusiontables.googleusercontent.com https://googleads.g.doubleclick.net https://hootsuite.com https://insight.adsrvr.org https://js.adsrvr.org https://match.adsrvr.org https://pixel.sitescout.com https://platform.twitter.com https://player.vimeo.com https://servedbyadbutler.com https://static.addtoany.com https://stats.g.doubleclick.net https://storify.com https://syndication.twitter.com https://t.co https://tags.bluekai.com https://texmed.medbuzz.com https://tma.custhelp.com https://uip.semasio.net https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.paypalobjects.com https://www.youtube.com pixel-geo.prfct.co public.slidesharecdn.com tag.marinsm.com tagmanager.google.com www.cms.gov www.powr.io *.votervoice.net *.quantserve.com *.quantcount.com *.wakelet.com adbutler-fermion.com https://livestream.com https://vimeo.com wss: *.texmed.org *.nnihcm.org *.infogram.com *.poll-maker.com *.qualtrics.com *.hsforms.net *.hsforms.com https://ql.tc https://www.podbean.com https://open.spotify.com *.informz.net https://maxcdn.bootstrapcdn.com *.adobedtm.com https://www.rumiview.com cdn.jsdelivr.net https://ymc4.informz.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.crwdcntrl.net 1
default-src 'self' *.ebola.cz; options inline-script eval-script; img-src 'self' *.ebola.cz 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dap.digitalgov.gov *.google-analytics.com *.googletagmanager.com *.typekit.net *.mycreditunion.gov *.silvercloudinc.com *.mpeasylink.com; img-src 'self' data: *.mycreditunion.gov *.google-analytics.com *.typekit.net *.amazonaws.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self' s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.silvercloudinc.com; connect-src 'self' performance.typekit.net *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.mpeasylink.com 1
default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' connect.facebook.net *.facebook.net *.stg.brandwire.in *.mediawire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com *.idiva.com *.ilnconnect.com *.mensxp.com *.ilnconnect.com *.indiatimes.com 1
sandbox allow-scripts allow-same-origin allow-forms ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none' 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com 'sha384-YzQCrEgYx0YMHxd202bqWPvr081aHRPYRk490ivT+/i24ODjLtMfT/e0nhxcgRYf' 'nonce-ZGZiOGJlZTA2MjM3OWExZTdlZjZiZjRjOGY4N2ViMGNiZWQzOTVkMTY0YTYyY2JjOWVmNjY4YjEyMDAzNGMzMTAxNGM3MGNmMDc4YzJlODI5MmY3ZmQ0YjExYTY2NDM3MjA5ZGIwZDllNWJhMDljNzA0ZDFlZjlmNzYxMjQ5ZDc=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss:; frame-src 'self' https:; frame-ancestors 'self' https://vmecharttest1 https://vmecharttest2 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com https://arcwebsecure.com data: blob:; 1
default src 1
: default-src 'self' 1
img-src 'self' *.norma-online.de *.api.here.com https://www.google-analytics.com https://piwik.norma-online.de https://www.googletagmanager.com data: blob:;, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma-online.de *.api.here.com https://piwik.norma-online.de https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://s2.adform.net https://track.adform.net;, object-src 'none';, font-src 'self' https://fonts.gstatic.com/; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1
frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com https://www.youtube-nocookie.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com edge.api.brightcove.com viz.tools.investis.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net 1
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://*.openstreetmap.org https://www.googleadservices.com privacy.trustcommander.net *.kameleoon.eu *.kameleoon.com *.novomind.com *.provenexpert.com *.google-analytics.com *.doubleclick.net *.commander1.com *.otto.de *.rs.ogit.cloud *.bing.com *.xiti.com *.mouseflow.com *.ytimg.com https://s3-eu-west-1.amazonaws.com/dap-prod-dcq3/ https://s3-eu-west-1.amazonaws.com/dap-prod-custom/; font-src 'self' 'unsafe-inline' data: *.gstatic.com; frame-ancestors *.hanseaticbank.de *.hbnext.de *.test; frame-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://direktkredit.hanseaticbank.de cdn.trustcommander.net cdn.tagcommander.com cdn.jsdelivr.net sonata.aklamio.com *.youtube.com *.instagram.com *.twitter.com *.facebook.com *.test *.google.com *.google-analytics.com *.googletagmanager.com https://s3-eu-west-1.amazonaws.com/dap-prod-dcq/ https://s3-eu-west-1.amazonaws.com/dap-prod-custom/; img-src 'self' data: https://antrag.hanseaticbank.de https://antrag.hbnext.de http://*.tile.osm.org https://*.tile.openstreetmap.org https://i.ytimg.com manager.tagcommander.com analytics.aklamio.com *.kameleoon.eu *.kameleoon.com *.novomind.com *.otto.de *.rs.ogit.cloud *.xiti.com *.outbrain.com *.bing.com *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.facebook.com *.facebook.net ad.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://code.jquery.com cdn.trustcommander.net cdn.tagcommander.com cdn.mouseflow.com cdn.jsdelivr.net platform.commandersact.com api.aklamio.com api.amio-dev.com *.hanseaticbank.de *.googleapis.com *.googleadservices.com *.kameleoon.eu *.kameleoon.com *.novomind.com *.provenexpert.com *.aticdn.net *.google-analytics.com *.googletagmanager.com *.outbrain.com *.doubleclick.net *.bing.com *.facebook.net *.twitter.com https://s3-eu-west-1.amazonaws.com/dap-prod-dcq/ https://s3-eu-west-1.amazonaws.com/dap-prod-custom/; style-src 'self' 'unsafe-inline' https://antrag.hanseaticbank.de https://antrag.hbnext.de cdn.jsdelivr.net *.googleapis.com 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
frame-ancestors https://deejay.de.ddev.site https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1
connect-src * 'unsafe-inline' 'unsafe-eval'; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://twitter.com; 1
frame-ancestors 'self' https://www.thechristhospitalmychart.com; 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
frame-ancestors 'self' https://reporting.brille24.de 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'nonce-uyeKNLjriU18bKHbpjOtQWoH2Lxjdj94LeFFwxKfaNE=' 'strict-dynamic'; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' www.google.de www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.doubleclick.net; media-src 'self'; frame-src 'self' www.google.com *.gstatic.com www.googletagmanager.com *.doubleclick.net consent-cdn.swmh.de; font-src 'self' *.gstatic.com www.google.com *.googleapis.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1
frame-ancestors 'self' https://www.truckworks.de https://mbs.mercedes-benz.com 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kcls.bibliocms.com *.kcls.bibliocms.com https://kcls.org kcls.org *.kcls.org; 1
default-src 'self' https://checkbrowser.hin.ch  https://go.online-ident.ch  http://tag.myaspectra.ch  https://verify.certifaction.com ; script-src https://www.islonline.net  http://tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com  'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.youtube.com  https://verify.certifaction.com ; font-src 'self' https://fonts.gstatic.com data: ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com ; img-src 'self' http://tag.myaspectra.ch http://0.gravatar.com data:  1
default-src 'self'; script-src 'self' 'nonce-GfuqSIWGOUFGIqPjbA6zIMpqIKiaSo/E0SnrqQnAyHo=' 'unsafe-inline' koop.piwik.pro; connect-src 'self' 'nonce-GfuqSIWGOUFGIqPjbA6zIMpqIKiaSo/E0SnrqQnAyHo=' 'unsafe-inline' koop.piwik.pro; img-src 'self' koop.piwik.pro; style-src 'self' 'nonce-GfuqSIWGOUFGIqPjbA6zIMpqIKiaSo/E0SnrqQnAyHo=' 'unsafe-inline'; frame-src 'self' data: koop.piwik.pro; frame-ancestors 'self'; 1
frame-ancestors 'self', facebook.com, *.facebook.com 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com *.analytics.google.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com *.analytics.google.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com;  1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-39eccc7cc5fbb7b1d3c581966eedb78f' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.instagram.com *.cdninstagram.com *.bund.de *.bundesbots.de; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://www.twitter.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; https://secure1.info.gov.hk 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de; script-src 'strict-dynamic' 'nonce-29485bddcead62b30b7e615af27a4c5f' 'nonce-63ddc2020bd366099929b9221deffad7' 'nonce-febadc7971f234364230899281719775' 'nonce-21a9e15c67c2e88f1236c84cf84c4133' 'nonce-afe654f2ae4fcc3a55e6ab9178021ea4' 'nonce-0adaee898de7f0e77f833cbf76a25050' 'nonce-d6cf9b5ecda757be136c0fbe28db4409' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-29485bddcead62b30b7e615af27a4c5f' 'nonce-63ddc2020bd366099929b9221deffad7' 'nonce-febadc7971f234364230899281719775' 'nonce-21a9e15c67c2e88f1236c84cf84c4133' 'nonce-afe654f2ae4fcc3a55e6ab9178021ea4' 'nonce-0adaee898de7f0e77f833cbf76a25050' 'nonce-d6cf9b5ecda757be136c0fbe28db4409' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src  'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self'  https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
frame-ancestors 'self' spoxy3.insipio.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/ https://*.addtoany.com/ https://addtoany.com/ https://d1aqhv4sn5kxtx.cloudfront.net/ https://actions.everyaction.com/ https://*.everyaction.com/ https://static.everyaction.com/ https://nvlupin.blob.core.windows.net/ https://d3rse9xjbp8270.cloudfront.net/ https://fastaction.ngpvan.com/ https://*.ngpvan.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.printfriendly.com/ https://my.hellobar.com/ https://js.verygoodvault.com/ https://js-agent.newrelic.com/ https://*.printfriendly.com/ https://bam.nr-data.net/ https://*.nr-data.net/ https://www.tiki-toki.com/ https://*.tiki-toki.com/ https://online.fliphtml5.com/ https://*.fliphtml5.com/ https://www.youtube.com/ https://*.youtube.com/; img-src 'self' data: https://www.paypalobjects.com/ https://s.w.org/ https://medicareadvocacy.org/ https://*.medicareadvocacy.org/ https://*.addtoany.com/ https://addtoany.com/ https://d1aqhv4sn5kxtx.cloudfront.net/ https://actions.everyaction.com/ https://*.everyaction.com/ https://static.everyaction.com/ https://nvlupin.blob.core.windows.net/ https://d3rse9xjbp8270.cloudfront.net/ https://fastaction.ngpvan.com/ https://*.ngpvan.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.printfriendly.com/ https://my.hellobar.com/ https://js.verygoodvault.com/ https://js-agent.newrelic.com/ https://*.printfriendly.com/ https://bam.nr-data.net/ https://*.nr-data.net/ https://www.tiki-toki.com/ https://*.tiki-toki.com/ https://online.fliphtml5.com/ https://*.fliphtml5.com/ https://www.youtube.com/ https://*.youtube.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.addtoany.com/ https://addtoany.com/ https://d1aqhv4sn5kxtx.cloudfront.net/ https://actions.everyaction.com/ https://*.everyaction.com/ https://static.everyaction.com/ https://nvlupin.blob.core.windows.net/ https://d3rse9xjbp8270.cloudfront.net/ https://fastaction.ngpvan.com/ https://*.ngpvan.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.printfriendly.com/ https://my.hellobar.com/ https://js.verygoodvault.com/ https://js-agent.newrelic.com/ https://*.printfriendly.com/ https://bam.nr-data.net/ https://*.nr-data.net/ https://www.tiki-toki.com/ https://*.tiki-toki.com/ https://online.fliphtml5.com/ https://*.fliphtml5.com/ https://www.youtube.com/ https://*.youtube.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.addtoany.com/ https://addtoany.com/ https://d1aqhv4sn5kxtx.cloudfront.net/ https://actions.everyaction.com/ https://*.everyaction.com/ https://static.everyaction.com/ https://nvlupin.blob.core.windows.net/ https://d3rse9xjbp8270.cloudfront.net/ https://fastaction.ngpvan.com/ https://*.ngpvan.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.printfriendly.com/ https://my.hellobar.com/ https://js.verygoodvault.com/ https://js-agent.newrelic.com/ https://*.printfriendly.com/ https://bam.nr-data.net/ https://*.nr-data.net/ https://www.tiki-toki.com/ https://*.tiki-toki.com/ https://online.fliphtml5.com/ https://*.fliphtml5.com/ https://www.youtube.com/ https://*.youtube.com/; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://p.adsymptotic.com https://px.ads.linkedin.com https://bat.bing.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' data: 'unsafe-inline' http://*.amegybank.com https://*.amegybank.com https://rise.articulate.com https://*.online-metrix.net https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.amegybank.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online  https://ecommerctst.tatasteel.online  https://ecmc01qa.tatasteel.online  https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online; report-uri /report-csp-violation 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
default-src 'self' data: *.issuu.com *.quantserve.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' delivery.clickonometrics.pl wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com connect.facebook.net secure.payu.com *.hotjar.com www.gstatic.com www.google.com *.buybox.click *.doubleclick.net *.issuu.com ssl.google-analytics.com developers.google.com *.googleapis.com *.cloudfront.net opineo.pl www.opineo.pl *.edrone.me browser-update.org js-agent.newrelic.com *.google-analytics.com www.googleadservices.com bam.nr-data.net *.nr-data.net ssl.ceneo.pl *.googletagmanager.com *.analytics.google.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' secure.payu.com www.facebook.com *.hotjar.com data: *.google.pl e.issuu.com www.opineo.pl www.youtube.com ssl.ceneo.pl www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.pl 'unsafe-inline' 'unsafe-eval'; object-src 'self' data: wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com e.issuu.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com secure.payu.com stats.g.doubleclick.net www.google-analytics.com *.eu01.nr-data.net *.hotjar.com *.hotjar.io wss://ws2.hotjar.com wss://*.hotjar.com data: *.buybox.click *.issuu.com *.edrone.me *.analytics.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: opineo.pl www.opineo.pl fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src 'self' static.payu.com data: *.google.pl *.analytics.google.com www.facebook.com www.googletagmanager.com *.doubleclick.net ssl.google-analytics.com *.google.com *.isu.pub *.googleapis.com *.gstatic.com *.opineo.pl *.google-analytics.com http://*.wydawnictworebel.pl http://wydawnictwo.rebel.pl ssl.ceneo.pl http://analytics.ceneo.pl https://d3vhsxl1pwzf0p.cloudfront.net https://dgk28ckagqims.cloudfront.net https://d3bo67muzbfgtl.cloudfront.net 1
default-src 'self'; script-src 'self'; img-src 'self' 1
default-src 'self' 'nonce-MDEyNThiM2EzZg==' www.google-analytics.com googleapis.com ggpht.com nr-data.net ajax.googleapis.com fonts.googleapis.com www.googletagmanager.com js-agent.newrelic.com fonts.gstatic.com; frame-src youtube.com www.youtube.com doubleclick.net; child-src 'none'; object-src 'none'; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 1
frame-ancestors https://*.omantel.om 1
default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none'; connect-src 'self' *.crowdriff.com *.ubiquity.co.nz *.windows.net *.doubleclick.net *.google.com *.googleapis.com *.google-analytics.com analytics.google.com wss://*.hotjar.com *.hotjar.com *.monsido.com *.stackla.com *.analytics.google.com; frame-src 'self' staticcdn.co.nz *.dwcdn.net *.infogram.com radian.mintdesign.co.nz viewer.mapme.com *.spotify.com omny.fm *.metservice.com goo.gl nzhistory.govt.nz radianstaging.mintdemo.co.nz configurator.wcec.co.nz configurator.takina.co.nz *.metservice.com *.vimeo.com *.youtube.com *.doubleclick.net *.hotjar.com *.google.com *.crowdriff.com *.monsido.com *.stackla.com; frame-ancestors 'self'; font-src 'self' data: *.gstatic.com script.hotjar.com assetscdn.stackla.com *.stackla.com; img-src 'self' data: blob: twemoji.maxcdn.com staticcdn.co.nz shielded.co.nz *.cloudfront.net *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.nz *.monsido.com *.stackla.com *.cdninstagram.com *.siteimproveanalytics.io *.analytics.google.com; media-src 'self' crowdriff-video-upload.s3.amazonaws.com maori-dictionary-media.s3.amazonaws.com *.stackla.com *.cdninstagram.com storage.googleapis.com; manifest-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' staticcdn.co.nz *.youtube.com *.vimeo.com code.highcharts.com browser-update.org assetscdn.stackla.com *.stackla.com *.crowdriff.com *.jquery.com *.gstatic.com *.googleadservices.com *.google.com *.googleapis.com *.googletagmanager.com *.monsido.com *.hotjar.com *.google-analytics.com *.facebook.net *.ubiquity.co.nz *.stackla.com *.zencdn.net staticcdn.co.nz *.youtube.com *.vimeo.com code.highcharts.com browser-update.org siteimproveanalytics.com *.analytics.google.com; style-src 'self' 'unsafe-inline' *.crowdriff.com *.googleapis.com *.google.com *.zencdn.net *.stackla.com; 1
connect-src 'self' *.doubleclick.net *.google.com *.usercentrics.eu https://*.3qsdn.com vendorlist.consensu.org www.google-analytics.com *.bing.com wss://*.bing.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com https://*.3qsdn.com; frame-ancestors 'self' localhost:* sc.01.sana-apps.de www.sana.de www.sanadaily.de partners.doctolib.de; frame-src 'self' *.doubleclick.net *.google.com *.livecoder.com *.sana.de *.usercentrics.eu *.zscaler.net 466b13bd.sibforms.com https://360tour-start.de/Tours22/sana-gyno-benrath.html maps.google.de player.vimeo.com sanadigital.typeform.com sc.01.sana-apps.de virtualpro360.com www.sana.de www.youtube-nocookie.com www.youtube.com sdx.microsoft.com partners.doctolib.de *.vimeo.com; img-src * *.doubleclick.net *.google.com *.gstatic.com data: www.googletagmanager.com *.bing.com *.microsoft.com; media-src 'self' blob: https://*.3qsdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vimeo.com  https://connect.facebook.net  *.doubleclick.net *.google.com *.googleadservices.com *.googleapis.com *.usercentrics.eu *.zscaler.net aggregator.service.usercentrics.eu blob: embed.typeform.com https://*.3qsdn.com https://*.jameda-elements.de sc.01.sana-apps.de www.google-analytics.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com https://bat.bing.com https://r.bing.com; script-src-elem 'self' 'unsafe-inline' https://vimeo.com https://*.vimeo.com https://connect.facebook.net *.doubleclick.net *.google.com *.googleapis.com *.usercentrics.eu aggregator.service.usercentrics.eu embed.typeform.com https://*.3qsdn.com https://*.jameda-elements.de https://www.googleadservices.com https://www.gstatic.com sc.01.sana-apps.de www.google-analytics.com www.googletagmanager.com https://*.googlesyndication.com www.youtube-nocookie.com www.youtube.com https://bat.bing.com https://r.bing.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.3qsdn.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com *.bing.com; 1
default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl  https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net  data:; object-src 'none'; 1
block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de; script-src 'strict-dynamic' 'nonce-793e61793ad4c3957b282f68c83711d7' 'nonce-52c3f11d6d0d3c622cde7e4f382bc2ba' 'nonce-d353bdb530156b5a2f2597041a1f70ec' 'nonce-7bce35c789cddc54086c3d00aaad5e47' 'nonce-f3b8a7a9f45886aee215356ddb9e6a2f' 'nonce-16d4b19f77156f9d4b894b93fe2532f2' 'nonce-7bcdba31f9fb8fadf26a7e457666e1a9' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-793e61793ad4c3957b282f68c83711d7' 'nonce-52c3f11d6d0d3c622cde7e4f382bc2ba' 'nonce-d353bdb530156b5a2f2597041a1f70ec' 'nonce-7bce35c789cddc54086c3d00aaad5e47' 'nonce-f3b8a7a9f45886aee215356ddb9e6a2f' 'nonce-16d4b19f77156f9d4b894b93fe2532f2' 'nonce-7bcdba31f9fb8fadf26a7e457666e1a9' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' https; connect-src 'self' https://dc.services.visualstudio.com www.google-analytics.com region1.google-analytics.com https://apikeys.civiccomputing.com/c/v https://in.hotjar.com/ https://vc.hotjar.io stats.g.doubleclick.net https://translate.googleapis.com https://maps.googleapis.com https://api.what3words.com https://*.applicationinsights.azure.com https://*.azurewebsites.net https://graph.microsoft.com/ https://*.tangentlabs.co.uk https://col.site24x7rum.eu https://*.addthis.com https://plus.browsealoud.com/ https://plusqa.browsealoud.com https://www.browsealoud.com https://speechstreamv3-webservices-8.texthelp.com/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.speechstream.net https://en.wikipedia.org/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://apps.parcelforce.com/sso/Home/IsAlive https://apps.parcelforce.com/sso/; font-src 'self' ukpn.local hello.myfonts.net data: fonts.googleapis.com fonts.gstatic.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://ukpn-dev-cdn.tangentlabs.co.uk; style-src 'self' 'unsafe-inline' ukpn.local fonts.googleapis.com https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' ukpn.local https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.googletagmanager.com/ns.html www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com script.hotjar.com static.hotjar.com z.moatads.com https://translate.google.com/ https://translate.googleapis.com/ apis.google.com www.google.com www.gstatic.com maps.googleapis.com ajax.googleapis.com https://static.site24x7rum.eu widget.trustpilot.com *.addthis.com v1.addthisedge.com graph.facebook.com https://www.youtube.com s.ytimg.com https://plus.browsealoud.com https://www.browsealoud.com v4in1-si.click4assistance.co.uk https://*.speechstream.net https://wikisum.texthelp.com/ https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net; img-src 'self' data: https://api.umbraco.io https://media.umbraco.io https://img.youtube.com www.google-analytics.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads https://translate.google.com maps.gstatic.com maps.googleapis.com https://www.google.com https://www.google.co.uk/ https://www.google.com/images/cleardot.gif https://www.gstatic.com fonts.googleapis.com apis.google.com https://www.browsealoud.com https://plus.browsealoud.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net prod3si.click4assistance.co.uk v4in1-si.click4assistance.co.uk https://speechstreamv3-webservices-8.texthelp.com/ https://upload.wikimedia.org; child-src 'self' https://www.googletagmanager.com/ns.html https://content.googleapis.com; frame-src 'self' https://vars.hotjar.com www.google.com www.youtube.com https://widget.trustpilot.com https://s7.addthis.com v4in1-ti.click4assistance.co.uk https://*.speechstream.net; media-src https://*.speechstream.net; 1
default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.google-analytics.com www2.theticketfactory.com dpm.demdex.net thenationalexhib.tt.omtrdc.net ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net *.googleadservices.com *.google.co.uk *.google.com s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net; object-src data: 'unsafe-eval' 'self' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.queue-it.net cookiesuksouth.blob.core.windows.net; img-src 'self' 'self' data: www.awin1.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com assets.adobedtm.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.tiktok.com *.twitter.com *.googleadservices.com *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 d16fk4ms6rqz1v.cloudfront.net applepay.cdn-apple.com *.stay22.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com applepay.cdn-apple.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com; font-src 'self' fonts.gstatic.com use.fontawesome.com; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com; img-src 'self' s3.us-west-2.amazonaws.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com 'unsafe-inline' 'nonce-15vnYlHdmPr0XXLzWfg5iw=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'nonce-15vnYlHdmPr0XXLzWfg5iw=='; upgrade-insecure-requests; report-uri /csp/report 1
child-src 'self' ; connect-src 'self'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.imi.chat api.hubapi.com www.facebook.com capture-api.reachlocalservices.com b5c82c64-9c51-41b1-8791-e0e9c9fd9d4e.rlets.com liqadprdct-capture-prod-east.gannettdigital.com um.simpli.fi js.hs-banner.com listgrowth.ctctcdn.com l.sharethis.com api-public.addthis.com m.addthis.com forms.hubspot.com sessions.bugsnag.com api.talkdeskapp.com talkdeskchatsdk.talkdeskapp.com tsock.us1.twilio.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' cdnjs.cloudflare.com hello.myfonts.net fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com media.imi.chat talkdeskchatsdk.talkdeskapp.com  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' www.facebook.com; frame-src 'self'  *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.imi.chat vars.hotjar.com www.youtube.com *.rlets.com insight.adsrvr.org adservices.brandcdn.com platform-api.sharethis.com w.soundcloud.com s7.addthis.com www.facebook.com fliphtml5.com vp.dentrek.com play.libsyn.com online.fliphtml5.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' www.benco.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google.com.ph *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com track.hubspot.com px.ads.linkedin.com www.linkedin.com www.facebook.com p.adsymptotic.com bat.bing.com *.simpli.fi www.googleadservices.com cm.g.doubleclick.net insight.adsrvr.org forms.hubspot.com googleads.g.doubleclick.net forms.hsforms.com eb2.3lift.com simplifi.partners.tremorhub.com pixel.tapad.com aa.agkn.com sync.intentiq.com loadm.exelator.com sync.bfmio.com stags.bluekai.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com sync.search.spotxchange.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net fei.pro-market.net image8.pubmatic.com d.agkn.com platform-cdn.sharethis.com 44bj8i2zwueami5iq1aakst1-wpengine.netdna-ssl.com fault.rlets.com img.youtube.com prd-cdn-talkdesk.talkdesk.com talkdeskchatsdk.talkdeskapp.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; navigate-to 'self' ; object-src 'self' ; prefetch-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval'  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdnjs.cloudflare.com *.benco.com *.imi.chat static.hotjar.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com cdn.rlets.com tag.brandcdn.com snap.licdn.com script.hotjar.com connect.facebook.net cdn.jsdelivr.net strict-dynamic www.youtube.com bat.bing.com tag.simpli.fi i.simpli.fi adservices.brandcdn.com static.ctctcdn.com platform-api.sharethis.com buttons-config.sharethis.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com www.googleadservices.com talkdeskchatsdk.talkdeskapp.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' 'report-sample' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdnjs.cloudflare.com *.benco.com *.imi.chat static.hotjar.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com cdn.rlets.com tag.brandcdn.com snap.licdn.com script.hotjar.com connect.facebook.net cdn.jsdelivr.net strict-dynamic www.youtube.com bat.bing.com tag.simpli.fi i.simpli.fi adservices.brandcdn.com static.ctctcdn.com platform-api.sharethis.com buttons-config.sharethis.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com media.imi.chat www.googleadservices.com count-server.sharethis.com talkdeskchatsdk.talkdeskapp.com; script-src-attr 'self'  'unsafe-inline' 'report-sample' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdnjs.cloudflare.com *.benco.com *.imi.chat static.hotjar.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com cdn.rlets.com tag.brandcdn.com snap.licdn.com script.hotjar.com connect.facebook.net cdn.jsdelivr.net strict-dynamic www.youtube.com bat.bing.com tag.simpli.fi i.simpli.fi adservices.brandcdn.com static.ctctcdn.com platform-api.sharethis.com buttons-config.sharethis.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com media.imi.chat www.googleadservices.com; style-src 'self'  'unsafe-inline'  *.googleapis.com *.gstatic.com cdnjs.cloudflare.com media.imi.chat hello.myfonts.net static.ctctcdn.com *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' 'report-sample'  *.googleapis.com *.gstatic.com cdnjs.cloudflare.com media.imi.chat hello.myfonts.net static.ctctcdn.com; style-src-attr 'self'  'unsafe-inline' 'report-sample'  *.googleapis.com *.gstatic.com cdnjs.cloudflare.com media.imi.chat hello.myfonts.net static.ctctcdn.com; worker-src 'self' ; 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-7FqO/EyeZcQdy0EQyrIHEg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
child-src 'self' ; connect-src 'self' *.fontawesome.com bcp.crwdcntrl.net *.crazyegg.com *.yoast.com *.wpengine.com yoast.com *.medpace.com *.sharethis.com *.g.doubleclick.net *.google-analytics.com *.akamaized.net *.google.com *.statcounter.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.fls.doubleclick.net *.sharethis.mgr.consensu.org *.adsrvr.org *.sitescout.com *.g.doubleclick.net *.bidswitch.com *.pubmatic.com *.analytics.yahoo.com *.narrative.io *.pixel.ad *.scorecardresearch.com *.advertising.com *.thebrighttag.com *.exelator.com *.mookie1.com; font-src 'self' *.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.gstatic.com *.bootstrapcdn.com data:  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.medpace.com; frame-src 'self' *.medpace.com www.medtargetsystem.com *.sharethis.com *.global.ssl.fastly.net *.google.com *.pardot.com *.adobedtm.com *.fls.doubleclick.net *.sharethis.mgr.consensu.org *.bidswitch.com *.pubmatic.com *.analytics.yahoo.com *.adsrvr.org *.narrative.io *.pixel.ad *.scorecardresearch.com *.cloudfront.net *.akamaized.net *.advertising.com *.sitescout.com *.vimeo.com *.thebrighttag.com *.exelator.com *.mookie1.com *.g.doubleclick.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' *.medpace.com www.medtargetsystem.com; img-src 'self' *.adnxs.com *.deepintent.com *.lhmos.com www.medtargetsystem.com bat.bing.com data: *.fls.doubleclick.net *.linkedin.com *.w.org yoa.st *.gravatar.com *.sharethis.com *.medpace.com *.google.com *.pixel.ad *.addthis.com *.truoptik.com *.liadm.com *.adsrvr.org *.adsymptotic.com *.quantserve.com *.ads.linkedin.com *.kickfire.com *.semasio.net *.krxd.net *.rumiview.com *.thebrighttag.com *.narrative.io *.scorecardresearch.com *.vimeocdn.com *.advertising.com *.sitescout.com *.g.doubleclick.net ml314.com *.rd.linksynergy.com *.googletagmanager.com *.google-analytics.com *.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.akamaized.net; navigate-to 'self' ; object-src 'self' ; prefetch-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' bat.bing.com *.fontawesome.com script.crazyegg.com *.global.ssl.fastly.net *.gstatic.com *.google.com *.googleadservices.com *.wistia.com *.cloudflare.com *.googleapis.com *.adobedtm.com *.sharethis.com *.adsrvr.org npmcdn.com *.pardot.com *.linkedin.com *.quantcount.com *.quantserve.com *.licdn.com *.kickfire.com *.bugherd.com *.google-analytics.com *.googletagmanager.com *.rumiview.com *.medpace.com *.vimeocdn.com *.medtargetsystem.com *.g.doubleclick.net *.statcounter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.fontawesome.com bat.bing.com script.crazyegg.com npmcdn.com *.global.ssl.fastly.net *.gstatic.com *.google.com *.googleadservices.com *.wistia.com *.cloudflare.com *.googleapis.com *.adobedtm.com *.sharethis.com *.adsrvr.org *.pardot.com *.linkedin.com *.quantcount.com *.quantserve.com *.licdn.com *.kickfire.com *.bugherd.com *.google-analytics.com *.googletagmanager.com *.rumiview.com *.medpace.com *.vimeocdn.com *.medtargetsystem.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.statcounter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.fontawesome.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com npmcdn.com *.vimeocdn.com *.gstatic.com *.google-analytics.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.googleapis.com *.bootstrapcdn.com npmcdn.com *.google-analytics.com ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; worker-src 'self' ;  upgrade-insecure-requests; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-pLvH5anP05M203YsBbvePyNqLnbsjBUc4+FNkc4zFSBDjCed'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'self';base-uri 'self';form-action 'self';script-src 'self' 'unsafe-inline' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com e4jy41wl9k.kameleoon.eu assets.findify.io ;object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com data:;media-src 'self' a.storyblok.com data:;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com https://api.bigcommerce.com api-v3.findify.io reco.target2sell.com;frame-src https://www.youtube.com/ https://player.vimeo.com/;frame-ancestors app.storyblok.com vercel.app;prefetch-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://aaronia.com/wp-content/themes/not-zerif/js/js_combined.js https://aaronia.com/wp-content/themes/not-zerif/js/jquery.colorbox-min.js https://aaronia.de/wp-content/themes/not-zerif/js/js_combined.js https://aaronia.com/wp-content/themes/not-zerif/js/jquery.colorbox-min.js https://aaronia.de/wp-content/themes/not-zerif/js/jquery.colorbox-min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.1.6/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/three.js/r126/three.js https://unpkg.com/three@0.126.0/examples/js/loaders/GLTFLoader.js https://unpkg.com/three@0.126.0/examples/js/controls/OrbitControls.js https://cdn.rawgit.com/takahirox/THREE.ZipLoader/v0.0.1/build/ziploader.min.js https://cdn.jsdelivr.net/gh/takahirox/THREE.ZipLoader@v0.0.1/build/ziploader.min.js; img-src 'self' data: blob: https://aaronia.com/ https://aaronia.de/; object-src 'self' data: blob: https://aaronia.com/; frame-src 'self' data: blob: https://aaronia.com/; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com christchurch.bibliocms.com *.christchurch.bibliocms.com https://my.christchurchcitylibraries.com my.christchurchcitylibraries.com *.my.christchurchcitylibraries.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com https: data:;style-src 'self' 'unsafe-inline'  https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com *.clarity.ms data:;font-src 'self' static.tacdn.com *.gstatic.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
frame-ancestors https://*.webcargonet.com  https://*.freightos.com 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
default-src 'self'; child-src 'self' https://hooktube.com https://www.hooktube.com https://youtube.com https://www.youtube.com https://youtu.be https://gfycat.com https://streamja.com https://streamable.com https://vimeo.com https://vine.co https://instaud.io https://player.vimeo.com; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://ovarit.com ws://ovarit.com 1
frame-src 'self' http://*.lib.uiowa.edu https://*.lib.uiowa.edu 1
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *;.rienergy.com; 1
default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data: 1
default-src 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com;	font-src 'self' fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' connect.facebook.net itunes.apple.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com ajax.googleapis.com s.ytimg.com; connect-src 'self' webadmin.heartline.com admin.heartline.com backend.heartline.com pascal-prod.evidation.com pascal-beta.evidation.com pascal.evidation.com stats.g.doubleclick.net www.google-analytics.com evidation-pascal.zendesk.com www.ups.com itunes.apple.com  www.facebook.com; img-src 'unsafe-inline' 'self' www.facebook.com www.google.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com assets.prod.heartline.com i.ytimg.com data:; media-src 'self' assets.prod.heartline.com www.youtube.com i.ytimg.com;  frame-src 'self' assets.prod.heartline.com www.youtube.com; 1
default-src 'self';img-src *; script-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.zoominfo.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.addtoany.com *.w3.org  *.nuix.com *.googletagmanager.com *.cloudflare.com *.bootstrapcdn.com *.pardot.com *.fontawesome.com *.nr-data.net *.drupal.org *.schema.org *.pantheonsite.io *.facebook.net *.leadforensics.com *.greenhouse.io *.cookiebot.com; object-src 'self' data: https: *.vimeo.com *.youtube.com *.googlevideo.com *.ytimg.com *.pardot.com *.nuix.com  *.googleapis.com *.google.com *.gstatic.com *.greenhouse.io *.twitter.com *.soundcloud.com *.addtoany.com *.cookiebot.com; style-src 'self' 'unsafe-inline' data: https: *.zoominfo.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.w3.org *.twimg.com *.w3.org/2000/svg *.nuix.com *.googletagmanager.com *.pardot.com *.bootstrapcdn.com *.fontawesome.com *.twitter.com *.pantheonsite.io *.cookiebot.com; img-src 'self' data: https: *.zoominfo.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.w3.org *.twimg.com *.w3.org/2000/svg *.nuix.com *.googletagmanager.com *.pardot.com *.facebook.com *.leadforensics.com; media-src 'self' *.vimeo.com *.youtube.com *.googlevideo.com *.ytimg.com *.pardot.com *.nuix.com  *.googleapis.com *.google.com *.gstatic.com *.greenhouse.io *.twitter.com *.soundcloud.com; frame-src 'self' *.vimeo.com *.youtube.com *.googlevideo.com *.ytimg.com *.pardot.com *.nuix.com  *.googleapis.com *.google.com *.gstatic.com *.greenhouse.io *.twitter.com *.soundcloud.com *.addtoany.com *.cookiebot.com; frame-ancestors 'self' *.linkdein.com *.facebook.net *.vimeo.com *.ytimg.com *.pardot.com *.nuix.com *.greenhouse.io *.twitter.com *.soundcloud.com *.addtoany.com *.pantheonsite.io *.cookiebot.com; child-src 'self' *.vimeo.com *.youtube.com *.googlevideo.com *.ytimg.com *.pardot.com *.nuix.com  *.googleapis.com *.google.com *.gstatic.com *.greenhouse.io *.twitter.com *.soundcloud.com *.addtoany.com *.cookiebot.com; font-src 'self' data: https: *.googleapis.com *.fontawesome.com *.adobe.com *.fontsquirrel.com *.fonts.com *.nuix.com *.pardot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self';  style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ https://*.facebook.net https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-uAVaulW5hhrj7/HjPXdDEg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.trustlogo.com https://trustlogo.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:  *.trustlogo.com; media-src 'self'; frame-src 'self' *.google.com; font-src 'self'; connect-src 'self'; report-uri /csp-report.php 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de; script-src 'strict-dynamic' 'nonce-9bacbf55668121b5881c5a505f251085' 'nonce-b3454858494c6427a286e68e2b1fbfec' 'nonce-58c0133c82f9cfde9d041480038331d2' 'nonce-a0a8c7a7c4a4b3e09f88b5e7582ea122' 'nonce-44b4b54cfa9c7d77aae73403b9ec9d10' 'nonce-d5c59a4d55c9a948a5e2c124e6ffbd74' 'nonce-99c3c0889b666c40946ba91ff6dc7c98' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9bacbf55668121b5881c5a505f251085' 'nonce-b3454858494c6427a286e68e2b1fbfec' 'nonce-58c0133c82f9cfde9d041480038331d2' 'nonce-a0a8c7a7c4a4b3e09f88b5e7582ea122' 'nonce-44b4b54cfa9c7d77aae73403b9ec9d10' 'nonce-d5c59a4d55c9a948a5e2c124e6ffbd74' 'nonce-99c3c0889b666c40946ba91ff6dc7c98' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://beebyte.se/ https://*.beebyte.se/; img-src 'self' data: https://*.beebyte.se/ https://beebyte.se/ https://www.beebyte.se/ https://secure.gravatar.com/ https://*.google.com/ https://*.google.se https://google.com/ https://google.se/; object-src 'self' data: https://*.vimeo.com/; frame-src 'self' data: https://*.vimeo.com/; 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com assets.rockwerchter.be *.typekit.net *.permutive.com;img-src 'self' data: *.gstatic.com maps.googleapis.com www.facebook.com scontent.cdninstagram.com pbs.twimg.com i.ytimg.com scontent.xx.fbcdn.net external.xx.fbcdn.net assets.rockwerchter.be *.google-analytics.com *.doubleclick.net *.betrad.com *.quantserve.com *.evidon.com rockwerchter.be *.x.bidswitch.net *.google.com *.google.be *.consensu.org googlesync.permutive.com api.permutive.com cdn.permutive.com cdn.cookielaw.org *.doubleclick.net *.advertising.com *.bidswitch.net *.krxd.net *.smartadserver.com *.spotxchange.com *.agkn.com *.deployads.com *.emxdgt.com *.3lift.com *.crwdcntrl.net *.yahoo.com *.sharethrough.com *.1rx.io *.taboola.com *.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com connect.facebook.net graph.facebook.com *.instagram.com js-agent.newrelic.com bam.nr-data.net assets.rockwerchter.be *.googletagmanager.com *.google-analytics.com *.evidon.com *.quantserve.com *.betrad.com *.quantcount.com tagmanager.google.com *.googleadservices.com *.doubleclick.net *.bh.contextweb.com www.google.com *.google.com *.google.com *.gstatic.com *.consensu.org *.permutive.com api.permutive.com cdn.permutive.com api.permutive.com cdn.permutive.com cdn.cookielaw.org geolocation.onetrust.com geolocation.onetrust.com *.rwtest.test6 *.tiktok.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com assets.rockwerchter.be *.tagmanager.google.com tagmanager.google.com *.typekit.net *.typekit.net;report-uri /nelmio/csp/report;connect-src www.googleapis.com 'self' *.betrad.com *.google-analytics.com *.consensu.org *.permutive.com geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com *.google.com *.doubleclick.net;frame-src www.youtube.com www.vimeo.com staticxx.facebook.com www.facebook.com web.facebook.com www.google.com 'self' *.betrad.com *.evidon.com cookies.onetrust.mgr.consensu.org;worker-src 'self' blob: 1
default-src 'self' https://equatio.texthelp.com/static/ wss://*.firebaseio.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com https://script.google.com/; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/static/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/static/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/static/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/static/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com; img-src 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io 'nonce-Se3HV1qP83gxfZ0g7hkD3g=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://fonts.gstatic.com https://widget.formitable.com; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: https://via.tt.se/; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'none'; frame-src 'none'; frame-ancestors 'none'; child-src 'none'; font-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' ; script-src 'self' 'nonce-TlRZek9HRmtZbVE0T1RSak9HUTE=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-TVRJeE5XTXdZMlEwWlRBNFptVms=' *.servmetric.com *.govmetric.com piwik.breda.nl 'nonce-TVRVMU5ERmxOemRrWkdVM05HRTE=' *.vrmwb.nl 'nonce-WW1Zek56bGtOREV6T0RNNU4yUTA=' 'nonce-T0RrMk1XWXhPVEV5TUdSaE56SXk=' 'nonce-TlRNeE1EazVPREkyWW1GaFptTms=' 'nonce-WlRCa01XVXlNbVpqT0dFeFpUTmk='; object-src 'self'; style-src 'self' 'nonce-TWpZMVpqQTBaVEk1TnpnMk0yUTE=' 'nonce-TWpCa1pEUmpaamt5WldNMlkyWXk=' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.servmetric.com *.govmetric.com 'nonce-T0RReFlqWTFZV1kxTlRWaE1ETmw=' *.vrmwb.nl 'nonce-TldObU5ESm1aVGM1TXpZNE1UYzM='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com *.ytimg.com piwik.breda.nl *.vrmwb.nl *.openstreetmap.org chart.googleapis.com; media-src 'self'; frame-src 'self' www.youtube.com reserveren.rondvaartbreda.nl buwa.maps.arcgis.com *.breda.nl *.youtube.com *.servmetric.com *.govmetric.com; frame-ancestors 'self' piwik.breda.nl; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.ionicframework.com fonts.gstatic.com; connect-src 'self' *.siteimprove.com *.servmetric.com *.govmetric.com piwik.breda.nl; report-uri /report-csp-violation 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
base-uri 'none';connect-src 'self' wss://*.fuelrats.com https://dev.api.fuelrats.com ;default-src 'self' *.fuelrats.com;font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://js.stripe.com;img-src 'self' *.wp.com blob: data:;manifest-src 'self';object-src 'self' data:;script-src 'self' *.stripe.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
base-uri 'none';child-src 'none';connect-src 'self' https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com;style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
upgrade-insecure-requests; frame-ancestors 'none' 1
default-src * blob: data:; frame-ancestors 'self'; img-src * data: maps.googleapis.com maps.gstatic.com i.ytimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net maps.googleapis.com *.usercentrics.eu *.cookiebot.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' maps.googleapis.com www.youtube.com s.ytimg.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net *.usercentrics.eu *.cookiebot.com stats.g.doubleclick.net noembed.com; frame-src 'self' *.cookiebot.com gematik.capita-europe.com ti-lage.prod.ccs.gematik.solutions www.youtube-nocookie.com www.youtube.com www.facebook.com *.emailsys1a.net *.int.gematik.de; 1
default-src 'self' 'unsafe-inline' *.typekit.net *.jquery.com cdn.jsdelivr.net data: secure.gravatar.com *.hotjar.com *.google-analytics.com *.googletagmanager.com *.hsforms.net instant.page t.jabmo.app secure.adnxs.com d22d1xpx4ztuef.cloudfront.net *.hsforms.com snap.licdn.com static.ads-twitter.com js.hs-scripts.com stats.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com *.google.com px.ads.linkedin.com t.co c.jabmo.app api.ipify.org www.google.co.uk js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com analytics.twitter.com px4.ads.linkedin.com *.hubspot.com *.adsymptotic.com *.youtube.com *.ytimg.com *.gstatic.com *.eurolandir.com *.linkedin.com *.insightfulcompanyinsight.com *.googleoptimize.com; 1
frame-ancestors *.amboss.com 1
allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com 1
default-src *.hotjar.io *.hotjar.com wss://*.hotjar.com 'self'  script.hotjar.com vc.hotjar.io in.hotjar.com *.yandex.ru *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' *.hotjar.com fonts.gstatic.com; object-src data: 'self'; img-src https: blob: data:; style-src 'self' *.buderus.com buderus.com 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net  buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net 1
frame-ancestors *.scaledrone.com 1
frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live ar.team.live pl.team.live tr.team.live; 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com www.gstatic.com *.googleoptimize.com www.tag4arm.com dev.visualwebsiteoptimizer.com cdn.mouseflow.com connect.facebook.net app.vacancy-filler.co.uk secure.adnxs.com *.doubleclick.net services.postcodeanywhere.co.uk centrepointorguk-staging.azurewebsites.net centrepoint.org.uk platform.twitter.com static.ads-twitter.com cdn.syndication.twimg.com *.8x8.com *.dotomi.com *.consensu.org *.stripe.com *.newmode.net *.shpg.org blog.apps.npr.org widget.raisenow.com *.clarity.ms www.buzzsprout.com i.tryinteract.com *.tvsquared.com; default-src 'self' data:; worker-src https://centrepointorguk-staging.azurewebsites.net centrepoint.org.uk; style-src 'self' 'unsafe-inline' hello.myfonts.net tagmanager.google.com optimise.google.com fonts.googleapis.com services.postcodeanywhere.co.uk platform.twitter.com widget.raisenow.com *.google.com; connect-src 'self' dev.visualwebsiteoptimizer.com www.tag4arm.com services.postcodeanywhere.co.uk rec1.visualwebsiteoptimizer.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.clarity.ms; font-src 'self' hello.myfonts.net fonts.gstatic.com fonts.googleapis.com widget.raisenow.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: www.tag4arm.com centrepointorguk.azureedge.net dev.visualwebsiteoptimizer.com centrepointorguk.blob.core.windows.net *.facebook.com *.facebook.net *.g.doubleclick.net http://maps.googleapis.com *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com optimise.google.com *.googleadservices.com ssl.gstatic.com *.doubleclick.net img.youtube.com rec1.visualwebsiteoptimizer.com cdn.syndication.twimg.com *.twitter.com *.twimg.com t.co *.8x8.com *.liadm.com *.contextweb.com *.vdopia.com *.pubmatic.com *.adnxs.com *.rubiconproject.com *.tremorhub.com *.mediaplex.com *.addkt.com *.dotomi.com core.conversant.mgr.consensu.org padlet.com padlet.net *.clarity.ms *.bing.com www.gstatic.com *.tvsquared.com; frame-src 'self' *.8x8.com *.doubleclick.net www.youtube.com www.google.com optimise.google.com connect.facebook.net www.facebook.com staticxx.facebook.com services.postcodeanywhere.co.uk platform.twitter.com syndication.twitter.com *.stripe.com *.newmode.net padlet.com padlet.net panoramea.co.uk *.google.com www.buzzsprout.com roundme.com quiz.tryinteract.com; 1
"default-src *" 1
default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org service.bzga.de piwik.bzga.de; style-src 'self' 'unsafe-inline' fast.fonts.net;img-src 'self' data: shop.bzga.de piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de service.bzga.de; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' * ; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; child-src 'self' *; font-src 'self' data: *; connect-src 'self' * 1
default-src 'unsafe-hashes' www.crohnsandcolitis.org.uk https://*.readspeaker.com https://poster.crohnsandcolitis.org.uk https://platform.twitter.com https://docs.google.com https://customervoice.microsoft.com https://vars.hotjar.com https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://chats.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com;base-uri 'self';frame-ancestors 'self';script-src 'nonce-9182595c35454c86994cb6285649f45c' 'unsafe-eval' 'self' https://acsbapp.com https://*.acsbapp.com https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://analytics.nyltx.com https://ruler.nyltx.com/ https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://static.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com;connect-src 'self'  https://cdn.acsbapp.com https://*.trackedweb.net https://*.readspeaker.com https://www.facebook.com https://platform.twitter.com https://docs.google.com https://*.cookiefirst.com https://in.hotjar.com https://vc.hotjar.io https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://chats.landbot.io https://*.addthis.com https://www.google-analytics.com https://stats.g.doubleclick.net;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://*.acsbapp.com https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://acsbapp.com https://*.acsbapp.com blob: https://*.readspeaker.com https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com;form-action 'self' https://*.readspeaker.com; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ;  1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com; script-src 'strict-dynamic' 'nonce-e8f1ac6d149d75ec5ea390d521a3189a' 'nonce-7f6e0f6aa965a5e669f4ba7870395b6d' 'nonce-2cd5b7a71eaec2eef5f3e2a743454f3a' 'nonce-403a397ab0591b6c546902cf85039957' 'nonce-ada1fbf9c079b14919a34fde8a347542' 'nonce-ca63e5943e1f4237b327ce561566d7ec' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e8f1ac6d149d75ec5ea390d521a3189a' 'nonce-7f6e0f6aa965a5e669f4ba7870395b6d' 'nonce-2cd5b7a71eaec2eef5f3e2a743454f3a' 'nonce-403a397ab0591b6c546902cf85039957' 'nonce-ada1fbf9c079b14919a34fde8a347542' 'nonce-ca63e5943e1f4237b327ce561566d7ec' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de; script-src 'strict-dynamic' 'nonce-b088eeea5613e926893b9e63803cbccb' 'nonce-177d0e2bbbfff846090fe9909d994cd2' 'nonce-883c61ffa46597006569d5ec12b0c1db' 'nonce-c87e33333219cc0547e6ab086a64a255' 'nonce-210f1fb44dbc69374b53b50a63d5f1d5' 'nonce-55167959af92d644646d1fa27fbbec7c' 'nonce-6ab0a7d19012959f6e036602b1ad78d1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-b088eeea5613e926893b9e63803cbccb' 'nonce-177d0e2bbbfff846090fe9909d994cd2' 'nonce-883c61ffa46597006569d5ec12b0c1db' 'nonce-c87e33333219cc0547e6ab086a64a255' 'nonce-210f1fb44dbc69374b53b50a63d5f1d5' 'nonce-55167959af92d644646d1fa27fbbec7c' 'nonce-6ab0a7d19012959f6e036602b1ad78d1' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
default-src 'self' https://lp.cloud4c.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://widget.intercom.io https://js.intercomcdn.com https://script.crazyegg.com https://stackpath.bootstrapcdn.com https://static.hotjar.com https://a.quora.com https://www.googleadservices.com https://cdn.pagesense.io https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.google-analytics.com https://snap.licdn.com https://t.cloud4c.com https://*.likebtn.com https://s7.addthis.com https://munchkin.marketo.net https://sjrtp9-cdn.marketo.com https://rtp-static.marketo.com https://sjrtp9.marketo.com https://tpc.googlesyndication.com https://lp.cloud4c.com https://app-sjp.marketo.com https://px.ads.linkedin.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://*.likebtn.com https://rtp-static.marketo.com https://lp.cloud4c.com; img-src 'self' data: https://p.adsymptotic.com https://downloads.intercomcdn.com https://js.intercomcdn.com https://static.intercomassets.com https://www.google.co.in https://q.quora.com https://www.google.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://t.cloud4c.com https://pv.likebtn.com https://googleads.g.doubleclick.net https://lp.cloud4c.com; media-src 'self' https://js.intercomcdn.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net youtu.be www.youtube.com www.facebook.com https://tpc.googlesyndication.com https://lp.cloud4c.com; font-src 'self' 'unsafe-inline' https://js.intercomcdn.com https://cdnjs.cloudflare.com; connect-src 'self' wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://www.google-analytics.com https://pagesense-collect.zoho.com https://stats.g.doubleclick.net https://t.cloud4c.com https://224-ahc-158.mktoresp.com https://sjrtp9.marketo.com https://www.facebook.com/tr/; report-uri /report-csp-violation 1
default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: https://players.brightcove.net https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: https://a.idio.co/ https://i.idio.co; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answerstemplates-iife.compiled.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answers.min.js https://answers-embed.lazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.aulazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.uklazardassetmanagement.com.pagescdn.com/iframe.js https://assets.sitescdn.net/answers/v1.6/answers.css https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ https://s.idio.co/ia.js https://js.idio.co/1473.js https://s.idio.co/ip.js https://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/; style-src * 'unsafe-inline'; frame-ancestors 'self' http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-ETlv78VG9I9izfKL28mltdIkAtTdtjmX' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1
default-src https:; connect-src pathbrite-content.s3.amazonaws.com pathbrite-direct-upload.s3.amazonaws.com *.pathbrite.com wss://*.pathbrite.com *.facebook.com *.cloudfront.net *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.facebook.net *.pathbrite.com *.cloudfront.net *.google.com *.google-analytics.com *.twitter.com vimeo.com; style-src 'unsafe-inline' *.cloudfront.net *.bootstrapcdn.com; img-src * data:; font-src * data: 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; img-src https: 'self' data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
frame-ancestors 'self' *.business.qld.gov.au 1
frame-ancestors 'none'; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
default-src 'self' google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com https://www.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.compx.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com; img-src 'self'  googletagmanager.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com googletagmanager.com w3.org; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com googletagmanager.com w3.org *.crazyegg.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.hotjar.com *.hotjar.io; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /admin/config/system/seckit/csp-report 1
'default-src \'self\'; 1
default-src 'self' https://admin.rcdow.org.uk; script-src 'self' https://admin.rcdow.org.uk maps.googleapis.com e.issuu.com/embed.js https://js.stripe.com 'strict-dynamic' https: 'unsafe-eval' 'nonce-abc566b70bd84f5c26f89864aa43e4f9'; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://sentry.issuu.com/api/ https://api.stripe.com data: blob:; img-src * data:; media-src * data:; frame-src e.issuu.com *.google.com player.vimeo.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' https://admin.rcdow.org.uk https://fonts.googleapis.com 'nonce-f6c4ce8aab0cdb6300d4e9069f0c7ec6'; font-src * data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: shielded.co.nz i.ytimg.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' *.vimeo.com *.doubleclick.net https://burgess.theatro360.com *.digitalimages.gr https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://www.luxproimaging.com;  script-src *.jsdelivr.net *.googleoptimize.com *.googleapis.com *.livechatinc.com *.quantcount.com *.quantserve.com *.doubleclick.net *.teads.tv www.googletagmanager.com r1.dotdigital-pages.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://email.burgessyachts.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net view.ceros.com *.wirewax.com tour.theatro360.com https://download-video.akamaized.net/;  style-src translate.googleapis.com 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.dnky.co https://fonts.googleapis.com https://tagmanager.google.com https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com *.stackadapt.com;  img-src doubleclick.net *.doubleclick.net *.teads.tv *.quantserve.com quantserve.com t.teads.tv teads.tv www.google.bs www.google.by www.google.cm www.google.co.cr www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uz www.google.co.ve www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.my www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vc www.google.com.vn www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hu www.google.im www.google.iq www.google.is www.google.lk www.google.lv www.google.me www.google.mu www.google.mv www.google.no www.google.pl www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.google.tt translate.google.com i.vimeocdn.com connect.facebook.net android-webview-video-poster	www.google.gr www.google.lu www.google.cz r1-t.trackedlink.net	www.google.az	www.google.bg www.google.ch	www.google.com.eg	www.google.com.mx www.google.com.ua	www.google.es	www.google.pt www.google.at www.google.com.mt www.google.com.tr www.google.ie www.google.ae www.google.it www.google.hr 	www.google.be www.google.co.id www.google.com.au www.google.com.br www.google.com.pk www.google.de www.google.dk www.google.fr www.google.je www.google.nl www.google.ro azweusaburdevqa.blob.core.windows.net beacon.krxd.net 	www.facebook.com www.google-analytics.com i.ytimg.com 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com;  connect-src *.hotjar.com *.teads.tv wss://ws6.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com 	wss://ws11.hotjar.com 	wss://ws3.hotjar.com 	wss://ws8.hotjar.com wss://ws9.hotjar.com 	www.google.com stats.addtoany.com wss://ws5.hotjar.com	www.google-analytics.com	wss://ws12.hotjar.com wss://ws4.hotjar.com wss://ws7.hotjar.com 'self' stats.g.doubleclick.net wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com *.akamaized.net *.stackadapt.com;  font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com;  worker-src 'self' blob:;  media-src 'self' https://vod-progressive.akamaized.net *.akamaized.net *.vimeocdn.com https://video-dev.github.io *.vimeo.com  blob:;  frame-src *.livechatinc.com r1.dotdigital-pages.com dotdigital-pages.com https://kuula.co kuula.co digitalimages.gr www.digitalimages.gr docs.google.com theatro360.com www.googletagmanager.com 10388175.fls.doubleclick.net 'self' www.digitalimages.gr digitalimages.gr www.google.com https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com https://www.digitowl.vision https://my.matterport.com https://tourmkr.com https://www.golocal.hk https://www.coolwalkee.com https://www.google.com/maps https://www.luxproimaging.com http://vrtour.virtualsinc.com view.ceros.com *.wirewax.com *.theatro360.com;  child-src blob: ; script-src-elem  *.jsdelivr.net *.googleoptimize.com *.livechatinc.com *.googleapis.com r1.dotdigital-pages.com dotdigital-pages.com *.doubleclick.net www.googleadservices.com googleadservices.com rules.quantcount.com gc.kis.v2.scr.kaspersky-labs.com r1-t.trackedlink.net www.googletagmanager.com 'self' 'unsafe-inline' connect.facebook.net r1.dotmailer-surveys.com static.addtoany.com static.hotjar.com www.google-analytics.com www.google.com www.youtube.com s.ytimg.com script.hotjar.com googletagmanager.com addtoany.com gstatic.com www.gstatic.com r1-t.trackedlink.net trackedlink.net p.teads.tv quantserve.com secure.quantserve.com ad.doubleclick.net doubleclick.net data: *.trackedweb.net view.ceros.com *.wirewax.com *.stackadapt.com; report-uri https://burgesscsp.report-uri.com/r/d/csp/wizard 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com cincinnatilibrary.bibliocms.com *.cincinnatilibrary.bibliocms.com https://chpl.org chpl.org *.chpl.org; 1
default-src 'self'; child-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru mc.yandex.ru accounts.google.com content.googleapis.com; connect-src 'self' cdn.datatables.net wss://seolib.ru:8018 mc.webvisor.org mc.webvisor.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; font-src 'self' data: seolib.ru fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru accounts.google.com content.googleapis.com; img-src 'self' data: favicon.yandex.net www.google-analytics.com www.googletagmanager.com https://*.googleusercontent.com stats.g.doubleclick.net mc.webvisor.org www.google.com www.google.com.ua www.google.ru mc.yandex.ru reformal.ru cdn.jsdelivr.net media.reformal.ru gstatic.com www.gstatic.com https://*.gstatic.com http://traffic.alexa.com http://runep.ru/; media-src 'self' cdn.datatables.net https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' seolib.ru media.reformal.ru www.google-analytics.com www.googletagmanager.com tagmanager.google.com stats.g.doubleclick.net mc.webvisor.org d31j93rd8oukbv.cloudfront.net mc.yandex.ru www.google.com www.google.com.ua www.google.ru apis.google.com https://apis.google.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com gstatic.com www.gstatic.com https://*.gstatic.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com seolib.ru www.google.com ajax.googleapis.com use.fontawesome.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; report-uri /csp/report 1
form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://api.pirsch.io/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://api.pirsch.io/; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.driftt.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://assets.trendemon.com/ https://www.googleadservices.com/ https://script.hotjar.com/ https://extend.vimeocdn.com/ https://static.oktopost.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://www.redditstatic.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://tracking.g2crowd.com/ https://googleads.g.doubleclick.net/ https://okt.to/ https://trackingapi.trendemon.com/ https://i.ytimg.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://go.panaya.com/ https://www.linkedin.com/ https://www.slideshare.net/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://www.comeet.co/ https://www.google.co.il/ https://cse.google.com/ https://*.doubleclick.net/ https://*.marketo.net/ https://*.panaya.com/ https://*.hotjar.com/ https://munchkin.marketo.net/ https://vimeo.com/ https://player.vimeo.com https://www.google.com.ua/ https://www.google.ge/ https://www.google.co.uk/ https://www.google.fr/ https://www.google.ga/ https://www.gstatic.com/; img-src 'self' data: https://vimeo.com/ https://i.vimeocdn.com/ https://img.youtube.com/ https://www.google.com/ https://www.facebook.com/ https://bat.bing.com/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://p.adsymptotic.com/ https://trackingapi.trendemon.com/ https://www.linkedin.com/ https://i.ytimg.com/ https://googleads.g.doubleclick.net/ https://secure.gravatar.com/ https://go.panaya.com/ https://www.slideshare.net/ https://www.googletagmanager.com/ https://munchkin.marketo.net/ https://www.googleapis.com/ https://clients1.google.com/ https://*.doubleclick.net/ https://*.panaya.com/ https://*.hotjar.com/ https://pic.trendemon.com/ https://d1ysmqklpsb9ih.cloudfront.net/ https://www.google.ac/ https://www.google.ad/ https://www.google.ae/ https://www.google.com.af/ https://www.google.com.ag/ https://www.google.com.ai/ https://www.google.al/ https://www.google.am/ https://www.google.co.ao/ https://www.google.com.ar/ https://www.google.as/ https://www.google.at/ https://www.google.com.au/ https://www.google.az/ https://www.google.ba/ https://www.google.com.bd/ https://www.google.be/ https://www.google.bf/ https://www.google.bg/ https://www.google.com.bh/ https://www.google.bi/ https://www.google.bj/ https://www.google.com.bn/ https://www.google.com.bo/ https://www.google.com.br/ https://www.google.bs/ https://www.google.bt/ https://www.google.co.bw/ https://www.google.by/ https://www.google.com.bz/ https://www.google.ca/ https://www.google.com.kh/ https://www.google.cc/ https://www.google.cd/ https://www.google.cf/ https://www.google.cat/ https://www.google.cg/ https://www.google.ch/ https://www.google.ci/ https://www.google.co.ck/ https://www.google.cl/ https://www.google.cm/ https://www.google.cn/ https://www.google.com.co/ https://www.google.co.cr/ https://www.google.com.cu/ https://www.google.cv/ https://www.google.com.cy/ https://www.google.cz/ https://www.google.de/ https://www.google.dj/ https://www.google.dk/ https://www.google.dm/ https://www.google.com.do/ https://www.google.dz/ https://www.google.com.ec/ https://www.google.ee/ https://www.google.com.eg/ https://www.google.es/ https://www.google.com.et/ https://www.google.fi/ https://www.google.com.fj/ https://www.google.fm/ https://www.google.fr/ https://www.google.ga/ https://www.google.ge/ https://www.google.gf/ https://www.google.gg/ https://www.google.com.gh/ https://www.google.com.gi/ https://www.google.gl/ https://www.google.gm/ https://www.google.gp/ https://www.google.gr/ https://www.google.com.gt/ https://www.google.gy/ https://www.google.com.hk/ https://www.google.hn/ https://www.google.hr/ https://www.google.ht/ https://www.google.hu/ https://www.google.co.id/ https://www.google.iq/ https://www.google.ie/ https://www.google.co.il/ https://www.google.im/ https://www.google.co.in/ https://www.google.io/ https://www.google.is/ https://www.google.it/ https://www.google.je/ https://www.google.com.jm/ https://www.google.jo/ https://www.google.co.jp/ https://www.google.co.ke/ https://www.google.ki/ https://www.google.kg/ https://www.google.co.kr/ https://www.google.com.kw/ https://www.google.kz/ https://www.google.la/ https://www.google.com.lb/ https://www.google.com.lc/ https://www.google.li/ https://www.google.lk/ https://www.google.co.ls/ https://www.google.lt/ https://www.google.lu/ https://www.google.lv/ https://www.google.com.ly/ https://www.google.co.ma/ https://www.google.md/ https://www.google.me/ https://www.google.mg/ https://www.google.mk/ https://www.google.ml/ https://www.google.com.mm/ https://www.google.mn/ https://www.google.ms/ https://www.google.com.mt/ https://www.google.mu/ https://www.google.mv/ https://www.google.mw/ https://www.google.com.mx/ https://www.google.com.my/ https://www.google.co.mz/ https://www.google.com.na/ https://www.google.ne/ https://www.google.com.nf/ https://www.google.com.ng/ https://www.google.com.ni/ https://www.google.nl/ https://www.google.no/ https://www.google.com.np/ https://www.google.nr/ https://www.google.nu/ https://www.google.co.nz/ https://www.google.com.om/ https://www.google.com.pk/ https://www.google.com.pa/ https://www.google.com.pe/ https://www.google.com.ph/ https://www.google.pl/ https://www.google.com.pg/ https://www.google.pn/ https://www.google.co.pn/ https://www.google.com.pr/ https://www.google.ps/ https://www.google.pt/ https://www.google.com.py/ https://www.google.com.qa/ https://www.google.ro/ https://www.google.rs/ https://www.google.ru/ https://www.google.rw/ https://www.google.com.sa/ https://www.google.com.sb/ https://www.google.sc/ https://www.google.se/ https://www.google.com.sg/ https://www.google.sh/ https://www.google.si/ https://www.google.sk/ https://www.google.com.sl/ https://www.google.sn/ https://www.google.sm/ https://www.google.so/ https://www.google.st/ https://www.google.sr/ https://www.google.com.sv/ https://www.google.td/ https://www.google.tg/ https://www.google.co.th/ https://www.google.com.tj/ https://www.google.tk/ https://www.google.tl/ https://www.google.tm/ https://www.google.to/ https://www.google.tn/ https://www.google.com.tr/ https://www.google.tt/ https://www.google.com.tw/ https://www.google.co.tz/ https://www.google.com.ua/ https://www.google.co.ug/ https://www.google.co.uk/ https://www.google.com/ https://www.google.com.uy/ https://www.google.co.uz/ https://www.google.com.vc/ https://www.google.co.ve/ https://www.google.vg/ https://www.google.co.vi/ https://www.google.com.vn/ https://www.google.vu/ https://www.google.ws/ https://www.google.co.za/ https://www.google.co.zm/ https://www.google.co.zw/ https://player.vimeo.com; object-src 'self' data: https://js.driftt.com/ https://www.youtube.com/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://i.ytimg.com/ https://googleads.g.doubleclick.net/ https://go.panaya.com/ https://www.slideshare.net/ https://www.comeet.co/ https://www.google.co.il/ https://*.doubleclick.net/ https://*.marketo.net/ https://*.panaya.com/ https://*.hotjar.com/ https://i.vimeocdn.com/ https://vimeo.com/ https://player.vimeo.com https://www.gstatic.com/ https://www.google.com/; frame-src 'self' data: https://js.driftt.com/ https://www.youtube.com/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://i.ytimg.com/ https://googleads.g.doubleclick.net/ https://go.panaya.com/ https://www.slideshare.net/ https://www.comeet.co/ https://www.google.co.il/ https://*.doubleclick.net/ https://*.marketo.net/ https://*.panaya.com/ https://*.hotjar.com/ https://i.vimeocdn.com/ https://vimeo.com/ https://player.vimeo.com https://www.gstatic.com/ https://www.google.com/; 1
default-src 'self'; script-src 'self'; img-src '*'; 1
default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com *.smartlook.cloud *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com *.smartlook.cloud https://googleads.g.doubleclick.net *.gstatic.com *.clarity.ms;form-action 'self';frame-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.clarity.ms *.ytimg.com *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com *.smartlook.cloud *.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.gstatic.com 1
default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com  https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com googletagmanager.com https:; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' fonts.gstatic.com data:; connect-src 'self' www.google-analytics.com 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; script-src 'self' https://www.googletagmanager.com 'nonce-1mFoUJBncoRfu0vyAWJIj5SyEEXR7xBuRrDtZjbjn2Y='; connect-src 'self' https://www.google-analytics.com; img-src 'self'  https://schoolsbuddy.blob.core.windows.net 1
frame-ancestors 'self' *.finq.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
frame-ancestors 'self' https://campaign.interamerican.gr/ https://askme.interamerican.gr/; 1
default-src 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1
https://client.libertydentalplan.com; https://libertydentalplan.com  1
frame-ancestors 'self' https://*.hapara.com/ 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1
frame-ancestors https://www.abarset.com/ https://abarset-grandvalira.com/ http://*.grandvalira.com https://*.grandvalira.com http://*.ordinoarcalis.com https://*.ordinoarcalis.com http://*.grandvaliraresorts.com https://*.grandvaliraresorts.com 1
default-src data: wss://*.8888.bg:* wss://8888.bg:* wss://8888.evo-games.com:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://8888.bg https://*.8888.bg https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.bg https://www.google.com  https://apis.google.com https://fonts.googleapis.com  https://ajax.googleapis.com  https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.comm100vue.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://cdn.taboola.com  https://trc.taboola.com https://trc-events.taboola.com https://s2.adform.net https://track.adform.net/ https://sxt.cdn.skype.com https://www.adobe.com https://sb2integration-altenar2.biahosted.com https://sb2brstream-altenar2.biahosted.com/  https://sb2betbuilder-altenar2.biahosted.com/ https://sb2clientstatic-altenar2.biahosted.com https://sb2frontend-altenar2.biahosted.com https://sb2auth-altenar2.biahosted.com https://sb2bets-altenar2.biahosted.com https://sb2bonus-altenar2.biahosted.com  https://sb2streaming-altenar2.biahosted.com/ https://avplayer-cdn.sportradar.com  https://fbstreambro.cc/ https://time.akamai.com/ https://avplayer-cdn.akamaized.net/ https://app-e.insvr.com/ https://linker.bg/ https://8888-dgm.gv-gamespace.com  https://cdncf.ps-gamespace.com https://ngt-play-mrk-8888bg.7777gaming.tech https://ngt-mrk-8888bg-s.7777gaming.tech https://lob.egcvi.com/ https://8888.evo-games.com https://public-gw-demulti.casinomodule.com/  https://gcl.netentcdn.com/gcs/reportData https://lc-live-http-ipv4.akamaized.net https://sportradar-vie-ipv4.hs.llnwd.net https://*.hs.llnwd.net https://hs.llnwd.net https://*.fc.llnwd.net https://sportradar.fc.llnwd.net/sportradar/ https://wgt-s3-cdn.statscore.com/ https://widgets.sir.sportradar.com/ https://lmt.fn.sportradar.com/ https://widgets.fn.sportradar.com/  https://widgets.statscore.com/  https://img.sportradar.com  https://player.performgroup.com/ https://wab-visualisation.performgroup.com/ https://ogs-gl-mt1p16.nyxop.net/  https://ogs-gcm-eu-prod.nyxop.net/ https://resource.eur.casinarena.com/ https://gdm-eu-prod.ext.nyxop.net/ https://s7.egtmgs.com:8181/  https://free.egtmgs.com:9998/  https://topbetbulgaria-dk2.pragmaticplay.net/ https://game-launcher-aws2.isoftbet.com/  https://rgs1.ctrgs.com/  https://cdn2.ctrgs.com/ https://sb2bethistory-altenar2.biahosted.com/ https://demogamesfree.pragmaticplay.net https://sb2bethistory-altenar2.biahosted.com/ https://sb2lottery-betscalculator-altenar2.biahosted.com/ https://eadsrv.com https://de-games.svmsrv.com https://de2-games.svmsrv.com https://four8s-gc-prod-bgsp.egt-ong.com https://cdn02.cdn.amatic.com blob: https://*.8888.bg https://8888.bg; frame-ancestors 'self' https://*.8888.bg; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; 1
frame-ancestors 'self' insights.hotjar.com 1
default-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://staticfiles.digitalchargingsolutions.com https://maps.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com; frame-src 'self' https://payment.datatrans.biz/; img-src 'self' https: data: https://cpologo.digitalchargingsolutions.com; style-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://fonts.googleapis.com; font-src 'self'  https://staticfiles.digitalchargingsolutions.com https://fonts.gstatic.com; 1
default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
base-uri 'none'; default-src 'self' *.youtube.com *.google.com *.googleapis.com *.fontawesome.com *.doubleclick.net *.moneris.com; script-src 'self' *.googletagmanager.com *.google.com *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.fontawesome.com *.google-analytics.com *.craftcms.com *.joomla.org js.stripe.com 'nonce-411ff36a29a47e0f10736c7f3fde28da0b2fc0446ba4' 'nonce-655caabea350fc789fc79fcee19a83bc3528b49e3980'; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.gstatic.com 'nonce-5368fa47c2dd84f208def73c5ff32a032d2b9aa36317'; img-src 'self' data: *.cablevision.ca *.cablevision.qc.ca *.google-analytics.com *.googleapis.com *.craft-cdn.com *.joomla.org; connect-src 'self' *.craftcms.com; font-src 'self' *.googleapis.com *.fontawesome.com *.gstatic.com; object-src 'none'; frame-src 'self' *.cablevision.qc.ca *.cablevision.ca *.moneris.com *.google.com js.stripe.com; frame-ancestors 'self' *.cablevision.qc.ca *.cablevision.ca; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://flexprintmp.wpengine.com https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://app.termly.io https://frontend.id-visitors.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://*.6sc.co/; img-src 'self' data: blob: https://flexprintmp.wpengine.com https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://*.gravatar.com https://*.6sc.co/; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; form-action 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1
default-src 'self' *.arbeitsagentur.de *.jobcenter-ge.de; base-uri 'self' *.jobcenter-ge.de; style-src 'self' 'unsafe-inline' *.jobcenter-ge.de; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.arbeitsagentur.de *.jobcenter-ge.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.arbeitsagentur.de *.jobcenter-ge.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.arbeitsagentur.de *.jobcenter-ge.de; frame-ancestors 'self'; 1
frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com epl.bibliocms.com *.epl.bibliocms.com https://www.epl.ca www.epl.ca *.www.epl.ca; 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/; object-src 'self' style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/; img-src 'self' https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ data:; media-src 'self' https://static.zdassets.com/; frame-src 'self' https://www.youtube.com/ https://buy.moonpay.com/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/; connect-src 'self' wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self'; frame-src 'self' *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
frame-ancestors 'self' https://*.felgenoutlet.de 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-rNqdeeb9hQ1MP5y9JpqlYXWZ1EUhrii3' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
child-src 'self' ; connect-src 'self' *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.constantcontact.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src 'self' *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.medtronic.com; navigate-to 'self' ; object-src 'self' ; prefetch-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.constantcontact.com *.cloudflare.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self' ;  upgrade-insecure-requests; 1
allow *; script-src 'self' https://www.ibs.re.kr; script-src 'self' https://www.ibs.d.innodis.co.kr; object-src http://maps.google.com; object-src https://www.google.co.kr/; object-src http://html5shiv.googlecode.com; object-src http://www.facebook.com; object-src https://twitter.com; object-src https://www.google-analytics.com/;object-src https://www.google.com; report-uri /csp-report-endpoint/; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com https://oaklandlibrary.org oaklandlibrary.org *.oaklandlibrary.org; 1
default-src *; style-src *; connect-src * 1
child-src 'self' coapi.collabio.team auth.collabio.team cdn.collabio.team; connect-src 'self' coapi.collabio.team auth.collabio.team cdn.collabio.team wss://coapi.collabio.team data:; default-src 'none'; font-src 'self' data: cdn.collabio.team; frame-ancestors auth.collabio.team cdn.collabio.team docs.collabio.team files.collabio.team links.collabio.team docs.collabio.team; frame-src 'self' blob: coapi.collabio.team auth.collabio.team cdn.collabio.team im.ncloudtech.ru; img-src 'self' data: blob: coapi.collabio.team auth.collabio.team cdn.collabio.team; media-src 'self' coapi.collabio.team auth.collabio.team cdn.collabio.team; object-src 'self' blob: coapi.collabio.team; report-uri https://coapi.collabio.team/csp-report; script-src 'self' 'unsafe-eval' cdn.collabio.team; style-src 'self' 'unsafe-inline' cdn.collabio.team 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org	www.youtube.com s.ytimg.com www.vvs.de *.usercentrics.eu; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data:  https://fonts.gstatic.com https: 1
base-uri 'self' *.google.com; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com ict.infinity-tracking.net outsysprod.paragon-group.co.uk response.pure360.com 'self' sitesearch360.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.investis.com *.paragonbank.co.uk *.paragonbankinggroup.co.uk *.sitesearch360.com *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com 'self'; script-src gap: 'self' ict.infinity-tracking.net mpsnare.iesnare.com sitesearch360.com snap.licdn.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com *.google.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=aybSA%2baMz7jlSsuUsnpGOy3CLBVezLsgQTnGbkv4fpjLPhiySNl%2bKfkgfisL3sT1AAfvXAryu%2fLFrRxCzWjRZLv52UOV8B7qOzRevPt8IiFVZX39kXv9h9iVVeudJwTC2AVZ6H5Wmlh03HuRgPzsI2eT0mcqLnc2A%2bYZkO4Y%2f5CVgH8n38Pyvl5zMJbjPfeM3iQC04vcJrwKUUuZ%2ftS%2flA%3d%3d; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; frame-src 'self' webcampub.multivista.com https:; frame-ancestors 'self' data: blob:; 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' blob: data: https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://app.pendo.io https://cdn.pendo.io https://data.pendo.io https://pendo-op-static.storage.googleapis.com https://pendo-static-5741583443689472.storage.googleapis.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' energylink.com *.energylink.com app.pendo.io data.pendo.example.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com  https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com  https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com  https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com  https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://stats.g.doubleclick.net https://yoast.com https://www.google-analytics.com; media-src https://* 1
default-src 'self' https://cdn.ons.gov.uk; font-src 'self' https://fonts.gstatic.com https://cdn.ons.gov.uk; script-src 'self' *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://cdn.ons.gov.uk; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://cdn.ons.gov.uk; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://cdn.ons.gov.uk; frame-src https://www.youtube.com https://www.googletagmanager.com; img-src 'self' *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.ons.gov.uk 1
default-src 'self'; base-uri 'self'; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors *; 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
default-src 'self'  http: https: fayat.lan fayat.com data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: https: fayat.com fayat.lan google-analytics.com googlegoogletagmanager.com googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com  gateway.zscloud.net fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; img-src 'self' data: https: *.fayat.com *.gstatic.com *.googleapis.com *.w3.org 'unsafe-eval' 'unsafe-hashes'; font-src fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com fayat.com fayat.lan; report-uri /report-csp-violation 1
frame-ancestors 'self' *.ratingruneta.ru ratingruneta.ru webvisor.com http://webvisor.com metrika.yandex.ru *.yandex.net 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kdl.bibliocms.com *.kdl.bibliocms.com https://kdl.org kdl.org *.kdl.org; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self'; connect-src *.googletagmanager.com *.google-analytics.com; frame-src *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; report-uri /security/csp/report 1
allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self' 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.gs1-germany.de https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io; style-src https: 'unsafe-inline' https://*.gs1-germany.de https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' https://*.walls.io https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://ext.nonstoppartner.net https://*.gs1.org https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com; frame-ancestors 'self' https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' https://form.partner-versicherung.de; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data:; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com https://form.partner-versicherung.de https://kredit.check24.de/; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de data:; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* *.dealbunny.de https://www.google-analytics.com https://stats.g.doubleclick.net; manifest-src 'self' 1
default-src 'none'; child-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; font-src 'self'; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com 'unsafe-inline' 'nonce-resOUqCCEtaD8tC7nJvqtA=='; style-src 'self' 'unsafe-inline'; prefetch-src 'self' 1
base-uri 'self' about:;block-all-mixed-content;child-src fallsviewer.ca 'self';connect-src 'self' data: *.youtube.com fonts.gstatic.com www.clarity.ms cloudflareinsights.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.readspeaker.com rebound.postmarkapp.com img.niagarafalls.ca cdn.monsido.com https://*.smartlook.com https://*.smartlook.cloud;default-src https: 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' null cdnjs.cloudflare.com fonts.gstatic.com niagarafalls.ca;form-action 'self' *.paypal.com *.readspeaker.com *.paymentus.com niagarafalls.ca;frame-ancestors 'self' fallsviewer.ca map.niagarafalls.ca niagarafalls.ca *.us.monsido.com; frame-src fallsviewer.ca niagarafalls.maps.arcgis.com mapme.com viewer.mapme.com www.facebook.com *.niagarafalls.ca *.readspeaker.com www.google.com www.youtube.com youtube.com console.cloudinary.com cloudinary.com niagarafalls.ca *.transitapp.com ;img-src data: 'self' blob: img.niagarafalls.ca *.readspeaker.com res.cloudinary.com https://www.google-analytics.com *.gstatic.com stats.g.doubleclick.net www.googletagmanager.com www.youtube.com *.monsido.com *.googleapis.com https://*.google.com c.clarity.ms c.bing.com https://*.google.ca;media-src 'self' *.readspeaker.com youtu.be *.youtube.com;object-src *.youtube.com 'self'; report-uri https://niagarafalls.ca/webservices/csp-enforce;script-src 'self' blob: google.com *.googleapis.com *.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com www.google-analytics.com www.clarity.ms *.cloudflareinsights.com connect.facebook.net *.readspeaker.com rebound.postmarkapp.com cdn.monsido.com www.youtube.com api.transitapp.com *.ytimg.com https://*.smartlook.com https://*.smartlook.cloud 'unsafe-inline' 'unsafe-eval';style-src 'self' stackpath.bootstrapcdn.com *.googleapis.com *.google.com *.readspeaker.com 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org data: https://shop.bzga.de/; img-src 'self' data: https://cdn.ckeditor.com/ https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.ytimg.com/ https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://cdn.ckeditor.com/ 1
script-src 'self' 'nonce-1Y3vmEFqxB7n5sHXcfD6WjIJ' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.googleusercontent.com *.googletagmanager.com *.flourish.studio blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=RqTSk874TiYaHa1B1obB8gepAuZSiUKsBu6TL3aBkiv3pb%2BbFIP8837StdtsB2wihF8nksMcwGAt4nHBmRt%2FvA%3D%3D; 1
default-src *.archiefweb.eu *.wp.com; frame-src *.archiefweb.eu googleads.g.doubleclick.net *.wp.com; script-src 'unsafe-inline' 'unsafe-eval' *.archiefweb.eu *.googleapis.com *.googlesyndication.com adservice.google.nl adservice.google.com *.wp.com; style-src 'unsafe-inline' *.archiefweb.eu *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src data: *.archiefweb.eu fonts.googleapis.com fonts.gstatic.com *.wp.com *.fontawesome.com wordpress.com *.bootstrapcdn.com; media-src *.archiefweb.eu; img-src data: *.archiefweb.eu *.w.org *.wp.com *.wordpress.com *.gravatar.com 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1
default-src 'self';script-src 'self' 1
frame-ancestors 'self' https://www.kayak.fr 1
default-src 'self' https://piwik.bzga.de/ script-src 'unsafe-inline' img-src https://piwik.bzga.de/ 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com librarypoint.bibliocms.com *.librarypoint.bibliocms.com https://www.librarypoint.org www.librarypoint.org *.www.librarypoint.org; 1
frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1
child-src 'self' ; connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.vimeocdn.com; frame-src 'self' view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; navigate-to 'self' ; object-src 'self' ; prefetch-src 'self' ; script-src 'self'  'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.googleapis.com; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self' ;  upgrade-insecure-requests; 1
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.google.com;object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1
frame-ancestors 'self' *.ecoproductsstore.com; frame-src 'self' find.storesnear.me *.ecoproducts.com squadblog.ecoproducts.com brandfolder.com *.brandfolder.com https://brandfolder.com https://*.brandfolder.com *.amazonaws.com ads.p.veruta.com t.p.mybuys.com s7.addthis.com https://www.youtube.com/ *.vimeo.com http://blog.ecoproducts.com/ http://squadblog.ecoproducts.com/ *.ecoproductsstore.com 1
default-src 'self'; img-src *; media-src * data:;, img-src *; media-src * data:; 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
default-src data: wss://*.sptpub.com wss://*.ln.md:* wss://ln.md:* wss://*.7777.md:* wss://7777.md:* wss://*.7777gaming.tech:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://ln.md https://*.ln.md https://7777.md https://*.7777.md https://apis.google.com https://fonts.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.comm100.io https://*.comm100download.com https://www.googleadservices.com https://www.google.com https://*.google.bg https://*.google.md https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net  https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://*.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.adform.net/ https://*.hotjar.com https://*.trafficjunky.com/ https://*.cloudflareinsights.com https://cloudflareinsights.com https://7777gaming.tech/ https://*.7777gaming.tech https://ngt-mrk-8888bg-s.7777gaming.tech https://sb2integration-altenar2.biahosted.com https://sb2clientstatic-altenar2.biahosted.com https://sb2frontend-altenar2.biahosted.com https://sb2auth-altenar2.biahosted.com https://sb2betslip-altenar2.biahosted.com https://wgt-s3-cdn.statscore.com https://widgets.sir.sportradar.com https://lmt.fn.sportradar.com https://widgets.fn.sportradar.com/  https://sb2bets-altenar2.biahosted.com https://sb2bonus-altenar2.biahosted.com https://sb2betbuilder-altenar2.biahosted.com/ https://sb2streaming-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2lottery-betscalculator-altenar2.biahosted.com/ https://fbstreambro.cc ; frame-ancestors 'self' *.ln.md *.7777.md 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src https://ipara.com;https://ipara.com.tr 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com; worker-src 'self'; 1
default-src 'self' data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src * data: blob: 'unsafe-inline' https://www.google-analytics.com; font-src * data: blob: 'unsafe-inline'; form-action 'self' https://*.catapush.com; frame-ancestors 'self'; frame-src 'self' data: blob: 'unsafe-inline' https://*.stripe.com https://www.google.com https://mautic.catapush.com; img-src 'self' data: blob: 'unsafe-inline' https://translate.google.com *.catapush.com https://ajax.googleapis.com https://s3-eu-west-1.amazonaws.com https://s3-eu-central-1.amazonaws.com *.hubspot.net https://www.google-analytics.com https://www.gstatic.com https://js.hsforms.net/forms/v2.js https://cdn.catapush.com https://catapush.hs-sites.com; object-src 'none'; script-src 'self' *.catapush.com ipinfo.io https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ www.google-analytics.com ssl.google-analytics.com https://*.stripe.com https://js.hsforms.net/forms/v2.js 'unsafe-inline' 'nonce-3gaHh3h3CPl4kc00X+EB/g=='; style-src * 'unsafe-inline'; report-uri /csp-violation-report-endpoint 1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consent.consentcdn.cookiebot.com cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' consentcdn.cookiebot.com; img-src 'self' data: c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.clarity.ms *.hotjar.com  wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
form-action *.ausy-technologies.de *.ausy.ch; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' *.typenetwork.com matomo.dgtls.com *.cloudflareinsights.com salesviewer.org userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.matomo.dgtls.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.ausy-technologies.de *.ausy.ch https://*.crisp.chat wss://*.crisp.chat https://unpkg.com data: 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: http://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net; script-src 'strict-dynamic' 'nonce-8a9333558ea5cb4f97865135d76dd5bb' 'nonce-251406e6e17357a9c61da18aaaef3b04' 'nonce-35b52e02323680ae05d055ca949a4658' 'nonce-561e82cbc0e0d29fce037897d932be2b' 'nonce-251cea8153d1af57bf32e12159b178ee' 'nonce-88928796b6c5eb3f96ad0ebb51721174' 'nonce-b53a26d368b99118f9b6de221ba9e482' 'nonce-fdd3aceff503969ce04125d9ded88372' 'nonce-71659617527946cd465ff0f91ec420a1' 'nonce-639674172bdbefa3e187398443d2b294' 'self' https:; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8a9333558ea5cb4f97865135d76dd5bb' 'nonce-251406e6e17357a9c61da18aaaef3b04' 'nonce-35b52e02323680ae05d055ca949a4658' 'nonce-561e82cbc0e0d29fce037897d932be2b' 'nonce-251cea8153d1af57bf32e12159b178ee' 'nonce-88928796b6c5eb3f96ad0ebb51721174' 'nonce-b53a26d368b99118f9b6de221ba9e482' 'nonce-fdd3aceff503969ce04125d9ded88372' 'nonce-71659617527946cd465ff0f91ec420a1' 'nonce-639674172bdbefa3e187398443d2b294' 'self' https: 1
frame-ancestors https://*.buxfer.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/  https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
allow 'self'; frame-ancestors dev.togostanza.org 1
default-src 'self'; script-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; style-src * 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src *; 1
font-src 'self' static.flatfy.com *.gstatic.com; frame-src 'self' www.google.com/recaptcha/ *.hotjar.com *.hotjar.io; script-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.google.com/ads/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com fonts.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.google-analytics.com *.hotjar.com *.hotjar.io wss:; default-src 'self' static.flatfy.com *.gstatic.com *.hotjar.com *.hotjar.io 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-JgnKw/3XoQgiW0aL' static.cloud.coveo.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com www.pingvp.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com www.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu www.pingvp.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl defriesland.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' https://*.sendpulse.com https://*.datatables.net; font-src 'self' data: https://yeni.iskultur.com.tr https://*.sendpulse.com https://fonts.gstatic.com *.bootstrapcdn.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://*.wp.com; object-src 'none'; frame-ancestors 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.alexametrics.com https://connect.facebook.net https://*.unpkg.com https://cdn.visitorlab.com https://rec.smartlook.com/ https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.sendpulse.com https://*.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://*.iskultur.com.tr https://*.ampproject.org https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.google-analytics.com https://*.addthis.com https://*.facebook.com https://*.twitter.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.bootstrapcdn.com https://*.wp.com https://*.gravatar.com; style-src 'self' https://*.iskultur.com.tr https://*.sendpulse.com  https://secure.gravatar.com https://*.wp.com https://cdn.jsdelivr.net https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.google.com  https://*.iskultur.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.gravatar.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googleadservices.com https://*.iskultur.com.tr https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png https://*.alexametrics.com https://*.googletagmanager.com https://*.facebook.com https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.iskultur.com.tr https://*.sendpulse.com https://*.placeholder.com https://*.doubleclick.net https://secure.gravatar.com https://www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.wp.com https://pixel.wp.com; frame-src 'self'  'unsafe-inline' 'unsafe-eval' https://online.flippingbook.com/ https://www.facebook.com https://tpc.googlesyndication.com/ https://tpc.googlesyndication.com https://www.youtube.com https://bid.g.doubleclick.net/ https://www.youtube.com https://sanalpos.isbank.com.tr/ https://*.yandex.ru https://www.facebook.com https://*.yandex.com.tr https://*.yandex.com https://yandex.com.tr https://*.yandex.ru https://www.google-analytics.com  https://*.sendpulse.com  https://*.iskultur.com.tr https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://secure.gravatar.com https://*.wp.com; connect-src 'self' https://s*.doubleclick.net https://*.facebook.com https://ymetrica1.com https://*.googleapis.com https://www.google-analytics.com https://*.yandex.ru https://pushdata.sendpulse.com:4434/ https://manager.smartlook.com/ https://manager.eu.smartlook.com/ https://collect.visitorlab.com/142134579 https://cdn.ampproject.org 1
frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1
img-src ; media-src  data:; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com ccclib.bibliocms.com *.ccclib.bibliocms.com ccclib.org *.ccclib.org http://ccclib.org; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data: blob: 'unsafe-inline'; media-src * 'unsafe-inline'; frame-src * 'unsafe-inline' data: blob: 'unsafe-inline'; frame-ancestors boost3d.net; child-src * 'unsafe-inline' data: blob: 'unsafe-inline'; font-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.cloudfront.net max-access-toolbar.onlineada.workers.dev *.amazonaws.com *.maxaccess.io; script-src 'self' www.googletagmanager.com js.hsadspixel.net *.hs-banner.com *.crazyegg.com js.hs-analytics.net *.equalweb.com access.equalweb.com connect.facebook.net www.google.com *.gstatic.com maps.googleapis.com maps.googleapis.com/* *.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.maxaccess.io *.audioeye.com *.userway.org js.hsleadflows.net maxaccess-api.onlineada.workers.dev; style-src 'self' *.typekit.net *.fonts.net fonts.googleapis.com maps.googleapis.com *.userway.org *.maxaccess.io api.maxaccess.io/scripts/toolbar/*; img-src 'self' www.googletagmanager.com *.webdamdb.com www.google-analytics.com insight.adsrvr.org www.facebook.com data: maps.gstatic.com *.googleapis.com *.ggpht.com *.hubspot.com img.youtube.com blog.hobartcorp.com  *.hsforms.com *.cloudfront.net *.maxaccess.io maxaccess.io *.userway.org warewash.hobartcorp.com *.hubspotusercontent30.net; frame-src 'self' *.google.com *.hotjar.com *.youtube.com *.webdamdb.com *.hsforms.com *.facebook.com; font-src 'self' use.typekit.net fast.fonts.net fonts.gstatic.com; connect-src 'self' api.hubapi.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net *.equalweb.com *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com tracking.crazyegg.com *.amazonaws.com *.maxaccess.io *.userway.org *.cloudfront.net d3tl8vem8osmxf.cloudfront.net d5gilh1ztb0u5.cloudfront.net maxaccess-api.onlineada.workers.dev fetch-maxaccess-cache.onlineada.workers.dev forms.hubspot.com; report-uri /report-csp-violation 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src *; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://ssl.google-analytics.com https://seal-alaskaoregonwesternwashington.bbb.org https://az416426.vo.msecnd.net/scripts/a/ai.0.js  https://cdn.cookielaw.org 1
default-src 'self'; block-all-mixed-content; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net plink-production.s3-eu-central-1.amazonaws.com plink-development.s3-eu-central-1.amazonaws.com; frame-ancestors 'none'; img-src 'self' *.mollie.com mollie.dev stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.in www.google.co.ma www.google.co.th www.google.co.uk www.google.com www.google.com.hk www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.hu www.google.ie www.google.it www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk play-lh.googleusercontent.com www.google-analytics.com www.gstatic.com www.facebook.com; script-src 'self' www.google-analytics.com www.googleadservices.com ajax.googleapis.com connect.facebook.net 'nonce-nrEoSTYCLKHUGNJ/EV8eBA=='; style-src 'self' 'unsafe-inline'; report-uri https://o29109.ingest.sentry.io/api/5384345/security/?sentry_key=70667fd3313e41ae8a6af1ac55828e78&sentry_environment=prod 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-aiMpoqnKtEwPuHudDlbBl2gf' 'nonce-bmrmz4T3ITK595COissjiNiz' 'nonce-43BLmHl6UFQQrDUtVmk+zSeE' 'nonce-3Q7QdnwX9lPbopgqka/HYhNL' 'nonce-16LgHa7291UnceGJ6dSsS+PK' 'nonce-Xu9/FAyB5WFneexcLSK04KU3' 'nonce-msxAq023eFZybDmrVZzI90J5' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com; 1
default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sno-isle.bibliocms.com *.sno-isle.bibliocms.com https://www.sno-isle.org www.sno-isle.org *.www.sno-isle.org; 1
default-src 'self' 'unsafe-inline' 'report-sample'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cookiebot.com *.typekit.com *.google-analytics.com *.googletagmanager.com *.typekit.net *.googleapis.com *.google.com *.gstatic.com *.jquery.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'report-sample' hello.myfonts.net maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net *.googleapis.com *.googletagmanager.com; img-src 'self' 'unsafe-inline' 'report-sample' data: *.google-analytics.com *.googleapis.com *.gstatic.com *.typekit.net; media-src 'self' 'unsafe-inline' 'report-sample'; frame-src 'self' 'unsafe-inline' 'report-sample' consentcdn.cookiebot.com *.google.com *.vasco-group.eu vasco-group.eu *.youtube-nocookie.com *.youtube.com torren360.nl *.matterport.com vasco-group.eu; font-src 'self' 'unsafe-inline' 'report-sample' maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net *.gstatic.com; connect-src 'self' 'unsafe-inline' 'report-sample' *.cookiebot.com use.typekit.com *.google-analytics.com *.googletagmanager.com use.typekit.net p.typekit.net *.google.com *.doubleclick.net *.googleapis.com *.vasco.eu; report-uri / admin/config/system/seckit/csp-report 1
base-uri 'none'; default-src 'none'; child-src 'none'; connect-src 'self' https://*.ovh.net *.ovh.net https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://*.freshworks.com *.freshworks.com https://s.tradingview.com s.tradingview.com https://*.moralis.io *.moralis.io https://*.usemoralis.com *.usemoralis.com https://*.usemoralis.com:2053 *.usemoralis.com:2053 https://*.unpkg.com *.unpkg.com https://*.cloudflare.com *.cloudflare.com https://*.bitc-dev.com *.bitc-dev.com https://*.twilio.com *.twilio.com https://*.idcheck.io *.idcheck.io https://*.ariadnext.com *.ariadnext.com https://*.coinatmradar.com *.coinatmradar.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://www.google.com www.google.com https://*.gstatic.com *.gstatic.com https://*.idcheck.io *.idcheck.io https://*.ariadnext.com *.ariadnext.com https://*.freshworks.com *.freshworks.com; frame-ancestors https://www.google.com www.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.idcheck.io *.idcheck.io https://*.ariadnext.com *.ariadnext.com https://*.freshworks.com *.freshworks.com; frame-src https://www.google.com www.google.com https://*.gstatic.com *.gstatic.com https://s.tradingview.com s.tradingview.com https://maps.googleapis.com maps.googleapis.com https://*.googleapis.com *.googleapis.com https://*.idcheck.io *.idcheck.io https://*.ariadnext.com *.ariadnext.com https://*.freshworks.com *.freshworks.com; img-src 'self' https://*.tibc.ch *.tibc.ch https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://*.ggpht.com *.ggpht.com https://*.freshworks.com *.freshworks.com https://*.idcheck.io *.idcheck.io https://*.ariadnext.com *.ariadnext.com blob: data:; media-src 'self'; object-src 'none'; script-src 'self' https://gstatic.com gstatic.com https://google-analytics.com google-analytics.com https://maps.googleapis.com maps.googleapis.com https://*.idcheck.io *.idcheck.io https://*.ariadnext.com *.ariadnext.com https://*.freshworks.com *.freshworks.com https://s3.tradingview.com s3.tradingview.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://*.moralis.io *.moralis.io https://*.usemoralis.com *.usemoralis.com https://*.cloudflare.com *.cloudflare.com 'nonce-H0mFMu2T8RTDNS7v7ZgJe3mV'; style-src 'self' https://google-analytics.com google-analytics.com https://gstatic.com gstatic.com https://maps.googleapis.com maps.googleapis.com https://*.idcheck.io *.idcheck.io https://*.ariadnext.com *.ariadnext.com https://*.freshworks.com *.freshworks.com https://s3.tradingview.com s3.tradingview.com https://fonts.googleapis.com fonts.googleapis.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://*.cloudflare.com *.cloudflare.com 'unsafe-inline'; worker-src https://*.bitc-dev.com *.bitc-dev.com https://*.twilio.com *.twilio.com https://*.idcheck.io *.idcheck.io; upgrade-insecure-requests 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src fintactix.com code.highcharts.com; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.stripe.com/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.valued.app; font-src 'self' https://js.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/recaptcha/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.gstatic.com/recaptcha/ https://libs.valued.app 'unsafe-inline' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-jbA8VreA42SNzS8N9VHJ5N6pZWjqC2B/c/cBk+1diXE=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' https://api.recurly.com 'unsafe-inline'; report-uri /nelmio/csp/report 1
default-src 'self' ; frame-src  'self' https://api.mtbank.by https://mpi.mtbank.by https://mpi.mtbank.by:80  https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com  https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io   https://app.blinger.io https://static.mybank.by data: blob:  https://www.google-analytics.com  https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self'  https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1
script-src 'self'; object-src 'self' 1
frame-ancestors https://*.mediamarkt.se 'self'; 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de; script-src 'strict-dynamic' 'nonce-1ed56b457e6668f8fbf7447d19872bb7' 'nonce-fefb9f0ee26696f0f53128466c6039e3' 'nonce-84edfcacea298dcdea995bc47a759692' 'nonce-0afc9aeac82201d9e0bfbf304dc33704' 'nonce-d3e1f0e22cafa81572f08743062a3b55' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-1ed56b457e6668f8fbf7447d19872bb7' 'nonce-fefb9f0ee26696f0f53128466c6039e3' 'nonce-84edfcacea298dcdea995bc47a759692' 'nonce-0afc9aeac82201d9e0bfbf304dc33704' 'nonce-d3e1f0e22cafa81572f08743062a3b55' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'nonce-fd40e9a36d0e4edf9037b9f04c4f2e2d' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ cdn.knightlab.com *.blogspot.com secure.givelively.org http://intellidataserver1.intellidata.tech/; 1
default-src 'self' data: *.deluxebrand.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.deluxebrand.com https://in.hotjar.com https://api.sandbox.braintreegateway.com/ https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://js.braintreegateway.com https://unpkg.com https://cdn.ckeditor.com https://script.hotjar.com https://demos.telerik.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com https://cdn.quantummetric.com https://kendo.cdn.telerik.com http://cdnjs.cloudflare.com http://ajax.googleapis.com https://ajax.aspnetcdn.com http://ajax.aspnetcdn.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://ajax.googleapis.com  https://use.fontawesome.com  https://code.jquery.com https://core.spreedly.com https://cdnjs.cloudflare.com https://dmg-widget.s3-us-west-2.amazonaws.com https://www.googletagmanager.com https://cdn.impossible.io https://maps.googleapis.com https://dbc-gallery-images-qa.s3.us-west-2.amazonaws.com https://static.hotjar.com https://scripts.hotjar.com https://dbc-gallery-images-rc.s3.us-west-2.amazonaws.com https://dbc-gallery-images.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com https://homeval-dash-dev.s3.eu-west-2.amazonaws.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' https://cdn.deluxebrand.com https://cdn.ckeditor.com https://assets.braintreegateway.com https://dmg-widget.s3-us-west-2.amazonaws.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com https://use.fontawesome.com https://kendo.cdn.telerik.com  https://core.spreedly.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://dbc-gallery-images-qa.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://homeval-dash-dev.s3.eu-west-2.amazonaws.com; img-src data: *; media-src *; frame-src *; font-src *; connect-src 'self' data: *.deluxebrand.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://7n7l08yp06.execute-api.us-west-2.amazonaws.com https://cdn.ckeditor.com https://script.hotjar.com https://dbc-gallery-images-qa.s3.us-west-2.amazonaws.com https://in.hotjar.com https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com wss://ws6.hotjar.com/api/v2/client/ws https://dbc-gallery-images-rc.s3.us-west-2.amazonaws.com https://dbc-gallery-images.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com https://stats.g.doubleclick.net https://ws22.hotjar.com https://vc.hotjar.io https://homeval-dash-dev.s3.eu-west-2.amazonaws.com https://maps.googleapis.com 1
frame-ancestors 'self' google.com 1
frame-ancestors Content-Security-Policy: frame-ancestors 'self' https://stock.mebere.com;; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com; block-all-mixed-content; img-src 'self' data: *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com; style-src 'self' 'unsafe-inline' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com 1
default-src https: data: *.mouseflow.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' *.mouseflow.com; object-src https:; style-src https: 'unsafe-inline'; img-src https: data: *.mouseflow.com; media-src https:; font-src https: data: *.mouseflow.com; connect-src https: wss:; frame-ancestors 'self' partner.approvalmax.com partnersportal.approvalmax.com; 1
frame-ancestors 'self' https://psr-www.bayard-jeunesse.com https://www.bayard-jeunesse.com; 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src: none;   1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' https://cdn.plyr.io *.crazyegg.com https://www.google-analytics.com; child-src 'self' https://open.spotify.com/ https://player.pippa.io https://player.acast.com https://embed.acast.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com https://consentcdn.cookiebot.com/; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://open.spotify.com; 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src 'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at player.vimeo.com; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.neti *.a1.group live.virtual-events.at *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1
img-src 'self' ws.gosign.lt ssl.google-analytics.com; media-src 'none'; reflected-xss block; 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://smart-ip.net; connect-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://assets.adobedtm.com http://assets.adobedtm.com https://api.tiles.mapbox.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://www.youtube.com;worker-src blob:;frame-src 'self' https://www.youtube-nocookie.com https://kpnnl.maps.arcgis.com https://vars.hotjar.com;frame-ancestors 'self'; 1
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info new.polantis.com www.google.com www.google.fr www.gstatic.com https://rawgithub.com/phpepe/highcharts-regression/master/highcharts-regression.js https://rawgit.com/phpepe/highcharts-regression/master/highcharts-regression.js www.googletagmanager.com cdn.jsdelivr.net cdn.mouseflow.com; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com www.google.fr randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com bimobject.com https://classic.bimobject.com https://admincontent.bimobject.com https://accounts.bimobject.com https://accounts-dev.ad.bimobject.com https://accounts-staging.ad.bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.google.fr www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info new.polantis.com maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr analytics.google.com stats.g.doubleclick.net cdn.jsdelivr.net; report-uri /nelmio/csp/report 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' data: ; img-src 'self' 'unsafe-inline' data: https://app.usercentrics.eu https://daimlerag.d2.sc.omtrdc.net; connect-src 'self' https://graphql.usercentrics.eu 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
default-src self; script-src * 'unsafe-inline'; object-src *; style-src * 'self' 'unsafe-inline'; img-src *; media-src *; frame-src *; frame-ancestors self; child-src *; font-src *; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ui/1.13.1/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.touchswipe/1.6.4/jquery.touchSwipe.min.js https://www.tripadvisor.com/wejs https://www.googletagmanager.com/gtm.js https://cdns.eu1.gigya.com https://www.jscache.com https://snap.licdn.com https://cdn.hypemarks.com https://service.force.com https://www.tripadvisor.com https://c.evidon.com https://js-agent.newrelic.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://www.google-analytics.com https://maps.googleapis.com https://brand-ecommerce-assets.fusepump.com https://static.tacdn.com https://d.la1-c1-par.salesforceliveagent.com https://d.la2-c1-cdg.salesforceliveagent.com https://cdnjs.cloudflare.com https://bam.nr-data.net/ https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://static.tacdn.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.0/css/font-awesome.min.css https://service.force.com https://cdnjs.cloudflare.com; img-src 'self' https://px.ads.linkedin.com https://images.aws.nestle.recipes https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com data: https://static.tacdn.com; frame-src 'self' https://www.google.com/ https://cdns.eu1.gigya.com https://service.force.com https://brand-ecommerce-assets.fusepump.com https://cdn.hypemarks.com https://bid.g.doubleclick.net https://9796171.fls.doubleclick.net/ https://www.googletagmanager.com/ https://www.facebook.com/; frame-ancestors 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; connect-src 'self' https://cdns.eu1.gigya.com https://l.evidon.com https://www.google-analytics.com https://service.force.com https://maps.googleapis.com https://stats.g.doubleclick.net https://brand-ecommerce-api.fusepump.com https://api.tintup.com https://cognito-identity.us-east-1.amazonaws.com https://kinesis.us-east-1.amazonaws.com https://bam.nr-data.net; report-uri /report-csp-violation 1
script-src 'nonce-19869e2339a940ec925f56d5e09db12b' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self'; frame-src 'self' *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net; img-src * data:; object-src 'self' blob:; connect-src 'self' https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net; media-src 'self' https://api.reciteme.com 1
default-src 'self' themes.googleusercontent.com www.google-analytics.com stats.g.doubleclick.net data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://stats.nutime.de https://www.google.com/; prefetch-src 'self' https://5f3c395.ccm19.de; script-src 'self' 'unsafe-inline' https://5f3c395.ccm19.de https://stats.nutime.de https://www.google.com/ https://www.gstatic.com/; connect-src 'self' https://5f3c395.ccm19.de https://stats.nutime.de; img-src 'self' data: https://5f3c395.ccm19.de; style-src 'self' https://5f3c395.ccm19.de; frame-ancestors 'self' 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1
upgrade-insecure-requests; default-src 'self'; base-uri 'none'; connect-src 'self' consentcdn.cookiebot.com *.web-vision.de; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https: www.youtube-nocookie.com/*; img-src 'self' https: data: 'unsafe-inline' *.google.com www.google-analytics.com maps.googleapis.com *.cloudfront.net; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.google.com  www.google-analytics.com maps.googleapis.com stat.web-vision.de stats.web-vision.de; style-src 'self' https: 'unsafe-inline'; worker-src 'self'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com halifax.bibliocms.com *.halifax.bibliocms.com https://www.halifaxpubliclibraries.ca www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://sentry.vixns.net/api/208/store/ https://sentry.vixns.net/api/208/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
object-src 'self'; 1
allow 'self'; options inline-script eval-script; frame-ancestors 'self' 1
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-99d45bb656a5656d5f62c65843fdf5e1' 'nonce-459168f951938a4ef9b1b8dcf3481955' 'nonce-1382c5579b6e173122cc8692651aa8de' 'nonce-022140219a31d019ffd0ced05b2fc23c' 'nonce-91d87691c0c34eb2843ac54c147bd4c6' 'nonce-e538d9083b6341e42ad61200d8c16336' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-99d45bb656a5656d5f62c65843fdf5e1' 'nonce-459168f951938a4ef9b1b8dcf3481955' 'nonce-1382c5579b6e173122cc8692651aa8de' 'nonce-022140219a31d019ffd0ced05b2fc23c' 'nonce-91d87691c0c34eb2843ac54c147bd4c6' 'nonce-e538d9083b6341e42ad61200d8c16336' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'none'; base-uri 'self'; connect-src 'self' https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1
img-src blob: * android-webview-video-poster: data:; font-src * data:; child-src tel: blob: *; default-src beta.idisign.ch *.cashgate.ch 'unsafe-eval' *.gstatic.com www.newhome.ch www.wuestpartner.com 'self' data: *.googleapis.com start.unblu.com wss://*.unblu.com dis.swisscom.ch *.sgkb.ch *.unblu.com 'unsafe-inline' recruitingapp-1154.umantis.com test.idisign.ch 1
frame-ancestors 'self' enam.gov.in: max-age=31536000 1
default-src 'self'; img-src 'self' ; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline'; 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
img-src *; media-src * data: 1
frame-ancestors 'self' https://admin.yallastore.co.il https://admin.webzie.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/ https://s7.addthis.com/js/300/addthis_widget.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://assets.pinterest.com/js/pinit.js https://v1.addthisedge.com/ https://assets.pinterest.com/ https://m.addthis.com/ https://www.googletagmanager.com/gtm.js https://apps.bazaarvoice.com/ https://www.google-analytics.com/ https://static.hotjar.com/ https://s.pinimg.com/ct/core.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/ https://s.pinimg.com/ https://script.hotjar.com/ https://log.pinterest.com/ https://www.facebook.com/ https://ct.pinterest.com/ https://connect.facebook.net/ https://www.google.com/ https://www.gstatic.com/ https://*.bazaarvoice.com/ https://mpsnare.iesnare.com/ https://www.googleadservices.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://*.pinterest.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.darigold.com/ https://*.bazaarvoice.com/ https://googleads.g.doubleclick.net/ https://www.google.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://destinilocators.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://destinilocators.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/; form-action 'self' data: blob: https://www.facebook.com/tr/ https://*.bazaarvoice.com/ https://darigold.us6.list-manage.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src 'self'; font-src 'self' * data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://mtgify.org; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://mtgify.org; connect-src 'self' https://mtgify.org https://www.googletagmanager.com https://www.google-analytics.com 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com smcl.bibliocms.com *.smcl.bibliocms.com https://smcl.org smcl.org *.smcl.org; 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.google.de *.google.com *.gstatic.com *.googletagmanager.com *.cookiebot.com *.etracker.com  *.etracker.de connect.facebook.net; img-src 'self' data: *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.google.de *.google.com *.gstatic.com *.facebook.com; frame-src 'self' *.youtube.com *.cookiebot.com *.commerce-connector.com *.google.com app.cloud4pets.com 1
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org; 1
default-src 'self' www.youtube-nocookie.com youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' www.vrk.nl static.mailplus.nl ssl.siteimprove.com cdn.siteimprove.net 'unsafe-eval' code.jquery.com svc.webspellchecker.net siteimproveanalytics.com youtu.be www.youtube-nocookie.com youtu.be connect.facebook.net m19.mailplus.nl data1.saliche.com translate.google.com s3-us-west-2.amazonaws.com wowww.nl siteimproveanalytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net static.mailplus.nl svc.webspellchecker.net translate.googleapis.com; img-src * data:; frame-src 'self' geoweb.haarlemmermeer.nl www.youtube-nocookie.com youtu.be www.youtube.com; child-src 'self' geoweb.haarlemmermeer.nl www.youtube-nocookie.com youtu.be www.youtube.com; font-src 'self' fonts.gstatic.com svc.webspellchecker.net static3.avast.com cdn.faceworks.nl data:; connect-src 'self' my2.siteimprove.com svc.webspellchecker.net id.siteimprove.com static.mailplus.nl; report-uri /report-csp-violation 1
frame-ancestors 'self' https://shopproxy.p-s-s.de ; style-src 'self' localhost:* https://fonts.googleapis.com  https://test.vr-pay-ecommerce.de  http://oxomi.com 'unsafe-inline' 1
default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com slpl.bibliocms.com *.slpl.bibliocms.com https://www.slpl.org www.slpl.org *.www.slpl.org; 1
frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1
default-src 'self'; img-src https://static.launchkey.com 'self' https://ssl.google-analytics.com https://*.tile.openstreetmap.org data:; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com 'self' 'sha256-D8Sj8qhd4FvnVwN5w9riiArwsqYOEwHolv228Ic6Vqk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' https://static.launchkey.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://static.launchkey.com; script-src 'self' https://ssl.google-analytics.com https://static.launchkey.com https://cdnjs.cloudflare.com https://code.jquery.com 'sha256-3YZIRoqQDMJ3Y+5ITbTPuSDxMPQwXepKaa6CjuoJXRk='; object-src 'none' 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com aclibrary.bibliocms.com *.aclibrary.bibliocms.com https://aclibrary.org aclibrary.org *.aclibrary.org; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com 'self' 'unsafe-eval' 'nonce-94c9a4d3a0fc41c7af9ef2f0069f6fcb'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://bimtrack.co/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://help.bimtrack.co data:;  1
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-8IFKZDhhpiTISN+5Zjckj2GGkOsGkKUUowOE0neCY7c=' 1
default-src 'self' *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud; frame-src 'self' *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com nbrlyprod.streaming.mediaservices.windows.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net nbrlyprod.streaming.mediaservices.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' *.neighbourly.com 'unsafe-eval' *.googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=yTPDecexIz4gX5udAk8ba/1f0uk7og3BmKYMQWm6SWjz8xnZY/rAoA== 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1
frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1
default-src 'self' 'unsafe-inline' muffingroup.com proxycheck.io *.cloudflare.com *.fairycosmo.com *.fairyintra.net *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.creativecommons.org licensebuttons.net *.google.com *.gstatic.com *.w.org *.mediadelivery.net *.jsdelivr.net *.b-cdn.net data: *.fairycosmo.com *.mediadelivery.net *.b-cdn.net; worker-src 'self' fairycosmo.com; 1
frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://vimeo.com https://www.google-analytics.com https://*.doubleclick.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.google.com https://my.matterport.com https://snazzymaps.com/; img-src 'self' data: https://placeholder.inventis.be https://*.ytimg.com https://www.google-analytics.com; manifest-src 'self'; script-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.ytimg.com 'nonce-BZ7OsaS4ABdr25Y4RTHkhA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self'; frame-src 'self' centredeservices.alturing.eu www.youtube.com www.youtube-nocookie.com *.chronopost.fr *.weborama.fr www.googletagmanager.com mmtro.com www.zenaps.com *.doubleclick.net www.awin.com marketingplatform.google.com *.cookiebot.com 1
frame-ancestors https://*.cpcworldwide.com 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src 'self' data: *; 1
default-src 'self' *.soundcloud.com *.sndcdn.com *.tepapa.govt.nz; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com https://www.youtube.com https://s.ytimg.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com  tagmanager.google.com  https://www.riddle.com/files/css/; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com *.openstreetmap.org script.hotjar.com https://www.googletagmanager.com https://i.ytimg.com; frame-src 'self' *.issuu.com *.openstreetmap.org *.rezdy.com *.cloudfront.net *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io *.media567.com; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com script.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com vc.hotjar.io graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com stats.g.doubleclick.net https://www.catalyst-analytics.nz/piwik.php wss://ws*.hotjar.com; report-uri /report-csp-violation 1
base-uri 'self'; form-action 'self' *.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com *.mucf.se *.c4223.cloudnet.cloud; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net *.ytimg.com; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.ungidag.se *.mediaflowpro.com blob: stats.mucf.se stats.c4223.cloudnet.cloud ungidag.se; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob:; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https://piwik.bzga.de/piwik.js 'self' 'unsafe-inline'; img-src https://piwik.bzga.de/ https://i.ytimg.com/ 'self' data:; connect-src https://piwik.bzga.de/ 'self'; font-src 'self' data:; frame-src https://www.drugcom.de/ https://www.youtube-nocookie.com/ 1
script-src 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
allow 'self'; frame-ancestors 'none' 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kentonlibrary.bibliocms.com *.kentonlibrary.bibliocms.com https://www.kentonlibrary.org www.kentonlibrary.org *.www.kentonlibrary.org; 1
font-src 'self' fonts.gstatic.com https://*.intercomcdn.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com data:; img-src * data:; script-src 'self' 'unsafe-inline' www.googleadservices.com www.googletagmanager.com www.google-analytics.com marketing.talmix.com marketing.mbaco.com https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ connect.facebook.net https://s.adroll.com https://d.adroll.com https://*.intercom.io https://*.intercomcdn.com https://pi.pardot.com https://fullstory.com https://*.fullstory.com https://d2yyd1h5u9mauk.cloudfront.net https://scout-cdn.salesloft.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com https://1922ad1ca24372498797-3b677d6bb99015de4b7df47cce09c3b8.ssl.cf3.rackcdn.com; style-src 'self' tagmanager.google.com fonts.googleapis.com 'unsafe-inline' https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sejda.com *.polyfill.io *.sites-appleby.vuturevx.com https://sites-appleby.vuturevx.com *.doubleclick.net *.googleadservices.com *.licdn.com *.userway.org *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.googleapis.com *.fonts.net *.algolianet.com data: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.fonts.net *.userway.org ; font-src 'self' *.fonts.net *.gstatic.com *.userway.org data: ; img-src 'self' *.adsymptotic.com *.linkedin.com *.google.je *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.gravatar.com *.doubleclick.net *.userway.org data: ; connect-src 'self' *.sejda.com *.doubleclick.net *.google-analytics.com *.algolia.net *.algolianet.com *.userway.org data: ; frame-src 'self' *.google.com *.vimeo.com *.youtube.com *.buzzsprout.com *.vuturevx.com *.brightcove.net *.userway.org data: ; media-src *.userway.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self' https://dev.shop.bzga.de https://shop.bzga.de; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://dev.shop.bzga.de https://shop.bzga.de data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self'; 1
default-src 'self' *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net comptoir.candidats.talents-in.com r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com z.moatads.com; connect-src 'self' *.addthis.com *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net comptoir.candidats.talents-in.com consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gtm.js wss://*.bing.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr *.bing.com fonts.googleapis.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.addthis.com *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com; object-src 'none' 1
base-uri 'none';child-src 'none';connect-src 'self' https://www.google-analytics.com;default-src 'self';font-src 'self' data: netdna.bootstrapcdn.com;form-action 'self' https://www.facebook.com;frame-ancestors 'none';frame-src https://onstipe.com https://www.google.com https://www.facebook.com https://www.youtube.com *.doubleclick.net *.linkedin.com;img-src *;manifest-src 'self';media-src *;object-src 'none';prefetch-src 'self';script-src 'self' https://onstipe.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.gstatic.com https://snap.licdn.com https://connect.facebook.net *.doubleclick.net *.linkedin.com 'sha256-Z2a7IAZ99cgMRfzs/bKrt3vbDLJbR8yJnCe5b1i0IMo=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-Kk8x4JQkjdrosVmDVx/61+NwZE3hPJ/co8AKVzJj9tE=';style-src 'self' 'unsafe-inline';worker-src 'self'; 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com customlocation.here.com; img-src 'self' *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.com platform.twitter.com 1
form-action *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.iwis-daido.com *.kindergarten-kinderkette.de; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com salesviewer.org userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.expo-ip.com *.iwis-daido.com *.iwis-coating.com *.iwis-coating.com.cw06.virtualhosts.de *.kindergarten-kinderkette.de https://*.crisp.chat wss://*.crisp.chat https://unpkg.com data: 1
default-src 'self' unsafe-inline wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* ;style-src * 'unsafe-inline'  https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:*; 1
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://*.mul-pay.jp https://s.yimg.jp https://fonts.gstatic.com https://*.impact-ad.jp https://*.im-apps.net https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.google.co.jp https://static.line-scdn.net https://*.line.me; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://*.impact-ad.jp https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://b91.yahoo.co.jp; 1
style-src 'self' 'unsafe-inline'; script-src 'self' 1
default-src 'none';connect-src 'self';font-src 'self';frame-src https://www.google.com/recaptcha/;img-src 'self' https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://*.g.doubleclick.net;object-src 'self';script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/;style-src 'self' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://*.paypal.com/; frame-src 'self' data: https://*.paypal.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self';font-src 'self'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sppl.bibliocms.com *.sppl.bibliocms.com https://sppl.org sppl.org *.sppl.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://ajax.googleapis.com/ https://kit.fontawesome.com/ https://jsd-widget.atlassian.com/ https://cdnjs.cloudflare.com/; img-src 'self' data: https://www.paypalobjects.com/ http://2.gravatar.com/ https://secure.gravatar.com/ https://s.w.org/images/core/emoji/14.0.0 https://files.calltek.dev; object-src 'self' data: https://*.paypal.com/; frame-src 'self' data: https://*.paypal.com/; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com arapahoe.bibliocms.com *.arapahoe.bibliocms.com https://arapahoelibraries.org arapahoelibraries.org *.arapahoelibraries.org; 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com *.google-analytics.com vimeo.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com https://translate.google.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://*.google-analytics.com https://trendygolfusa.imgix.net https://production-trendygolfusa-1591363996.s3.amazonaws.com https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead https://www.google.com/pagead https://www.facebook.com https://stats.g.doubleclick.net https://t.paypal.com https://googleads.g.doubleclick.net https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.gstatic.com https://translate.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://*.google-analytics.com https://apis.google.com https://*.twitter.com https://*.twimg.com https://*.instagram.com/en_US/embeds.js https://www.dwin1.com https://www.googleadservices.com https://connect.facebook.net https://ads.avocet.io https://googleads.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.awin1.com https://www.google.com/pagead/ https://beacon-v2.helpscout.net; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.googletagmanager.com https://www.google.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://www.paypalobjects.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://*.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://*.algolianet.com https://*.cloudfront.net https://*.google-analytics.com https://*.helpscout.net https://*.hotjar.com https://*.hotjar.io https://*.ingest.sentry.io https://*.instagram.com https://*.sciencebehindecommerce.com https://adservice.google.com https://apikeys.civiccomputing.com https://graph.facebook.com https://r1-t.trackedlink.net https://r1.trackedweb.net https://static.trackedweb.net https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google.com https://www.paypal.com wss://*.hotjar.com; font-src data: 'self' https://trendygolfusa.com; media-src 'self'; form-action 'self' https://*.twitter.com https://*.twitter.com https://www.facebook.com/tr/; object-src 'self'; block-all-mixed-content; report-uri https://5ce9a457525b0c6b344093f4321341fa.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.hypovbg.at https://analytics.arz.at https://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://e.issuu.com https://google.com https://googleads.g.doubleclick.net/pagead/ https://maps.google.com https://maps.googleapis.com https://pp.hypovbg.at/containers/ https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com/pagead/ https://www.googletagmanager.com;object-src 'self' https://*.youtube.com;style-src 'self' 'unsafe-inline' https://*.hypovbg.at https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://google.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com;img-src 'self' data: https://*.gstatic.com https://*.hypovbg.at https://analytics.arz.at https://consent.cookiebot.com https://www.google.at/ads/ https://www.google.at/pagead/ https://google.com https://googleads.g.doubleclick.net/pagead/ https://kurse.banking.co.at https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://youtube-nocookie.com https://youtube.com;media-src 'self' https://*.hypovbg-cdn.at;frame-src 'self' https://*.hypovbg.at https://consentcdn.cookiebot.com https://e.issuu.com https://econ019-vorproduktion.arz.at https://komoot.de https://kurse.banking.co.at https://www.econ019-vorproduktion.arz.at https://www.komoot.de https://www.youtube-nocookie.com https://www.youtube.com https://youtube-nocookie.com https://youtube.com;font-src 'self' https://*.hypovbg.at https://fonts.googleapis.com https://fonts.gstatic.com/;connect-src 'self' https://consentcdn.cookiebot.com https://data.hypovbg.at https://googleads.g.doubleclick.net/pagead/ https://maps.googleapis.com/maps/api/mapsjs/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.google.com/pagead/;upgrade-insecure-requests;frame-ancestors 'self'; 1
frame-ancestors saint-gobain.wmh-demos.com 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com;  1
default-src 'self' http: https: ; media-src 'self' www.youtube.com youtube.com ; font-src 'self' netdna.bootstrapcdn.com *.github.io ; object-src data: www.youtube.com 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.github.io bachmannazprd.kittelberger.net oxomi.com ; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto:; frame-ancestors 'self' https: 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de; script-src 'strict-dynamic' 'nonce-86de0494217ed346d6d4182221146020' 'nonce-e5e392eadc1d6f5750746f853eab0d6a' 'nonce-f99462e6e9a33e730c375bcada7ee1bf' 'nonce-dc7fb8411fa13bed6d8afaf8992a1faa' 'nonce-fd86bbb307bb3ec458b32ddd6387da3f' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-86de0494217ed346d6d4182221146020' 'nonce-e5e392eadc1d6f5750746f853eab0d6a' 'nonce-f99462e6e9a33e730c375bcada7ee1bf' 'nonce-dc7fb8411fa13bed6d8afaf8992a1faa' 'nonce-fd86bbb307bb3ec458b32ddd6387da3f' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline' unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net https://*.adobe.com https://*.adobe.io; img-src 'self' app.workfrontfusion.com/static data: https://ipm.workfrontfusion.com secure.gravatar.com https://*.adobe.com https://*.adobe.io; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com rum-http-intake.logs.datadoghq.com *.split.io https://*.adobe.com https://*.adobe.io; frame-src 'self' app.workfrontfusion.com/static https://*.adobe.com; script-src 'self' use.typekit.net unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io; object-src 'self' app.workfrontfusion.com/static; frame-ancestors 'self' https://*.adobe.com; 1
frame-ancestors https://*.estratraining.it 1
default-src 'self'; script-src 'unsafe-inline' * 'unsafe-eval'; style-src 'unsafe-inline' * 'unsafe-eval'; img-src *; media-src *; frame-src *; frame-ancestors *.archcare.org; font-src *; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' wss://directline.botframework.com https://directline.botframework.com directline.botframework.com https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://*.algolia.net *.algolia.net https://*.algolianet.com *.algolianet.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' https://*.faqbot.nz *.faqbot.nz data:; form-action 'self' https://dnc.us5.list-manage.com dnc.us5.list-manage.com; frame-ancestors 'self'; frame-src 'self' wss://directline.botframework.com https://youtube.com youtube.com https://youtu.be youtu.be https://*.sharethis.mgr.consensu.org *.sharethis.mgr.consensu.org https://www.google.com www.google.com https://public.tableau.com public.tableau.com https://player.vimeo.com player.vimeo.com; img-src 'self' https://www.google.com https://www.google.co.nz https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://maps.gstatic.com https://*.googleapis.com https://*.s3.ap-southeast-2.amazonaws.com https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://www.facebook.com www.facebook.com data:; media-src https://youtube.com youtube.com https://www.youtube.com www.youtube.com https://vimeo.com vimeo.com https://youtu.be youtu.be https://i.vimeocdn.com i.vimeocdn.com; object-src 'self'; script-src 'self' https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://sharethis.com sharethis.com https://*.sharethis.com *.sharethis.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://gstatic.com gstatic.com https://public.tableau.com public.tableau.com https://code.jquery.com code.jquery.com https://www.google-analytics.com www.google-analytics.com https://*.sharethis.js *.sharethis.js https://connect.facebook.net connect.facebook.net 'nonce-MzU2Y2IzYzk4YjQyNTYwYjZkMTk1OWFlZmU0ZjYzMDYzYmE4MjJlMWJjYTBjNzI2MWNlOTI3ZjVlZjNmMzc5Y2ZhYmExN2E2YmRkMWExNmIwMmQxNGY4MDQ0YWU3NDhmMWVhZjY4ZmJlNzJlNGQ3NGRmZWEzZGUxMTRhNzU5YWI=' 'unsafe-eval'; style-src 'self' https://unsafe-inline unsafe-inline https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.google-analytics.com ssl.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; img-src * 'self' data: https: 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net chatbot.it.bund.de www9.idev.nrw.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ chatbot.it.bund.de www9.idev.nrw.de *.arcgis.com data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; frame-ancestors 'self'; 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'nonce-PCSaowe0u1iE9USNstl7VaC+5nus4NVOrrumchVf8pM=' 'strict-dynamic'; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' www.google.de www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.doubleclick.net; media-src 'self'; frame-src 'self' www.google.com *.gstatic.com www.googletagmanager.com *.doubleclick.net consent-cdn.swmh.de; font-src 'self' *.gstatic.com www.google.com *.googleapis.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
default-src 'unsafe-inline' 'self' data: *.eru.cz *.googleapis.com fonts.gstatic.com cdn.jsdelivr.net *.youtube.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz datawrapper.dwcdn.net; report-uri /report-csp-violation 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com chandler.bibliocms.com *.chandler.bibliocms.com https://chandlerlibrary.org chandlerlibrary.org *.chandlerlibrary.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.reachmee.com/; img-src 'self' data: ; object-src 'self' data: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; frame-src 'self' data: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; 1
object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com *.commerce-connector.de *.gstatic.com *.googleapis.com  *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com; connect-src 'self' *.commerce-connector.com *.commerce-connector.de *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1
base-uri 'self'; default-src https: 'self'; script-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://snap.licdn.com http://js.hs-scripts.com http://js.hs-analytics.net/ https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com http://*.hsforms.com http://js.hsforms.net/forms/v2.js http://js.hs-scripts.com/9480127.js https://*.hscta.net http://cta-service-cms2.hubspot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.yolt.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://*.google.com https://*.google.co.za https://*.adsymptotic.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://forms.hsforms.com; connect-src 'self' data: *.salesforce.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google.com https://js.hs-banner.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://forms.hsforms.com https://api.hubapi.com; font-src 'self' data:; object-src 'none'; frame-src 'self' data: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.hsforms.com https://*.hubspot.com; form-action 'self' data: https://forms.hsforms.com; frame-ancestors 'self' data: https://www.googletagmanager.com https://www.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self' *.google-analytics.com data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net fonts.googleapis.com p.typekit.net s3.amazonaws.com i.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com i.icomoon.io; img-src 'self' data: *.ytimg.com; upgrade-insecure-requests 1
frame-ancestors 'self' piwik.betaalvereniging.nl; 1
default-src 'self'; manifest-src 'self'; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'; frame-src *; connect-src *; object-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'nonce-Vs6HTQISliwArpfvA_1S7qkL' 'sha256-CfgaXEY7Vws4nOCxGKKb9Ik1PQrn1H7v7puee3A+DgI=' *.realsrv.com; 1
default-src https: https://*.gstatic.com https://tagmanager.google.com https://*.hotjar.com; frame-src https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://*.gstatic.com https://cdn.curator.io/; font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://www.gstatic.com https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js https://player.vimeo.com; connect-src 'self' https://api.compassion.com.au https://api.quickstream.westpac.com.au https://compassionau.force.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.doubleclick.net/ https://api.curator.io/ https://vimeo.com; img-src 'self' data: http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://*.gstatic.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
connect-src 'self' https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1
default-src 'self'; child-src 'self' *.a-ads.com www.youtube.com w.soundcloud.com player.vimeo.com www.google.com coub.com *.yandex.ru t.me vk.com *.vk.com ok.com rutube.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.sharpay.io www.google-analytics.com telegram.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com; connect-src 'self' api.imgur.com wss://api.golos.id *.golos.app golos.app *.golos.today app.sharpay.io www.google-analytics.com cdn.jsdelivr.net/npm/emoji-picker-element-data@%5E1/; frame-ancestors 'none'; report-uri /api/v1/csp_violation 1
default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1
script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1
base-uri 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.cdkeybay.com *.vanilla.digital *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.youtube.com *.cloudflare.com *.doubleclick.net *.ytimg.com; 1
frame-ancestors www.bps.ac.uk 1
default-src 'self'; block-all-mixed-content; child-src 'self' consentcdn.cookiebot.com; connect-src 'self' www.google-analytics.com consentcdn.cookiebot.com; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: www.google-analytics.com; script-src 'self' www.googletagmanager.com www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com 'sha256-tNH9wJLR96bmqHwJv4uUsyHqpX2+rmuj63z/CpjdU68='; style-src 'self' fonts.googleapis.com 'unsafe-inline' 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
script-src 'self'  'unsafe-eval' 1
default-src 'self' 'unsafe-inline' data: 'unsafe-hashes' sha256-8mtE2lezrJT4S67cW4pWVhz/pwoK7b8USlyAQAIxkMk= sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ= *.manodaktaras.lt *.manodaktaras.local *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.lt *.ampproject.org *.googleapis.com omnisnippet1.com *.gemius.pl *.soundestlink.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.quickblox.com wss://chat.quickblox.com:5291 *.facebook.net *.facebook.com *.google-analytics.com *.jsdelivr.net *.sentry-cdn.com *.ingest.sentry.io *.cookielaw.org *.onetrust.com *.onetrust.io *.youtube.com optanon.blob.core.windows.net; block-all-mixed-content; report-uri /nelmio/csp/report 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com jeffco.bibliocms.com *.jeffco.bibliocms.com https://jeffcolibrary.org jeffcolibrary.org *.jeffcolibrary.org; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bibliocms.com *.bibliocms.com bibliocms.com *.bibliocms.com http://bibliocms.com; 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
img-src *; default-src 'self' *.one.network https://ukwest-0.in.applicationinsights.azure.com//v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.paypal.com *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adform.net *.cloudflare.com *.cloudfront.net *.facebook.net *.google.de *.google.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.googlevideo.com *.gstatic.com *.intelliad.de *.nuki.io *.telekom.de *.usabilla.com *.wbtrk.net *.youtube-nocookie.com *.ytimg.com tag.contiamo.com empathy-portal.de lpcdn.lpsnmedia.net lo.v.liveperson.net lptag.liveperson.net accdn.lpsnmedia.net cdn.novalnet.de nuki.io webcode.telekom-dienste.de tags-eu.tiqcdn.com fbc.wcfbc.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com www.telekom.de webcode.telekom-dienste.de; img-src 'self' data: cdn.smarthome.de  *.adform.net *.brodos.com *.cloudfront.net *.doubleclick.net *.facebook.com *.google.de *.google.com *.googlevideo.com *.gstatic.com *.intelliad.de *.telekom.de *.usabilla.com *.ytimg.com *.youtube-nocookie.com events.contiamo.com empathy-portal.de lptag.liveperson.net lpcdn.lpsnmedia.net tracking.mlsat02.de https://goliath.telekom-dienste.de webcode.telekom-dienste.de tags-eu.tiqcdn.com fbc.wcfbc.net; media-src 'self' *.adform.net *.google.de *.google.com *.gstatic.com *.googlevideo.com *.telekom.de *.youtube-nocookie.com *.ytimg.com lptag.liveperson.net lpcdn.lpsnmedia.net tags-eu.tiqcdn.com fbc.wcfbc.net; frame-src 'self' *.facebook.com *.facebook.net/ *.lo.cobrowse.liveperson.net *.paypal.com *.rfihub.com *.usabilla.com *.youtube-nocookie.com *.youtube.com https://d6tizftlrpuof.cloudfront.net email-telekom.de t23.intelliad.de lptag.liveperson.net server.lon.liveperson.net lpcdn.lpsnmedia.net nuki.io ebs08-stg.telekom.de ebs08.telekom.de shopsuche.telekom.de; font-src 'self' data: *.gstatic.com *.usabilla.com https://ebs10.telekom.de https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://www.telekom.de/; connect-src 'self' *.paypal.com *.usabilla.com https://ebs10.telekom.de wss://gwe-dmz-cc.telekom.de https://gwe-dmz-cc.telekom.de https://rest.ice-search.de https://iss-staging-backend.ice-search.de https://ebs01-stg.telekom.de ebs01.telekom.de https://d6tizftlrpuof.cloudfront.net https://ebs02.telekom.de https://events.contiamo.com https://payport.novalnet.de; form-action 'self' *.facebook.net *.facebook.com shopsuche.telekom.de; frame-ancestors 'self' https://pano.framework.tv https://telekom-cafe-ape.framework.tv 1
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self'   *.webspellchecker.net/ https://fnk-main-prd-zsa-uploads.s3.eu-west-1.amazonaws.com/ https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com  *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval'   *.webspellchecker.net/ https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/ *.hotj blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline'  *.webspellchecker.net/  https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline'  *.webspellchecker.net/  https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self'   *.webspellchecker.net/ *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
img-src * data:; style-src 'self' 'unsafe-inline' *.readspeaker.com; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com *.readspeaker.com matomo.rexx-systems.com;frame-ancestors 'self' www.service-gmbh-schwarzwald.de ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: lhconsulting.com.szander.dev.nil *.lhconsulting.com consent.cookiebot.com consentcdn.cookiebot.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si; connect-src 'self' *.lhconsulting.com; font-src 'self' *.lhconsulting.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' *.lhconsulting.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com *.doubleclick.net *.google.de; 1
default-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; script-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; style-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; font-src 'self' https: http://www.portaleamministrazionetrasparente.it/ 1
default-src 'self' s.w.org fonts.gstatic.com fonts.googleapis.com maps.googleapis.com ajax.googleapis.com data: secure.gravatar.com www.yourwebstats.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com maps.googleapis.com ajax.googleapis.com; img-src 'self' data: https: secure.gravatar.com; media-src 'self'; child-src 'self' https:; font-src fonts.gstatic.com fonts.googleapis.com maps.googleapis.com ajax.googleapis.com 'self' data:; connect-src 'self';base-uri 'self';frame-src 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-VmrUOPM4yMeVwrUmVl05a5x0vD81aiBt' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
frame-ancestors http://* 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-f+jqG1mm3LktmzyJHsIWnMiBwiJHa+rnKPI5vxSKS3M=' 'sha256-TtKj7yFcN3RQ/EnJ2bCdFFzQunrr9E9bzNFv4s+X/UA=' 'nonce-nACt9ZQTWNiIALl4Je9k3g=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1
frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.web2016-acc.netivity.nl https://matrabike.WEB2016-ACC.netivity.nl http://www.google.com 1
frame-ancestors 'self' eventmobi.com experience.eventmobi.com *.eventmobi.com * 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com omaha.bibliocms.com *.omaha.bibliocms.com https://omahalibrary.org omahalibrary.org *.omahalibrary.org; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net www.gstatic.com www.google.com  apis.google.com maps.googleapis.com googleadservices.com www.xart.cz fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.ccvision.de www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.cz connect.facebook.net giphy.com *.facebook.com akamaihd.net fbcdn.net fb.me fbsbx.com api.mapy.cz mapserver.mapy.cz tagmanager.google.com ssl.gstatic.com fe.marketingovalista.cz sc.lfeeder.com tr.lfeeder.com static.userback.io api.userback.io www.googleadservices.com app.marketingovalista.cz accounts.google.com 1
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 'self' 'unsafe-inline'; img-src https: data: blob: 'self'; frame-src https: 'self' ; style-src https: 'self' 'unsafe-inline'; 1
default-src 'self'; frame-src 'self' *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.reciteme.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' hhttps://api.reciteme.com ttps://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://api.reciteme.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://api.reciteme.com https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' https://api.reciteme.com 1
default-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.clickdimensions.com *.vo.msecnd.net 1
default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com *.googletagmanager.com curator-assets.b-cdn.net; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
*.cookieyes.com cdn-cookieyes.com 1
object-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com 'self'; manifest-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com 'self'; child-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com *.pardot.com *.vimeo.com *.youtube.com *.sharethis.com 'self'; media-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com *.vimeo.com *.youtube.com 'self'; script-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com *.pardot.com https://*.olark.com https://yoast.com *.sharethis.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://snap.licdn.com https://connect.facebook.net https://analytics.twitter.com https://static.ads-twitter.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com *.pardot.com https://*.olark.com https://extend.vimeocdn.com https://yoast.com *.sharethis.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.googleapis.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.polyfill.io https://unpkg.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; style-src-elem *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com https://*.googleapis.com https://cdnjs.cloudflare.com *.typekit.net https://fonts.googleapis.com 'unsafe-inline' 'self'; font-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com *.pardot.com https://*.typekit.net https://fonts.gstatic.com 'self' data:; frame-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com *.pardot.com https://*.olark.com https://www.youtube.com *.youtube.com *.sharethis.com https://c.sharethis.mgr.consensu.org https://*.vimeo.com *.vimeo.com https://player.vimeo.com https://trizettoprovidersolutions.wufoo.com https://media.licdn.com https://www.facebook.com 'self'; img-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com *.pardot.com https://i.vimeocdn.com https://dify.wpengine.com https://www.paypalobjects.com https://*.olark.com *.sharethis.com https://secure.gravatar.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com http://t.co https://t.co https://www.facebook.com https://www.linkedin.com https://analytics.twitter.com https://s3.amazonaws.com https://www.googletagmanager.com https://*.gravatar.com https://secure.gravatar.com https://s.w.org https://i.ytimg.com https://ps.w.org https://optimizingmatters.com 'self' data:; connect-src *.cognizantrcm.com *.trizettoprovider.com *.cognizant.com https://my.wpengine.com https://yoast.com https://*.yoast.com *.sharethis.com https://*.olark.com https://stackpath.bootstrapcdn.com https://www.facebook.com https://rdp.rhombusads.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.infotechexpress.com infotechinc.zendesk.com *.zdassets.com *.google-analytics.com *.stripe.com *.cloudflare.com 1
default-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net https://veracity-cdn.azureedge.net; style-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com cdnveracity.azureedge.net blob: https://veracity-cdn.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-CiLqRFMo488mIhk5Iet/2ifYUgGAu+sgjUSOXHNcO2M=' 'sha256-Zx6t6tJBEfAGbwFZi0YK/Qv2m/UKBp4XprjbGNvOA8Y=' 'sha256-qpE3yDYwtYLcYeBZJQCR3PBmJHopLnOlMQRNFjhu4Sw=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-dreGTkhRtQfwSXsd3ZavyTtL9QeeRUMFpniTUPkTNdg=' 'sha256-KycdTLdLPGini1lPAbHXJFMqqE0NBDthTPM00lNMGU0=' 'sha256-0hU65hNt+lgOOkwNFXW8crj+0fxeiF4kL+o2FmjfWTA=' tagmanager.google.com fonts.googleapis.com 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA='; img-src 'self' data: cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracityprod.blob.core.windows.net veracitycdn.azureedge.net veracitystatic.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracitytest.azureedge.net veracity.azureedge.net brandcentral.dnvgl.com brandcentral.dnv.com devtestdevprofile.blob.core.windows.net testdevprofile.blob.core.windows.net stagdevprofile.blob.core.windows.net cdn.sanity.io devprofile.blob.core.windows.net cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com https://px.ads.linkedin.com/ www.google.no www.google.com px.ads.linkedin.com www.linkedin.com google-analytics.com googletagmanager.com *.adsymptotic.com; script-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net veracity.azureedge.net https://localhost:3010 cdnveracity.azureedge.net https://veracity-cdn.azureedge.net az416426.vo.msecnd.net 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com www.google-analytics.com sjs.bizographics.com/insight.min.js https://px.ads.linkedin.com/ https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com; media-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracityprod.blob.core.windows.net veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net cdn.sanity.io brandcentral.dnvgl.com brandcentral.dnv.com https://veracity-cdn.azureedge.net; connect-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net cdn.sanity.io wss://localhost:3011 cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net dc.services.visualstudio.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net; style-src-attr 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-CiLqRFMo488mIhk5Iet/2ifYUgGAu+sgjUSOXHNcO2M=' 'sha256-Zx6t6tJBEfAGbwFZi0YK/Qv2m/UKBp4XprjbGNvOA8Y=' 'sha256-qpE3yDYwtYLcYeBZJQCR3PBmJHopLnOlMQRNFjhu4Sw=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-dreGTkhRtQfwSXsd3ZavyTtL9QeeRUMFpniTUPkTNdg=' 'sha256-KycdTLdLPGini1lPAbHXJFMqqE0NBDthTPM00lNMGU0=' 'sha256-0hU65hNt+lgOOkwNFXW8crj+0fxeiF4kL+o2FmjfWTA='; script-src-elem 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net veracity.azureedge.net https://localhost:3010 cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net https://*.siteintercept.qualtrics.com 'sha256-gyx8gdfo/kbUsjsztRzImiGTH40PvnMaTBfx67Fme78=' 'sha256-5iNjqILmY2w3enZeIDSRCXLxYlrDBLo0O6Vrz+x52lQ=' 'sha256-KccRV2ejzQNCmcavwmuYyTe5GXLq6U8XN4zZuuEcfCk=' 'sha256-4UrsozB38acysIpnw9wDZ2kh8VUlwojNs0+hs5TPAgY=' 'sha256-0hU65hNt+lgOOkwNFXW8crj+0fxeiF4kL+o2FmjfWTA=' 'sha256-KycdTLdLPGini1lPAbHXJFMqqE0NBDthTPM00lNMGU0=' 'sha256-hZeD7EFjjyhQ7TjefoatAoAuvdydzA2gDzbnc13qZcY=' 'sha256-IuR48Fro3ShOtgRdkzhhTRnQeCIU39pgd6QgAcPScUU=' https://tagmanager.google.com https://www.googletagmanager.com www.google-analytics.com sjs.bizographics.com/insight.min.js https://px.ads.linkedin.com/ https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com *.msecnd.net; font-src cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net data: fonts.gstatic.com; frame-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com/ns.html; report-uri https://veracitycommon.report-uri.com/r/t/csp/enforce; report-to https://veracitycommon.report-uri.com/a/d/g 1
object-src 'none'; media-src 'none' 1
default-src 'none'; child-src blob:; script-src-elem 'self' 'unsafe-inline' analyzer.amedick-sommer.de www.google-analytics.com *.googleapis.com www.googletagmanager.com www.youtube.com tagmanager.google.com altruja.de usercentrics.eu *.usercentrics.eu;; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: analyzer.amedick-sommer.de altruja.de www.google-analytics.com *.googleapis.com www.googletagmanager.com www.youtube.com tagmanager.google.com usercentrics.eu *.usercentrics.eu; img-src * data: blob:; style-src 'self' 'unsafe-inline'; media-src 'self' blob; connect-src 'self' *.evkirchepfalz.de www.portal.kirchenplaner.de analyzer.amedick-sommer.de usercentrics.eu *.usercentrics.eu; font-src 'self' data: fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' www.youtube-nocookie.com maps.google.de *.google.com www.youtube.com analyzer.amedick-sommer.de mosaically.com adventskalender.evangelisch.de usercentrics.eu *.usercentrics.eu www.ardmediathek.de www.swr.de; base-uri 'self'; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://connect.facebook.net  https://s.ytimg.com https://px.ads.linkedin.com https://www.youtube.com https://www.google-analytics.com https://snap.licdn.com https://www.googletagmanager.com https://www.linkedin.com https://maps.googleapis.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://themes.googleusercontent.com https://in.hotjar.com https://tagmanager.google.com; img-src 'self' *.google.be *.google.com *.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com *.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com/px/li_sync; media-src 'self' ; frame-src 'self' https://www.youtube.com  https://vars.hotjar.com https://www.facebook.com https://snazzymaps.com; frame-ancestors 'self' ; child-src 'self' ; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; connect-src 'self' https://in.hotjar.com https://vc.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /nl/report-csp-violation 1
default-src 'self' *.ketoro.digital 'unsafe-inline' 'unsafe-eval'; script-src *.scorecardresearch.com *.jsdelivr.net *.googletagmanager.com *.crazyegg.com *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com 'self' *.ketoro.digital 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; object-src *.youtube.com; style-src cdn.jsdelivr.net *.googletagmanager.com 'self' *.ketoro.digital 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; img-src 'self' *; media-src youtube.com *.youtube.com vimeo.com *.vimeo.com; frame-src 'self' *.ketoro.digital *.youtube.com; frame-ancestors 'self' *.ketoro.digital *.youtube.com; child-src 'self' *.ketoro.digital *.youtube.com; font-src fonts.googleapis.com fonts.gstatic.com *.jsdelivr.net ; connect-src 'self' *.youtube.com *.jsdelivr.net *.googletagmanager.com *.crazyegg.com *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://expressone.hu/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://live.icecat.biz https://live-html.icecat.biz https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://live.icecat.biz https://live-html.icecat.biz; frame-ancestors 'self'; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://live.icecat.biz https://live-html.icecat.biz https://objects.icecat.biz https://js.mollie.com; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://live.icecat.biz https://live-html.icecat.biz; upgrade-insecure-requests 1
frame-ancestors 'none'; object-src 'none'; media-src 'self' data: *.cloudinary.com https://js.intercomcdn.com https://js.driftqa.com js.driftt.com player.vimeo.com vod-progressive.akamaized.net; worker-src 'self' blob:; report-uri https://sentry.io/api/12909/security/?sentry_key=1610ada4146c464fa0d641df9d41ff59&sentry_environment=production&sentry_release=R20220913081822 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
default-src 'self' *.ctctcdn.com *.google.com *.constantcontact.com *.gstatic.com maps.googleapis.com *.usersnap.com *.google-analytics.com *.newrelic.com *.nr-data.net; script-src 'self' 'unsafe-inline' *.ctctcdn.com *.google.com *.gstatic.com cdnjs.cloudflare.com maps.googleapis.com *.usersnap.com cdn.rawgit.com *.googletagmanager.com *.google-analytics.com *.newrelic.com *.nr-data.net; style-src 'self' 'unsafe-inline' *.typekit.net *.ctctcdn.com fonts.googleapis.com cdnjs.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com *.usersnap.com raw.githubusercontent.com cdn.rawgit.com *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com; font-src 'self' *.typekit.net fonts.gstatic.com *.bootstrapcdn.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/; img-src 'self' data: https://www.google-analytics.com; object-src 'self' data: https://www.youtube.com/; frame-src 'self' data: https://www.youtube.com/; 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.hotjar.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hubspot.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hubspot.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com 'nonce-ODJhNzE2OWYzODMxMTgzYzQ3MTAyODRlYWMzMmU3Y2U5OThlZmIxNGMxODY4MzQyMDY0NzVmMzFhYmE4OTdiYTMwN2RmYWJjZjY0ZmQ0ODI5ZDEyOTAzZTY2YmU2YzBmODNmNDI3NDk5ZjdkOTFmZDUzNzUyMWY0MmViODg0OWY=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline'; report-uri https://o252893.ingest.sentry.io/api/1440752/security/?sentry_key=fcc1a3c257104300bd1a4a088c479d86; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://platform.twitter.com/widgets.js https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
child-src blob: js.stripe.com; connect-src 'self' wss://*.scribbletogether.com https://*.scribbletogether.com https://o194327.ingest.sentry.io https://www.google-analytics.com https://com-scribble-documents-serverdev.s3.amazonaws.com https://com-scribble-documents.s3.amazonaws.com https://com-scribble-temporarydocuments.s3.amazonaws.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; default-src 'self' https://static.scribbletogether.com https://com-scribble-documents-serverdev.s3.amazonaws.com https://com-scribble-documents.s3.amazonaws.com https://com-scribble-temporarydocuments.s3.amazonaws.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; font-src data: 'self' https://static.scribbletogether.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; img-src * data: blob:; script-src 'self' 'unsafe-eval' https://static.scribbletogether.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com 'nonce-Kh77lGqWvXT0BqxccJ58kg'; style-src 'self' 'unsafe-inline' https://static.scribbletogether.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; worker-src blob: 1
default-src 'self'; img-src https://www.google-analytics.com 'self' data: blob:; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-inline' https://www.elektronicznypodpis.pl https://chrome.google.com  https://addons.opera.com 'unsafe-eval' */pdf.js */viewer.js blob:; connect-src 'self' blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; child-src 'self' blob: https: http:; 1
frame-ancestors https://www.transgourmet.at https://transgourmet.at https://nex.mutor.at https://nex.transgourmet.at 1
frame-ancestors 'self' ; 1
default-src 'self' * 'unsafe-inline' data: 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 1
default-src 'self'; object-src 'self' https://pts.bildconnect.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.bildconnect.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.bildconnect.de https://umfrage.bildconnect.de https://pts.bildconnect.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.bildconnect.de https://stats.bildconnect.de https://imagepool.bildconnect.de https://pts.bildconnect.de; script-src 'strict-dynamic' 'nonce-261c0c335967895b21cba906651d7763' 'nonce-2fa2bd5fbacd6b49b222d32f424097be' 'nonce-b5670afe6b7f4dc6471becb3b78580e3' 'nonce-e846dde1e5afdcb6b3b6ef81f4fafb87' 'nonce-7031110ebf54229ae6254791805e30fc' 'nonce-7e48dc1bf8afe4d3cf986bc92ea3142a' 'nonce-815dfca0d3a2740f6d4502c66798aad1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.bildconnect.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-261c0c335967895b21cba906651d7763' 'nonce-2fa2bd5fbacd6b49b222d32f424097be' 'nonce-b5670afe6b7f4dc6471becb3b78580e3' 'nonce-e846dde1e5afdcb6b3b6ef81f4fafb87' 'nonce-7031110ebf54229ae6254791805e30fc' 'nonce-7e48dc1bf8afe4d3cf986bc92ea3142a' 'nonce-815dfca0d3a2740f6d4502c66798aad1' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; object-src 'self' https://pts.discotel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.discotel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://chat.discotel.de https://umfrage.discotel.de https://pts.discotel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.discotel.de https://stats.discotel.de https://imagepool.discotel.de https://pts.discotel.de; script-src 'strict-dynamic' 'nonce-5a60afceb43d35c342d94e29357c0ae2' 'nonce-4e803702de77835cc36a8822bd8d999d' 'nonce-dc580dbb5a16384b3f95764ecacbc9be' 'nonce-f7a4306671b367c023f93b029858a82f' 'nonce-d489a6fa2529a354edd5f1bb449b6e22' 'nonce-dd9d23680e5bf0eb6e83b7d2c405b423' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.discotel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-5a60afceb43d35c342d94e29357c0ae2' 'nonce-4e803702de77835cc36a8822bd8d999d' 'nonce-dc580dbb5a16384b3f95764ecacbc9be' 'nonce-f7a4306671b367c023f93b029858a82f' 'nonce-d489a6fa2529a354edd5f1bb449b6e22' 'nonce-dd9d23680e5bf0eb6e83b7d2c405b423' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors https://www.twoa.ac.nz 1
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com https://wwwpub.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.garmin.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com https://wwwpub.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com https://wwwpub.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.garmin.com https://www.garmin.com https://wwwpub.garmin.com https://consent.trustarc.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://wwwpub.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://player.youku.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net https://gum.criteo.com https://static.criteo.net; object-src 'none'; upgrade-insecure-requests 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dme0ih8comzn4.cloudfront.net/js/feather.js https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net; media-src 'self'; object-src 'self'; frame-ancestors none 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://static.codepen.io https://marketing.envylabs.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com; img-src 'self' https://marketing.envylabs.com https://secure.gravatar.com https://*.ads.linkedin.com https://*.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleusercontent.com https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://insight-engine.newfangled.com https://yoast.com; frame-src 'self' https://codepen.io https://www.google.com https://www.youtube.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' oppwa.com; connect-src *.vodafone.aws-arvato.com *.bildmobil.de bildmobil.de; frame-src 'self' oppwa.com ppipe.net; img-src 'self' data: 'unsafe-inline' oppwa.com 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.gstatic.com servedbyadbutler.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com banman.providermagazine.com host1.easypolls.net ajax.googleapis.com script.crazyegg.com cdn.calculatestuff.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com www.googletagmanager.com servedbyadbutler.com banman.providermagazine.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net widgets.calculatestuff.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com analytics.tiktok.com servedbyadbutler.com 1
frame-src 'self' https://calendly.com https://cdn.affinipay.com https://connect.squareup.com https://connect.squareupsandbox.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src * 'self' blob: data:; 1
font-src img.ui-portal.de; frame-ancestors https://*.web.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.ui-portal.de js.ui-portal.de s.uicdn.com uim.tifbs.net https://dl.web.de https://plus.web.de; style-src 'self' 'unsafe-inline' js.ui-portal.de s.uicdn.com 1
frame-ancestors "self" "https://*.motor.com" "https://*.motoshop.com" 1
script-src 'self' https://piwik.bzga.de  'unsafe-inline'; img-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: https://fia-tech.com; object-src 'self' data: https://fia-tech.com; frame-src 'self' data: https://fia-tech.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.alperia.eu *.tawk.to *.google.hr *.hotjar.com a.twiago.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.outbrain.com *.microad.jp *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.zenaps.com onetag-sys.com *.onetag-sys.com *.doubleclick.net *.googleadservices.com *.dwin1.com *.gstatic.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.facebook.net *.dynatrace.com *.tawk.to *.cloudflare.com *.newrelic.com *.trustpilot.com *.bootstrapcdn.com *.jsdelivr.net *.google-analytics.com *.nr-data.net *.google.com *.googleapis.com *.tagcommander.com *.etermin.net *.unpkg.com unpkg.com *.aklamio.com *.tradedoubler.com *.smct.io *.smct.co *.retargeted.co *.google.hr *.hosting-suite.it *.smct.co smct.co *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.rfihub.net  *.retargeted.co api.commander1.com *.trustcommander.net static.addtoany.com *.clarity.ms clarity.ms snap.licdn.com; style-src 'self' 'unsafe-inline' *.tawk.to *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.smct.io *.smct.co *.hosting-suite.it; img-src 'self' s.thebrighttag.com *.krxd.net id5-sync.com *.demdex.net *.microad.jp *.adscale.de *.ants.vn *.atdmt.com *.smartclip.net *.clmbtech.com *.zenaps.com *.onetag-cdn.com *.facebook.com *.tagcommander.com *.facebook.net *.commander.com *.google *.dwin1.com *.bing.com *.googletagmanager.com *.alperia.eu *.linkedin.com *.google-analytics.com *.tawk.to *.doubleclick.net *.sciencebehindecommerce.com *.google.com *.google.it *.gstatic.com *.googleapis.com data: *.aklamio.com *.alperiagroup.eu *.smct.io *.smct.co *.commander1.com *.outbrain.com *.smartadserver.com *.yahoo.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.3lift.com *.media.com *.sharethrough.com *.omnitagjs.com *.stickyadstv.com *.advertising.com *.ivitrack.com *.liadm.com *.smaato.net *.mgid.com *.yieldmo.com *.adnxs.com *.criteo.com *.openx.net *.omnitagis.com *.mediavine.com *.media.net *.rlcdn.com *.rfihub.com *.tremorhub.com *.dmxleo.com *.rubiconproject.com *.socdm.com ad.yieldlab.net x.bidswitch.net; media-src 'self' *.tawk.to; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com; font-src 'self' 'unsafe-inline' *.tawk.to *.google.com *.gstatic.com data: *.googleusercontent.com *.hotjar.com; connect-src 'self' data: *.gstatic.com *.google.de *.zenaps.com *.google.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.tawk.to *.nr-data.net wss://*.tawk.to *.dynatrace.com *.alperiaenergy.eu *.amazonaws.com *.google-analytics.com *.doubleclick.net *.alperiagroup.eu *.commander1.com *.google.hr *.smct.co *.smct.io *.googleapis.com *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.hotjar.io *.rfihub.net *.retargeted.co *.trustcommander.net *.hotjar.com wss://*.hotjar.com cdn.tagcommander.com *.google.it google.it *.clarity.ms clarity.ms; report-uri /report-csp-violation 1
font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.curator.io https://cdn.productreview.com.au https://fonts.yieldify-production.com;img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://stats.g.doubleclick.net https://dc.yieldify.com https://dwmvwp56lzq5t.cloudfront.net https://scontent.cdninstagram.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://bat.bing.com https://ad.doubleclick.net https://go.flx1.com https://secure.adnxs.com https://cookiea1.veinteractive.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://hey.hellobar.com http://cookiea1.veinteractive.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://cdsaus2.veinteractive.com https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://cm.g.doubleclick.net https://veads.veinteractive.com https://insight.adsrvr.org https://sync.adap.tv https://assets.yieldify.com https://ads.yahoo.com https://pixel.advertising.com https://curatorio.s3.amazonaws.com https://cdn.curator.io https://x.bidswitch.net https://adservice.google.com https://d2nq7dn4e4z508.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://match.adsrvr.org https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://cdn.livechatinc.com https://tags.w55c.net https://us-u.openx.net https://i.w55c.net https://t.mookie1.com https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://su.addthis.com https://ad.sxp.smartclip.net https://cdn-image.otherlevels.com https://www.google.com https://www.google.com.au https://cds.taboola.com https://secure.getprice.com.au https://a.b0e8.com https://marvel-b1-cdn.bc0a.com https://marvel-processor.bc0a.com https://cx.atdmt.com https://tr.outbrain.com https://r.turn.com *.id.amgdgt.com https://*.yieldify.com https://trc.taboola.com https://c.clarity.ms https://c5.adalyser.com https://pixel.quantserve.com https://sp.analytics.yahoo.com;style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://dwmvwp56lzq5t.cloudfront.net https://cdn.curator.io https://platform.twitter.com https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://www.wufoo.eu https://configaus2.veinteractive.com https://bat.bing.com https://script.crazyegg.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://my.hellobar.com https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://d33wq5gej88ld6.cloudfront.net https://www.google.com https://www.gstatic.com https://dcc4iyjchzom0.cloudfront.net https://platform.instagram.com https://platform.twitter.com https://cdn.curator.io https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://d1l6p2sc9645hc.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://s.adroll.com https://d.adroll.com https://ib.adnxs.com https://www.wufoo.com https://secure.wufoo.com  https://apps.rokt.com https://roktcdn1.akamaized.net https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdn.taboola.com https://www.eventbrite.com.au https://woobox.com https://trc.taboola.com https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://e.clarity.ms https://g.clarity.ms https://c5.adalyser.com https://secure.quantserve.com https://rules.quantcount.com https://s.yimg.com;default-src 'self' https://images.wineselectors.com.au https://configaus2.veinteractive.com https://vars.hotjar.com https://www.google.com https://www.facebook.com https://roktcdn1.akamaized.net;connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://api.curator.io https://appsapihk.veinteractive.com https://cookiea1.veinteractive.com https://c.flx1.com wss://ws1.hotjar.com https://cdsaus2.veinteractive.com https://bacon.section.io https://in.hotjar.com https://apps.rokt.com https://stats.g.doubleclick.net https://www.facebook.com https://trc.taboola.com https://sessionapihk.veinteractive.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://dtrchk.veinteractive.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://cds.taboola.com https://trc-events.taboola.com https://pips.taboola.com https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com;media-src 'self' https://images.wineselectors.com.au https://cdn.livechatinc.com;object-src 'self' https://images.wineselectors.com.au;child-src 'self' https://www.youtube.com https://www.google.com https://vars.hotjar.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://syndication.twitter.com https://www.instagram.com https://wineevents.wufoo.eu https://wineevents.wufoo.eu https://configaus2.veinteractive.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://apps.rokt.com https://www.google.com.au https://secure.livechatinc.com https://woobox.com https://wineselectors.ipscape.com.au https://bid.g.doubleclick.net https://www.ojrq.net https://tracking.gopsjump.com.au https://tracking.cohortdigital.com.au https://mozbar.moz.com https://*.yieldify.com https://lisac101.wufoo.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com https://translate.google.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://*.google-analytics.com americanrag.imgix.net https://production-americanrag-1622712148.s3.amazonaws.com https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead/ https://www.google.com/pagead/ https://www.facebook.com https://stats.g.doubleclick.net https://t.paypal.com https://googleads.g.doubleclick.net/ https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.gstatic.com https://translate.google.com https://script.hotjar.com https://*.speedcurve.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://insights.algolia.io https://cdn.speedcurve.com https://lux.speedcurve.com https://*.google-analytics.com https://*.twitter.com https://*.twimg.com https://*.instagram.com/en_US/embeds.js https://www.dwin1.com https://www.googleadservices.com https://connect.facebook.net https://ads.avocet.io https://googleads.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.awin1.com https://www.google.com/pagead/ https://beacon-v2.helpscout.net https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.googletagmanager.com https://vars.hotjar.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://*.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://insights.algolia.io https://cdn.speedcurve.com https://*.algolianet.com https://*.cloudfront.net https://*.google-analytics.com https://*.helpscout.net https://*.hotjar.com https://*.hotjar.io https://*.ingest.sentry.io https://*.instagram.com https://*.sciencebehindecommerce.com https://adservice.google.com https://apikeys.civiccomputing.com https://graph.facebook.com https://r1-t.trackedlink.net https://r1.trackedweb.net https://static.trackedweb.net https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google.com https://www.paypal.com wss://*.hotjar.com; font-src data: 'self' https://americanrag.com https://script.hotjar.com; media-src 'self'; form-action 'self' https://*.twitter.com; object-src 'self'; block-all-mixed-content; report-uri https://8f308bed7485907e11a437747d4caf5b.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.akamaihd.net *.facebook.com *.kaporal.com *.kaporal.net *.payline.com *.payments-amazon.com *.truefitcorp.com https://photorankapi-a.akamaihd.net *.heyday.ai *.sc-static.net blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com secure.payzen.eu maps.googleapis.com *.paypal.com *.abtasty.com *.appsmiles.eu *.bing.com *.kaporal.com *.cdn.payline.com *.payments-amazon.com/ *.truefitcorp.com https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://photorankapi-a.akamaihd.net https://photorankstatics-a.akamaihd.net https://www.googletagmanager.com pixel.cdnwidget.com *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.criteo.com *.criteo.net *.heyday.ai docs.google.com *.googleadservices.com *.clarity.ms *.batch.com *.powerspace.com an.pwspace.com t.contentsquare.net contentsquare.com *.contentsquare.com *.pwspace.com *.social-media-system.com social-media-system.com *.sc-static.net sc-static.net api.social-media-system.com www.datadoghq-browser-agent.com https://analytics.tiktok.com blob:;frame-src 'self' secure.payzen.eu www.youtube.com maps.googleapis.com *.paypal.com secure.ogone.com ogone.test.v-psp.com *.cdn.payline.com *.photorank.me *.pinterest.com *.truefitcorp.com https://player.vimeo.com kaporal-eresa.onestock-retail.com *.devatics.io *.devatics.com facebook.net *.facebook.net *.facebook.com facebook.com docs.google.com *.heyday.ai *.fls.doubleclick.net *.criteo.com *.kaporal.com *.heyday.ai gjigle.com *.sc-static.net *.criteo.net *.snapchat.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.amazonaws.com *.amazonaws.com *.cdn.payline.com *.truefitcorp.com photorankstatics-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.googletagmanager.com *.kaporal.com *.heyday.ai *.sc-static.net;img-src 'self' data: www.google-analytics.com maps.googleapis.com *.gstatic.com placehold.it *.akamaihd.net *.amazonaws.com *.appsmiles.eu *.bing.com *.cdnwidget.com *.cloudfront.net *.eu-west-3.amazonaws.com *.facebook.com *.kaporal.com *.kaporal.net *.cdn.payline.com *.pinterest.com *.truefitcorp.com data.photorank.me photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.google.com *.google.fr *.adnxs.com *.criteo.com *.criteo.net *.heyday.ai *.onestock-retail.com *.outbrain.com *.rubiconproject.com *.bidswitch.net *.taboola.com *.3lift.com *.smartadserver.com *.360yield.com *.yahoo.com *.analytics.yahoo.com *.pubmatic.com *.casalemedia.com *.teads.tv *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.advertising.com *.stickyadstv.com *.ivitrack.com *.mediavine.com *.rlcdn.com *.kaporal.com *.heyday.ai googletagmanager.com s.ad.smaato.net *.mgid.com tbs.tradedoubler.com *.clarity.ms *.batch.com *.powerspace.com public-prod-dspcookiematching.dmxleo.com i.liadm.com criteo-partners.tremorhub.com www.img-static.com r.phywi.org *.contentsquare.net *.contentsquare.com *.liadm.com *.emxdgt.com www.googletagmanager.com *.googletagmanager.com *.sc-static.net sync-criteo.ads.yieldmo.com;font-src 'self' fonts.gstatic.com data: cdn.linearicons.com *.kaporal.com *.cdn.payline.com *.truefitcorp.com maxcdn.bootstrapcdn.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net *.heyday.ai *.sc-static.net;connect-src 'self' *.paypal.com *.abtasty.com *.akamaihd.net *.appsmiles.eu *.facebook.com *.google-analytics.com *.googleapis.com *.payline.com *.payments-amazon.com *.truefitcorp.com https://graph.facebook.com https://photorankmedia-a.akamaihd.net https://z1photorankmedia-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.doubleclick.net *.g.doubleclick.net *.heyday.ai *.bing.com *.cdnwidget.com *.cdnbasket.net *.kaporal.com *.onestock-retail.com notifpush.com *.clarity.ms www.clarity.ms *.criteo.com *.batch.com *.powerspace.com *.contentsquare.net *.contentsquare.com *.sc-static.net *.snapchat.com *.social-media-system *.pwspace.com api.social-media-system.com www.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu https://analytics.tiktok.com;base-uri 'self' 1
script-src 'self' 'nonce-IlL1Xih8QuFw6TZvBYUzCdam' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-WXpZMU16UTFOekUxTlRBek5qQTM=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-WVdWaU9HVmpZV1EyTmpNMk5UWTM=' *.readspeaker.com gis.bvowb.nl 'nonce-TkdSak9UaGpNVGt6WmprNVpqbGo=' *.obi4wan.com *.pusher.com virtuele-gemeente-assistent.nl; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com gis.bvowb.nl 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-7SFa3Z4uDDIEQKMkcp7Id+zL9lqhIPnsJw53AfaRpBU=' 'sha256-ZzK5Vqk5m9+Qzc36oY+ULgcPdOLudnv0HR9zsUZwJt4=' virtuele-gemeente-assistent.nl mijn.virtuele-gemeente-assistent.nl fonts.googleapis.com  'nonce-Wmpnd05qYzFORE16TnpZd1ltWXg='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com geodata.nationaalgeoregister.nl *.kaartviewer.nl service.pdok.nl gis.bvowb.nl chart.googleapis.com *.obi4wan.com *.amazonaws.com virtuele-gemeente-assistent.nl; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com gis.bvowb.nl fonts.gstatic.com; connect-src 'self' *.readspeaker.com gis.bvowb.nl *.obi4wan.com *.pusher.com wss://*.pusher.com wss://virtuele-gemeente-assistent.nl virtuele-gemeente-assistent.nl; report-uri /report-csp-violation 1
script-src 'nonce-81b00d084b2b4b8e937871fdcdac3029' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1
base-uri 'none'; form-action 'self'; default-src 'none'; script-src 'self' 'sha256-RI/jC/Asfi9WI0KrYVqWvE1uJrLRLQVNDpe5ZAAbVLk=' https://wut.piwik.pro https://wut.containers.piwik.pro https://www.googletagmanager.com https://www.googleadservices.com 'nonce-Yy0OvQLIIdmk8mMrQGp9VQAAAD8'; style-src 'self' https://wut.containers.piwik.pro 'nonce-Yy0OvQLIIdmk8mMrQGp9VQAAAD8'; img-src 'self' https://wut.piwik.pro https://wut.containers.piwik.pro https://googleads.g.doubleclick.net https://www.google.com https://www.google.de; frame-src 'self' https://www.ausschreiben.de https://ausschreiben.de https://download.ausschreiben.de; font-src 'self' https://wut.containers.piwik.pro; connect-src 'self' https://wut.piwik.pro https://wut.containers.piwik.pro; object-src 'self'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ data: https://shop.bzga.de/; img-src 'self' data: https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self' data: wss: *.hotjar.io *.bugsnag.com *.doubleclick.net *.hotjar.com *.bugherd.com *.google-analytics.com *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cloudfront.net ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.bugherd.com *.hotjar.com *.google-analytics.com snap.licdn.com sessions.bugsnag.com unpkg.com *.twitter.com *.twimg.com blob: data:; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com *.cloudfront.net cdnjs.cloudflare.com unpkg.com *.cloudfront.net *.twitter.com; img-src 'self' *.linkedin.com *.google.com *.google-analytics.com *.cloudfront.net *.twitter.com px.ads.linkedin.com p.adsymptotic.com bugherd-attachments.s3.amazonaws.com *.twimg.com data:; font-src 'self' data: *.bugherd.com fonts.googleapis.com fonts.gstatic.com *.cloudfront.net 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:* 1
object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/  https://service.bzga.de/ 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://sibautomation.com https://cdn.shipup.co 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.pricespider.com *.mapbox.com tags.srv.stackadapt.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.pricespider.com ad.doubleclick.net adservice.google.com adservice.google.de adservice.google.us; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.pricespider.com tags.srv.stackadapt.com *.mapbox.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.pricespider.com *.mapbox.com tags.srv.stackadapt.com; font-src 'self' data: *.storck.com 4307249.fls.doubleclick.net; frame-src 'self' data: 4307249.fls.doubleclick.net; frame-ancestors 'self'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/; img-src 'self' data: https://*.teamviewer.com/ https://secure.gravatar.com/ https://*.google-analytics.com/; object-src 'self' data: ; frame-src 'self' data: ; 1
upgrade-insecure-requests; default-src 'self' media.cez.cz http://media.cez.cz https://mlab.blob.core.windows.net https://platform.motionlab.cz https://my.personalizard.com *.facebook.com *.iframehost.com *.smartsuppcdn.com;font-src 'self' fonts.gstatic.com data: *.typekit.net script.hotjar.com fonts.gstatic.com;connect-src 'self' *.google.com cezonline.cez.cz http://cez.lavamax.cz www.cez.cz *.hotjar.com http://graylog.hotjar.com:12080 ws://ws1.hotjar.com www.googletagmanager.com https://cezonline.cez.cz *.hotjar.io https://www.facebook.com stats.g.doubleclick.net www.google-analytics.com clc.cez.cz wss://*.hotjar.com optimize.google.com https://ruian.fg.cz *.licdn.com *.cezdistribuce.cz *.bezstavy.cz https://ruian.fg.cz https://media.cez.cz http://www.cezesco.cz *.smartsuppchat.com https://widget-v2.smartsuppcdn.com https://manager.smartlook.com wss://websocket-visitors.smartsupp.com https://consentcdn.cookiebot.com https://web-writer.eu.smartlook.cloud *.googleapis.com *.smartsupp.com *.google-analytics.com https://googleads.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bubble.apps.ocd.cc.corp/bubble.js *.seznam.cz www.google.com maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com c.imedia.cz https://www.cez.cz https://connect.facebook.net http://track.adform.net https://track.adform.net https://www.facebook.com tagmanager.google.com https://t.leady.com *.hotjar.com *.cookiebot.com *.azureedge.net https://clc.cez.cz https://clc-test.cez.cz https://skk.erecruiter.pl https://googleads.g.doubleclick.net cdn.optimizely.com optimize.google.com https://www.gstatic.com https://www.o2knihovna.cz https://www.seznam.cz/rs/static/rc.js *.licdn.com *.cezdistribuce.cz *.adform.net *.bezstavy.cz *.persoo.cz *.persoo.ai https://snap.licdn.com *.smartsuppchat.com https://scripts.persoo.cz https://rec.smartlook.com https://rtp.persoo.ai https://widget-v2.smartsuppcdn.com https://c.seznam.cz;form-action 'self' *.o2.cz https://cezonline.cez.cz http://cezonline.cez.cz cezonline.cez.cz https://eportal.cezdata.cz http://cez.lavamax.cz www.cez.cz https://ekolo.cz https://www.facebook.com *.payu.com *.payu.cz https://merch-prod.snd.payu.com http://merch-prod.snd.payu.com http://www.ete.cz http://www.aktivnizona.cz http://aktualne.cez.cz http://internikalkulacky.cez.cz http://www.telcoproservices.cz https://kdejinde.jobs.cz http://www.ned.cez.cz http://ned.cez.cz https://kissdesk.o2.cz https://dip.cezdistribuce.cz;frame-src 'self' blob: https://webcms.cezdata.corp *.o2.cz www.youtube-nocookie.com www.youtube.com https://www.youtube.com www.vimeo.com *.doubleclick.net www.google.com www.google.cz google.com google.cz https://www.google.com https://www.google.cz https://info.cez.bg www.facebook.com c.imedia.cz *.hotjar.com *.azureedge.net tpc.googlesyndication.com optimize.google.com https://stream360.pl https://www.o2knihovna.cz *.cezdistribuce.cz https://platform.motionlab.cz https://my.personalizard.com *.cookiebot.com *.cezdistribuce.cz https://cez.infolinky.textcom.cz;child-src 'self' blob: https://webcms.cezdata.corp *.o2.cz www.youtube-nocookie.com www.youtube.com https://www.youtube.com www.vimeo.com *.doubleclick.net www.google.com www.google.cz google.com google.cz https://www.google.com https://www.google.cz https://info.cez.bg www.facebook.com c.imedia.cz *.hotjar.com *.azureedge.net tpc.googlesyndication.com optimize.google.com https://stream360.pl https://www.o2knihovna.cz *.cezdistribuce.cz https://platform.motionlab.cz https://my.personalizard.com *.cookiebot.com *.cezdistribuce.cz https://cez.infolinky.textcom.cz;frame-ancestors 'self' https://www.youtube.com *.facebook.com *.iframehost.com https://setrim.cz ;img-src 'self' blob: data: *.cez.cz *.gstatic.com *.googleapis.com placeholdit.imgix.net www.googletagmanager.com www.google-analytics.com *.doubleclick.net  *.imedia.cz *.google.com *.google.cz https://www.facebook.com http://media.cez.cz  https://t.leady.com http://via.placeholder.com http://ovzdusi.orgrez.cz ssl.google-analytics.com android-webview-video-poster pagead2.googlesyndication.com www.google.de track.adform.net optimize.google.com system.erecruiter.pl http://gdg.symbiodigital.com *.ggpht.com *.linkedin.com *.adsymptotic.com *.googleusercontent.com https://mlab.blob.core.windows.net https://platform.motionlab.cz *.seznam.cz *.adform.net https://img.kuki.cz *.bezstavy.cz www.cezesco.cz https://cx.atdmt.com *.ads.linkedin.com https://files.smartsuppcdn.com https://widget-v2.smartsuppcdn.com https://twemoji.maxcdn.com;style-src 'self' 'unsafe-inline' data: https://www.cezesco.cz fonts.googleapis.com http://bilatechnika.cez.cz tagmanager.google.com *.typekit.net  optimize.google.com https://skk.erecruiter.pl www.cez.cz *.bezstavy.cz 1
default-src 'self';object-src 'self'; connect-src https://*; style-src 'self' https://* 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src https://*; report-uri https://*; base-uri https://*; form-action https://*; upgrade-insecure-requests;  script-src  'self' https://* 'unsafe-inline' 'unsafe-eval';font-src 'self' https://*; img-src https://* data:; child-src 'none' 1
default-src 'self' *.google.com *.axa-assistance.cz *.axa-assistance.sk *.axa-assistance.pl *.axa-assistance.at *.axa-assistance.hu 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com rclreads.bibliocms.com *.rclreads.bibliocms.com https://www.rclreads.org www.rclreads.org *.www.rclreads.org; 1
frame-ancestors https://*.innovatrics.com 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-WmpCbE5UY3haVEl6WmpjMk1qRmk=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-TUdFeU1UTmtNbUppTldZek9UUmo=' *.readspeaker.com gis.bvowb.nl 'nonce-Wm1ZNE1XVmhaak0zTlRsa09EZGg='; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com gis.bvowb.nl 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-7SFa3Z4uDDIEQKMkcp7Id+zL9lqhIPnsJw53AfaRpBU=' 'sha256-ZzK5Vqk5m9+Qzc36oY+ULgcPdOLudnv0HR9zsUZwJt4=' 'nonce-T1dGbVlUWXhaRGt5TWpCalpHSTQ='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com geodata.nationaalgeoregister.nl *.kaartviewer.nl service.pdok.nl gis.bvowb.nl chart.googleapis.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com gis.bvowb.nl; connect-src 'self' *.readspeaker.com gis.bvowb.nl; report-uri /report-csp-violation 1
default-src 'self' * 'unsafe-inline' data: blob: 1
default-src 'self'; script-src 'self'; connect-src 'self' 1
default-src 'self' 'unsafe-inline' blob: *.hellowork.com *; object-src 'none'; frame-ancestors 'self' https://compte.hellowork.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' data: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.example.com test.example.com *.amap.com blob: 'unsafe-eval' 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.scoreauthority.net *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io www.googleadservices.com; style-src 'self' 'unsafe-inline' *.scoreauthority.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.scoreauthority.net www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://pay.google.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://*.ggpht.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua; frame-src 'self' 'unsafe-inline' https://*.doubleclick.net 1
default-src 'self'; block-all-mixed-content; connect-src https: 'self'; font-src data: https: 'self'; frame-ancestors *.gendarmerie.interieur.gouv.fr 'self'; frame-src https: 'self'; img-src data: https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src blob: 'self' 1
frame-ancestors 'self' https://*.parisfashionshops.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com data:; 1
frame-ancestors 'self' hew.com *.hew.com; 1
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.ins-netz-gehen.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 1
default-src 'self' *.speechstream.net; frame-src 'self' *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.texthelp.com.com *.browsealoud.com *.speechstream.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.browsealoud.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data: *.texthelp.com *.browsealoud.com *.texthelp.com *.wikimedia.org google-analytics.com *.stats.g.doubleclick.net; object-src 'self' blob:; connect-src  'self'  *.speechstream.com  *.texthelp.com  *.browsealoud.com https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net *.speechstream.net blob: ; media-src 'self' blob: https://*.speechstream.net;child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.nets.eu http://*.nets.eu *.nets.eu https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google.com http://*.google.com *.google.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://js.stripe.com http://js.stripe.com js.stripe.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://mktdplp102cdn.azureedge.net https://cdn.popt.in https://polyfill.io https://cdnjs.cloudflare.com 'sha384-VEu+sgL1aGk/o/dEXW2qjDOjn7kPghYlOpDH+2xJ644p5nmrSigN3CiEWrytxTBt' 'sha384-38qS6ZDmuc4fn68ICZ1CTMDv4+Yrqtpijvp5fwMNdbumNGNJ7JVJHgWr2X+nJfqM' 'sha384-vk5WoKIaW/vJyUAd9n/wmopsmNhiy+L2Z+SBxGYnUkunIxVxAv/UtMOhba/xskxh' 'sha384-6UVI3atWyL/qZbDIJb7HW8PyHhFNMiX5rYNY2gAYcaYJjYk5cNIQShSQPBleGMYu' 'sha384-R3vNCHsZ+A2Lo3d5A6XNP7fdQkeswQWTIPfiYwSpEP3YV079R+93YzTeZRah7f/F' 'sha256-fTuUgtT7O2rqoImwjrhDgbXTKUwyxxujIMRIK7TbuNU=' https://stackpath.bootstrapcdn.com https://az416426.vo.msecnd.net https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.google.com https://www.gstatic.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://*.linkedin.com/ 'sha256-2WW7s5Y0Lr7aXB05gTYInSuhQ72hXOYOn94XUOmxo/0=' https://cdn.jsdelivr.net https://connect.facebook.net https://analytics.twitter.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsforms.net/forms/v2.js https://forms.hsforms.com https://js.hscta.net/cta/current.js https://cta-service-cms2.hubspot.com https://no-cache.hubspot.com/ https://js.hsleadflows.net/ 'nonce-J/vw5tnVrUC88CICSGViAQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.popt.in https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://tagmanager.google.com; img-src 'self' https://*.svc.dynamics.com https://app.popt.in https://cdn.popt.in https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.doubleclick.net  data: www.googletagmanager.com  https://ssl.gstatic.com https://www.gstatic.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://*.linkedin.com https://script.hotjar.com http://script.hotjar.com   https://i.ytimg.com/  https://*.facebook.com https://t.co https://analytics.twitter.com https://track.hubspot.com https://forms.hsforms.com https://forms.hubspot.com https://no-cache.hubspot.com https://perf.hsforms.com https://f.hubspotusercontent00.net https://our.umbraco.com https://our.umbraco.org https://dashboard.umbraco.org *.google.ae *.google.am *.google.as          *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bi *.google.bs *.google.ca          *.google.cd *.google.cg *.google.ch *.google.ci *.google.cl *.google.co.bw *.google.co.ck          *.google.co.cr *.google.co.hu *.google.co.id *.google.co.il *.google.co.im *.google.co.in          *.google.co.je *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma          *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve          *.google.co.vi *.google.co.za *.google.co.zm *.google.com *.google.com.af *.google.com.ag          *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bo *.google.com.br *.google.com.bz          *.google.com.co *.google.com.cu *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et          *.google.com.fj *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kw          *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf          *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph          *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb          *.google.com.sg *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua          *.google.com.uy *.google.com.uz *.google.com.vc *.google.com.vn *.google.cz *.google.de          *.google.dj *.google.dk *.google.dm *.google.ee *.google.es *.google.fi *.google.fm *.google.fr          *.google.gg *.google.gl *.google.gm *.google.gr *.google.hn *.google.hr *.google.ht *.google.hu          *.google.ie *.google.is *.google.it *.google.jo *.google.kg *.google.kz *.google.li *.google.lk          *.google.lt *.google.lu *.google.lv *.google.md *.google.mn *.google.ms *.google.mu *.google.mw          *.google.net *.google.nl *.google.no *.google.nr *.google.nu *.google.off.ai *.google.org          *.google.pl *.google.pn *.google.pt *.google.ro *.google.ru *.google.rw *.google.sc *.google.se          *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.tm *.google.to *.google.tp          *.google.tt *.google.tv *.google.uz *.google.vg *.google.vu *.google.ws *.gooogle.com https://cdn.objectivity.co.uk https://saextobjwebumbracoprod.blob.core.windows.net https://*.cdninstagram.com https://*.fbcdn.net; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; connect-src 'self' https://*.svc.dynamics.com https://display.popt.in https://d3lopmpcew67el.cloudfront.net https://*.google-analytics.com https://stats.g.doubleclick.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://forms.hubspot.com https://forms.hsforms.com; frame-src 'self' https://*.svc.dynamics.com https://www.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://www.microsoft.com https://www.vimeo.com https://bid.g.doubleclick.net https://www.facebook.com/ https://forms.hsforms.com/ https://forms.hubspot.com/ https://app.hubspot.com https://cta-redirect.hubspot.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io www.googleadservices.com; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com westervillelibrary.bibliocms.com *.westervillelibrary.bibliocms.com https://westervillelibrary.org westervillelibrary.org *.westervillelibrary.org; 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-TURoaE5UQmpOMkpqT0RkaE16STA=' app.cobrowser.com 'nonce-T1RWa01tSXhPR001T0RGak5qVmk=' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.zevenaar.nl 'nonce-TVRBMlkyRmtZV1l4WW1Fd1pqQTQ=' 'nonce-TVRnMk5UVXhaRGxqTTJOa1lURTA=' 'nonce-TlRoaE9XVXlPVGRpWm1SbE9UbGw='; object-src 'self'; style-src 'self' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' app.cobrowser.com 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com 'nonce-T1dFNU5tVmlPV1JpT0RkbFl6Tmo=' fonts.googleapis.com; img-src 'self' data: app.cobrowser.com *.readspeaker.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.zevenaar.nl www.gstatic.com *.ytimg.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.zevenaar.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com app.cobrowser.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' app.cobrowser.com wss://app.cobrowser.com *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.zevenaar.nl fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com cse.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com; style-src data: https: 'unsafe-inline' 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com marinlibrary.bibliocms.com *.marinlibrary.bibliocms.com https://marinlibrary.org marinlibrary.org *.marinlibrary.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.readspeaker.com *.hcaptcha.com hcaptcha.com *.gemeenteoplossingen.nl; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.jsdelivr.net p.typekit.net *.readspeaker.com; img-src 'self' *.google-analytics.com; media-src 'self'; frame-src 'self' *.google.com *.youtube-nocookie.com *.hcaptcha.com hcaptcha.com *.gemeenteoplossingen.nl; frame-ancestors 'self'; child-src 'self' *.youtube-nocookie.com; font-src 'self' themes.googleusercontent.com use.typekit.net fonts.gstatic.com data:; connect-src 'self' *.google-analytics.com *.doubleclick.net *.readspeaker.com *.hcaptcha.com hcaptcha.com; report-uri /report-csp-violation 1
default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com www.google-analytics.com; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com staticcdn.co.nz; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1
default-src 'self' https://*.keyreply.com/ cdn.polyfill.io  https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg https://connect.facebook.net https://e.issuu.com; font-src 'self' 'unsafe-inline' data: https://*.keyreply.com/ cdn.polyfill.io https://static.juicer.io  https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg https://fonts.googleapis.com https://fonts.gstatic.com https://static.juicer.io https://edge.addthis.com;  connect-src 'self' https://*.keyreply.com/ cdn.polyfill.io https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg www.juicer.io https://graph.facebook.com www.google-analytics.com www.google.com https://v1.addthis.com m.addthis.com https://edge.addthis.com https://stats.g.doubleclick.net ; frame-src 'self' https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg https://ihispteltd-asia-southeast1.prod.fire.glass youtu.be www.youtube.com https://staticxx.facebook.com https://platform.twitter.com www.google.com s7.addthis.com https://e.issuu.com https://player.vimeo.com https://edge.addthis.com https://www.canva.com; frame-ancestors 'self'; img-src *; media-src 'self' data: https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg https://images.pexels.com https://e.issuu.com; object-src 'self' https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg  youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.keyreply.com/ cdn.polyfill.io  https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg https://ihispteltd-asia-southeast1.prod.fire.glass assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com https://edge.addthis.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com www.googletagmanager.com https://connect.facebook.net http://connect.facebook.net https://platform.twitter.com https://v1.addthisedge.com https://v1.addthis.com https://z.moatads.com https://e.issuu.com https://edge.addthis.com; style-src 'self' 'unsafe-inline' data: https://*.keyreply.com/ cdn.polyfill.io https://cms-ktph.sppub.healthgrp.com.sg www.ktph.com.sg http://cms-whc.sppub.healthgrp.com.sg http://cms-ych.sppub.healthgrp.com.sg http://cms-geri.sppub.healthgrp.com.sg http://cms-admc.sppub.healthgrp.com.sg assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com https://e.issuu.com https://edge.addthis.com; 1
img-src * data:; 1
frame-ancestors https://*.posylka.de 1
default-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://optimize.google.com https://static.klaviyo.com *.facebook.com *.chargebee.com *.calendly.com; style-src data: 'self' 'unsafe-inline' *.myfonts.net https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://static.klaviyo.com https://cdnjs.cloudflare.com/ajax/libs/flatpickr/4.5.4/flatpickr.min.css *.chargebee.com *.calendly.com; img-src * data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com *.chargebee.com *.calendly.com; media-src *; font-src * https://fonts.gstatic.com https://checkout.orangefit.nl data:; connect-src * data: blob: 'unsafe-inline'; frame-src 'self' *.youtube.com *.google.com *.facebook.com *.criteo.com *.vimeo.com *.hotjar.com *.chargebee.com calendly.com https://optimize.google.com https://servicepoints.sendcloud.sc; prefetch-src 'self' https://static.klaviyo.com 1
default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com piwik.itzbund.de matomo03.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de matomo03.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-TjJVeFpUTTNObVkyTlRaaU1XSTQ=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-TXpCbVl6TmhPVFl3WkRFellXRTE=' *.readspeaker.com gis.bvowb.nl 'nonce-TVRJMU9USmhOVGsxWTJZeU1tSTM='; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com gis.bvowb.nl 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-7SFa3Z4uDDIEQKMkcp7Id+zL9lqhIPnsJw53AfaRpBU=' 'sha256-ZzK5Vqk5m9+Qzc36oY+ULgcPdOLudnv0HR9zsUZwJt4=' 'nonce-TURCa01tTXhNRFEzTmpNek16WXk='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com geodata.nationaalgeoregister.nl *.kaartviewer.nl service.pdok.nl gis.bvowb.nl chart.googleapis.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com gis.bvowb.nl; connect-src 'self' *.readspeaker.com gis.bvowb.nl; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: *.bootstrapcdn.com *.stripe.com *.cloudflare.com *.googleapis.com *.hs-scripts.com *.googletagmanager.com *.vision6.com.au *.gravatar.com *.force24.co.uk *.hsleadflows.net *.hs-analytics.net *.usemessages.com *.hsadspixel.net *.hs-banner.com *.google-analytics.com *.hubspot.com *.hubapi.com *.licdn.com *.linkedin.com *.hscta.net *.hsforms.com *.hsforms.net *.vimeo.com *.gstatic.com *.hsappstatic.net *.youtube.com unpkg.com *.infogram.com 1
default-src *.mymontebenefits.com *.jquery.com *.google-analytics.com *.google.com *.vimeo.com; script-src *.mymontebenefits.com 'unsafe-inline' *.jquery.com *.google-analytics.com 'unsafe-eval' *.google.com *.cloudflare.com *.vimeo.com; style-src *.mymontebenefits.com *.jquery.com 'unsafe-inline' *.google.com; img-src *.mymontebenefits.com 'unsafe-inline' *.jquery.com *.google-analytics.com *.doubleclick.net *.google.com; report-uri /report-csp-violation 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-T1dWaU1UWTNaRFF3TVdJeVpqVms=' www.googletagmanager.com *.google-analytics.com 'nonce-WkdVMFl6a3pOek5sTjJaaVkyWTI=' 'nonce-WkROalltVmxabUZqTTJWbU1tUmk=' 'nonce-Tmprd05tWXhaR1prTVRsbFpEQmg=' 'nonce-T1RJeU5ESm1aakF5TURrNFpqYzM=' 'nonce-WVRWbE9XVXdZekl3T1dNNU0yRTU=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' 'nonce-WlRReFkyUmlaalJsTUdZNE56Qmo=' 'sha256-owo1ZJpcrRkAGkV4k/EBOwhPpNEui6mpaaGBvI71tsg=' *.readspeaker.com 'nonce-WkRZNE9EQm1ZVGRrWlRBMk5qYzA='; img-src 'self' data: *.google-analytics.com *.gstatic.com *.openstreetmap.org *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com *.ytimg.com *.readspeaker.com; media-src 'self' *.readspeaker.com; frame-src 'self' www.youtube.com *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.ionicframework.com fonts.gstatic.com *.readspeaker.com; connect-src 'self' *.google-analytics.com *.siteimprove.com *.servmetric.com *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com  https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com https://www.facebook.com https://w.soundcloud.com https://open.spotify.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'nonce-6AEemGb0xJptoIGFP3Nd' 'nonce-7AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk https://www.youtube.com; connect-src 'self' https://sentry.io https://noembed.com https://cdn.plyr.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self'  https://analytics.google.com/ https://nhs.attendanywhere.com https://feeds.trac.jobs/ https://www.google-analytics.com 1
script-src 'self' https://kielikello.disqus.com https://c.disquscdn.com https://disqus.com https://m.addthisedge.com https://m.addthis.com https://kielikello.disqus.com https://sprakbruk.disqus.com https://s7.addthis.com https://www.google-analytics.com https://v1.addthis.com https://v1.addthisedge.com https://z.moatads.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' blob: * https:; connect-src * blob:; 1
frame-ancestors 'self' https://www.eventbrite.com 1
frame-ancestors 'self' harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com bam.harridev.com ar.harridev.com pl.harridev.com tr.harridev.com; 1
default-src 'self' *.fg.cz *.fraus.cz *.fraus.com;font-src 'self' data: fonts.gstatic.com *.fg.cz *.google.com *.issuu.com;connect-src 'self' *.gstatic.com *.google.com *.googleapis.com www.google-analytics.com *.fg.cz *.yandex.ru *.facebook.com *.seznam.cz *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.licdn.com *.linkedin.com *.cloudflare.com *.facebook.com *.facebook.net *.fg.cz *.fraus.cz *.fraus.com cdn.jsdelivr.net *.doubleclick.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz;form-action 'self' *.facebook.com *.facebook.net *.fg.cz *.google.com *.issuu.com;frame-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;child-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.placeholder.com *.fg.cz *.fraus.cz *.fraus.com *.facebook.com *.facebook.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz loremflickr.com i.ytimg.com;style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com *.google.com *.fg.cz *.fraus.cz *.fraus.com *.issuu.com;object-src 'self' *.fg.cz 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.comhttps://code.jquery.com *.cloudfront.net ;  connect-src 'self' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net ;  img-src 'self' data: *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net ;  style-src 'self' 'unsafe-inline' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net ;  frame-ancestors 'self' ; frame-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ;  child-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ;  font-src 'self' fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net 1
default-src 'self' blob: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.googletagmanager.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com *.cloudflareinsights.com; style-src 'self' data: 'unsafe-inline' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.googletagmanager.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com; font-src https: data: about:; img-src data: https: 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ 1
default-src 'self';img-src 'self' *.vandenbroeleconnect.be;script-src 'self' 'unsafe-inline' *.google.com *.gstatic.com polyfill.io;style-src 'self' 'unsafe-inline' *.typekit.net;object-src 'none';font-src 'self' *.typekit.net;frame-ancestors *.vandenbroele.be *.vandenbroeleconnect.be;frame-src 'self' 'unsafe-inline' *.google.com;sandbox allow-forms allow-same-origin allow-popups allow-scripts;base-uri 'self'; 1
default-src 'self' translate.googleapis.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; img-src 'self' data: 'unsafe-inline' ssl.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.googletagmanager.com googleusercontent.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com translate.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' api-js.mixpanel.com translate.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com translate.google.com translate.googleapis.com translate-pa.googleapis.com cdn.mxpnl.com 1
default-src 'self'; frame-src 'self' https://www.eventbrite.com/ *.twitter.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.eventbrite.com/static/widgets/eb_widgets.js *.googletagmanager.com https://cdn.syndication.twimg.com/ *.twitter.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://shop.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://www.youtube-nocookie.com/ 1
X-Content-Security-Policy script-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://www.general-security.gov.lb 'unsafe-inline'; connect-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://js.stripe.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net https://js.stripe.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.google.com https://sentry.io https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' https://media.blubrry.com https://content.blubrry.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com fulcolibrary.bibliocms.com *.fulcolibrary.bibliocms.com https://www.fulcolibrary.org www.fulcolibrary.org *.www.fulcolibrary.org; 1
default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; object-src data: https:; style-src data: 'unsafe-inline' https:; img-src data: https:; media-src data: https:; frame-src data: https:; font-src 'self' data: https:; connect-src data: https:; base-uri 'self'; 1
frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/; 1
script-src 'nonce-rX0H8oRTN51rM4MixQz3idzCcfA=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
frame-ancestors self https://www.northernparrots.com www.northernparrots.com:444 1
object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://ckf02.lancsd.org https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://bam.nr-data.net; object-src 'none'; frame-src 'self' https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://poundlandtt.snickers.co.uk/ https://2chances2win.snickers.co.uk/; child-src blob: 1
object-src 'none'; base-uri 'self'; form-action 'self'; default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com; font-src https: data: https://fonts.gstatic.com/ 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; frame-src 'self' https://player.vimeo.com/ 'unsafe-inline' https://www.google.com/recaptcha/; img-src https: data: https://secure.gravatar.com/ www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self'; 1
default-src  'self' data:;font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' *.google.com *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com  www.youtube.com *.pinterest.com *.pinimg.com;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz;object-src  'self' 1
default-src 'self' 'unsafe-inline' cdn.cookielaw.org cookielaw.org google-analytics.com;img-src 'self' 'unsafe-inline' data: optanon.blob.core.windows.net www.google-analytics.com www.gstatic.com; media-src 'self' 'unsafe-inline';font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com optanon.blob.core.windows.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com  stackpath.bootstrapcdn.com fonts.googleapis.com;script-src 'nonce-{NONCE}' 'nonce-{NONCE}' 'self' 'unsafe-inline' www.google.com www.gstatic.com static.addtoany.com www.googletagmanager.com www.google-analytics.com code.jquery.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com optanon.blob.core.windows.net rum-static.pingdom.net cdn.cookielaw.org cookielaw.org;frame-src 'self' 'unsafe-inline' www.youtube.com player.vimeo.com www.podbean.com 1
frame-src *; child-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:* *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com *.google.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
frame-ancestors 'self'' https://my.m6toll.co.uk; default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.twitter.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.rezcomm.com *.ytimg.com *.w.org *.facebook.com *.linkedin.com *.google-analytics.com *.youtube.com *.gravatar.com *.twitter.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.rezcomm.com *.youtube.com *.gstatic.com *.google.com *.licdn.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com *.twitter.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.cloudflare.com *.gstatic.com data:; frame-src *.google.com *.facebook.com *.youtube.com *.twitter.com; 1
default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/ cookiehub.net https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com cookiehub.net; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.dekust.be cdn.knightlab.com vars.hotjar.com https://www.google.com; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/ cookiehub.net *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
urbanohio.com 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://code.getmdl.io https://cdnjs.cloudflare.com https://livewidget.instaswap.io 'unsafe-inline'; img-src 'self' data:; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; script-src 'self' https://crypto.com https://www.youtube.com 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://code.getmdl.io 'sha256-ajGjo5eD0JzFPdnpuutKT6Sb5gLu+Q9ru594rwJogGQ=' 'sha256-LACw6p0ltO4cPIQHdhgKoRk1zV8vOsPBPOIIom+ARno=' https://widget.instaswap.io https://ajax.googleapis.com https://livewidget.instaswap.io; frame-src 'self' https://crypto.com https://www.google.com https://discordapp.com https://mcafeedex.com https://test.bluerockpools.net https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://googleads.g.doubleclick.net https://play.google.com https://explorer.conceal.network https://widget.instaswap.io https://instaswap.io; frame-ancestors 'none' 1
default-src 'self'; frame-src 'self' *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' *.typekit.net https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net; img-src * data:; object-src 'self' blob:; connect-src 'self' https://graph.facebook.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.bing.com *.bing.com https://*.google-analytics.com *.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.doubleclick.net *.doubleclick.net https://hello.myfonts.net hello.myfonts.net https://*.clarity.ms *.clarity.ms https://*.intercom.io *.intercom.io wss://*.intercom.io; font-src 'self' https://*.typekit.net *.typekit.net https://*.intercomcdn.com *.intercomcdn.com; form-action 'self'; frame-ancestors 'self' https://www.summerdiscovery.com www.summerdiscovery.com; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.youtube.com *.youtube.com https://*.powr.io *.powr.io https://summerdiscovery.secure.force.com summerdiscovery.secure.force.com https://summerdiscovery.tfaforms.net summerdiscovery.tfaforms.net https://*.visme.co *.visme.co https://www.summerdiscovery.com www.summerdiscovery.com; img-src 'self' https://www.summerdiscovery.com www.summerdiscovery.com https://*.adsymptotic.com *.adsymptotic.com https://*.bbb.org *.bbb.org https://*.bing.com *.bing.com https://*.clarity.ms *.clarity.ms https://www.facebook.com www.facebook.com https://*.googleapis.com *.googleapis.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.intercomcdn.com *.intercomcdn.com https://*.linkedin.com *.linkedin.com https://static.intercomassets.com static.intercomassets.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://bat.bing.com bat.bing.com https://ajax.googleapis.com ajax.googleapis.com https://*.clarity.ms *.clarity.ms https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://*.doubleclick.net *.doubleclick.net https://connect.facebook.net connect.facebook.net https://*.google.com *.google.com https://translate.google.com translate.google.com https://*.googleadservices.com *.googleadservices.com https://*.googleapis.com *.googleapis.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.powr.io *.powr.io https://snap.licdn.com snap.licdn.com https://static.hotjar.com static.hotjar.com https://*.visme.co *.visme.co https://widget.intercom.io widget.intercom.io https://js.intercomcdn.com js.intercomcdn.com https://*.youtube.com *.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://hello.myfonts.net hello.myfonts.net https://translate.googleapis.com translate.googleapis.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://*.google.com *.google.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; style-src 'unsafe-inline' 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
frame-ancestors 'self' https://*.salesforce.com 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' doo.net *.doo.net *.db-app.de *.swmh.de www.youtube.com *.ytimg.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.stry.tl *.podigee.com *.licdn.com *.linkedin.com consent-cdn.sv-veranstaltungen.de; object-src 'self'; style-src 'self' 'unsafe-inline' *.doo.net *.db-app.de www.google.com *.stry.tl *.podigee.com; img-src 'self' data: *.doo.net *.db-app.de www.youtube.com *.ytimg.com www.google.com www.google.de www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com *.stry.tl *.podigee.com *.linkedin.com *.vimeo.com *.vimeocdn.com; media-src 'self' www.youtube.com; frame-src 'self' doo.net *.doo.net securepay.swmh.de *.swmh.de *.db-app.de www.youtube.com www.youtube-nocookie.com *.ytimg.com www.google.com www.gstatic.com *.stry.tl *.screenpaper.io *.podigee.com consent-cdn.sv-veranstaltungen.de *.vimeo.com; font-src 'self' data: *.doo.net *.db-app.de www.google.com *.podigee.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com consent-cdn.sv-veranstaltungen.de stats.g.doubleclick.net 1
* 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-servicing.azureedge.net https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com https://www.googleoptimize.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://cdn-servicing.azureedge.net https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com https://optimize.google.com https://www.googleoptimize.com; img-src *; child-src https://mfhcms.assurant.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://mfhcms.assurant.com; frame-src https://optimize.google.com https://www.googleoptimize.com 1
default-src 'self' *.gatewaycu.co.uk www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ;style-src 'self' 'unsafe-inline';img-src 'self' data: *.gatewaycu.co.uk www.gravatar.com umbraco.tv;font-src 'self' *.gatewaycu.co.uk; 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' 'connect-src' *.estout.com data: https://cdn.estout.com https://scripts.sirv.com https://estout.sirv.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com http://maps.googleapis.com http://ajax.googleapis.com 1
font-src 'self' https:; frame-src https:; form-action 'self' https: www.facebook.com; img-src https: data: http:; report-uri https://ba0cf75d0c584cc8ae77dbcd73a93e68@o22121.ingest.sentry.io/6064960; script-src 'self' https://* http://* 'unsafe-eval' 'unsafe-inline'; 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src *.sibelga.be *.youtube.com *.youtube-nocookie.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net prod.sibelga2.marlon.be; img-src * data:; manifest-src prod.sibelga2.marlon.be 'self'; script-src *.sibelga.be 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com *.youtube.com *.youtube-nocookie.com tagmanager.google.com https://snap.licdn.com cookie-cdn.cookiepro.com; style-src prod.sibelga2.marlon.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
base-uri 'self'; default-src 'self' https://*.disquscdn.com *.disquscdn.com https://disqus.com disqus.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net; connect-src 'self' https://disqus.com disqus.com https://*.disqus.com *.disqus.com https://*.disquscdn.com *.disquscdn.com https://*.up2sha.re *.up2sha.re https://cdn.plyr.io cdn.plyr.io https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://analytics.general-changelog-team.fr analytics.general-changelog-team.fr https://www.google-analytics.com www.google-analytics.com; font-src 'self' https://fonts.googleapis.com fonts.googleapis.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.google.com www.google.com https://disqus.com disqus.com https://*.disqus.com *.disqus.com https://*.disquscdn.com *.disquscdn.com https://disqusads.com disqusads.com https://imasdk.googleapis.com imasdk.googleapis.com https://js.stripe.com js.stripe.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://tpc.googlesyndication.com tpc.googlesyndication.com; img-src 'self' https://disqus.com disqus.com https://*.disqus.com *.disqus.com https://*.disquscdn.com *.disquscdn.com https://analytics.general-changelog-team.fr analytics.general-changelog-team.fr https://www.gstatic.com www.gstatic.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://storage.googleapis.com storage.googleapis.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com blob: data:; media-src 'self'; object-src 'self'; script-src 'self' https://analytics.general-changelog-team.fr analytics.general-changelog-team.fr https://www.google.com www.google.com https://www.gstatic.com www.gstatic.com https://disqus.com disqus.com https://*.disqus.com *.disqus.com https://*.disquscdn.com *.disquscdn.com https://imasdk.googleapis.com imasdk.googleapis.com https://s0.2mdn.net s0.2mdn.net https://adservice.google.com adservice.google.com https://cdn.polyfill.io cdn.polyfill.io https://*.googlesyndication.com *.googlesyndication.com https://*.googleapis.com *.googleapis.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://adservice.google.fr adservice.google.fr https://www.googletagservices.com www.googletagservices.com https://partner.googleadservices.com partner.googleadservices.com https://js.stripe.com js.stripe.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://storage.googleapis.com storage.googleapis.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://ajax.googleapis.com ajax.googleapis.com https://*.googletagmanager.com *.googletagmanager.com 'unsafe-inline'; style-src 'self' https://disqus.com disqus.com https://*.disqus.com *.disqus.com https://*.disquscdn.com *.disquscdn.com 'unsafe-inline'; 1
frame-ancestors https://webvisor.com/; 1
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jotfor.ms *.jotform.com *.jotform.io *.jotform.us *.jotformpro.com *.multiview.com *.paypal.com *.paypalobjects.com *.texmed.org *.twimg.com *.twitter.com *.unitednetworksofamerica.com *.yahooapis.com *.zkcdn.net code.jquery.com https://t.co https://feed.jquery-plugins.net *.unitednetworksofamerica.com *.informz.net; frame-src 'self' *; 1
allow; 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com *.vimdeo.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.youtube.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com *.vimeo.com cookiehub.net www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be cookiehub.net fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu cookiehub.net www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com *.vimeo.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.youtube.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com *.hotjar.com 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-T0RabFl6TmpaakUyWXpkbU5qWXc=' app.cobrowser.com 'nonce-TkRRNU5USXdNalk0WTJVMlltUTI=' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.duiven.nl 'nonce-WkRJMVpERTJNVGM0Tnpoak5HTTA=' 'nonce-WXprd05ESXlZakl6WlRJeFpqY3g=' 'nonce-WWpFd09EZGlaalkwWVRnd1l6Rms='; object-src 'self'; style-src 'self' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' app.cobrowser.com 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com 'nonce-WkRneU1qSmlPV1kyWTJFMFpHRmo=' fonts.googleapis.com; img-src 'self' data: app.cobrowser.com *.readspeaker.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.duiven.nl www.gstatic.com *.ytimg.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.duiven.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com app.cobrowser.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' app.cobrowser.com wss://app.cobrowser.com *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.duiven.nl fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://button.kcmsurvey.com https://chart.googleapis.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; img-src 'self' data: blob: https://www.kcmsurvey.com https://chart.googleapis.com https://translate.google.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; style-src 'self' 'unsafe-inline' https://www.kcmsurvey.com https://button.kcmsurvey.com https://fonts.googleapis.com https://translate.googleapis.com https://www.google.com *.gstatic.com ; font-src 'self' data: ; object-src 'none' ; report-uri https://www.kcmsurvey.com/callbacks/csp_violation/report.php 1
1;mode=block 1
frame-ancestors 'self' *.gva.es ; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.gravatar.com https://*.google-analytics.com https://*.googleapis.com https://translate.google.com https://connect.facebook.net https://ws.sharethis.com; connect-src 'self' https://translate.googleapis.com; frame-src 'self' https://*.facebook.com https://*.youtube.com https://*.google.com https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://www.facebook.com https://*.paypalobjects.com https://*.abmr.net https://*.googleapis.com https://*.gstatic.com https://*.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 1
base-uri 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com; child-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com gap: data:; frame-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com gap: data:; connect-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com; default-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com data:; img-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com data: blob:; media-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com; object-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com data:; script-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com 'unsafe-inline'; frame-ancestors 'self' www.google-analytics.com www.googletagmanager.com www.phenc.nl phenc.nl outpsa001.blob.core.windows.net outpsapublic001.blob.core.windows.net osprd.shift.phenc.nl www.pingvp.com phenc.pingvp.com static.hotjar.com gstatic.com fonts.gstatic.com consent.cookiebot.com gap: data:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=DpHiPVs8kxKv56hAweW1GCmHvBXzcW1obYeZHYRz2dZuw3C9BRl73QAdtD3sX9rrLXFBdRcUhLMBhBsogbNXnw%3D%3D; 1
default-src 'self'; frame-ancestors 'self'; 1