Values for x-content-security-policy: default-src 'self'; img-src *; media-src * data:; 1,150 frame-ancestors 'self' 447 allow 'self'; 91 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 63 default-src 'self'; script-src 'self'; 50 img-src *; media-src * data:; 49 report-uri /report-csp-violation 48 upgrade-insecure-requests; 37 report-uri /report-csp-violation; upgrade-insecure-requests 36 default-src 'self' 'unsafe-inline' 35 default-src 'self' 29 default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 23 default-src 'self'; 20 frame-ancestors 'none' 17 self 17 allow 'self'; media-src *; img-src *; script-src *; style-src *; 14 upgrade-insecure-requests 13 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; reflected-xss block; upgrade-insecure-requests; 13 sandbox allow-scripts allow-popups allow-same-origin; 12 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 11 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 11 block-all-mixed-content 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 10 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 10 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 9 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com 8 frame-ancestors https://*.marketo.com 8 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 8 8 allow-scripts allow-popups allow-same-origin; 7 nosniff 7 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 7 frame-ancestors 'self' weleda.sabio.de 7 frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 7 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 6 frame-ancestors * 6 default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 6 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 6 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 6 frame-ancestors 'self'; 6 frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 5 default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 5 default-src https: data: 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors https://app.storyblok.com/ 5 frame-ancestors 'self' *.volusion.com 5 frame-src * 5 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 4 base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 4 script-src 'self' 4 default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com https://sst.metanet.ch https://pagesense-collect.zoho.eu https://salesiq.zohopublic.eu wss://vts.zohopublic.eu https://vts.zohopublic.eu https://pagead2.googlesyndication.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com https://css.zohocdn.com https://pagead2.googlesyndication.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net https://pagead2.googlesyndication.com; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net https://pagesense-collect.zoho.eu https://pagead2.googlesyndication.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net https://sst.metanet.ch https://cdn-eu.pagesense.io https://salesiq.zohopublic.eu https://js.zohocdn.com https://js.zohostatic.eu https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com https://css.zohocdn.com https://css.zohostatic.eu https://pagead2.googlesyndication.com 4 frame-ancestors www.red-gate.com; 4 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 4 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/skey/558ec00c6ab34073c96015172684209a 4 frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com https://eu-dg.knowmax.ai; 4 allow 'self'; options inline-script eval-script; frame-ancestors 'self' 4 default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com 'unsafe-inline' 'unsafe-eval' data: 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 4 img-src ; media-src data:; 4 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 4 script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors *; form-action *;media-src *; default-src 'self' www.optimizecdn.com; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; frame-src *; connect-src *; 4 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 4 default-src "self"; img-src *; media-src * data:; 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 4 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 3 style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://app.guestoo.de https://my.visme.co 3 default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://avm.de https://*.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com ; media-src 'self' *.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com blob: data: ; font-src 'self' https://avm.de https://*.avm.de https://fonts.gstatic.com data: ; style-src 'self' avm.de *.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' avm.de *.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com wss://widget-mediator.zopim.com ; script-src 'self' avm.de *.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com pod-28.zendesk.com https://widget-mediator.zopim.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' avm.de *.avm.de https://player.vimeo.com https://www.youtube-nocookie.com ; frame-ancestors 'self' avm.de *.avm.de 3 frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 3 worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 3 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 3 frame-ancestors https://*.randstad.es; 3 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self' 'sha256-UQBytKn0DQWyDg5/YC+FaQxonSsbQk4k0ErDHqBuhfw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self' 3 base-uri 'self';child-src 'self';connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.bethematch.org;frame-ancestors 'self' https://*.bethematch.org https: data:;frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3 script-src 'self'; 3 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 3 frame-ancestors 'self' localhost:* *.tason.com 3 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3 frame-ancestors https://teams.microsoft.com *.microsoft.com *.live.com *.outlook.com *.office365.com *.office.com *.cloud.microsoft 3 frame-ancestors *; report-uri /report-csp-violation 3 default-src 'self' ws: wss: blob: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com; font-src 'self' 'unsafe-inline' data: http://cdn.storelocatorwidgets.com http://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com webchat.keyreply.com fonts.gstatic.com kit-free.fontawesome.com https://edge.addthis.com; connect-src 'self' ws: wss: blob: https://geocode.arcgis.com https://log.storelocatorwidgets.com https://b.tiles.expressmaps.com https://a.tiles.expressmaps.com http://markers.storelocatorwidgets.com https://markers.storelocatorwidgets.com https://tiles.expressmaps.com wss://nhg.app.keyreply.com nhg.app.keyreply.com maps.googleapis.com www.google-analytics.com https://v1.addthis.com m.addthis.com https://edge.addthis.com https://api-public.addthis.com https://l.sharethis.com https://datasphere-sbsvc.sharethis.com https://bcp.crwdcntrl.net; frame-src 'self' www.google.com youtu.be www.youtube.com http://s7.addthis.com https://edge.addthis.com https://www.nhgp.com.sg http://t.sharethis.com; frame-ancestors 'self'; img-src * data: maps.gstatic.com *.googleapis.com *.ggpht.com *.storelocatorwidgets.com blob: https://www.wh.com.sg https://cmswh.com.sg; media-src 'self' data: keyreply.blob.core.windows.net youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss: blob: data: https://geocode.arcgis.com https://tiles.expressmaps.com ajax.googleapis.com https://cdn.storelocatorwidgets.com http://cdn.storelocatorwidgets.com maps.googleapis.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://www.wh.com.sg https://cmswh.com.sg https://platform-api.sharethis.com https://t.sharethis.com ; script-src-elem 'self' 'unsafe-inline' ws: wss: blob: https://geocode.arcgis.com/ http://loc.storelocatorwidgets.com/ www.googletagmanager.com www.youtube.com ajax.googleapis.com cdn.storelocatorwidgets.com nhg.app.keyreply.com maps.googleapis.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://platform-api.sharethis.com https://api.mapbox.com; style-src 'self' 'unsafe-inline' data: ajax.googleapis.com s7.addthis.com http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://edge.addthis.com nhg.app.keyreply.com maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com; object-src 'self' youtu.be www.youtube.com https://api.mapbox.com; 3 default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 3 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 3 reflected-xss block 3 default-src 'self' *.optimizely.com wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 3 frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allrecipes.com 2 frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 2 connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.ew.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.eatingwell.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 2 base-uri 'self'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;block-all-mixed-content;object-src 'self';frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io *.stripe.com;frame-ancestors 'self'; 2 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2 script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self' 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.myrecipes.com 2 default-src *.ddev.site *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ingest.sentry.io *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' wss://genii-messages.tolk.ai; block-all-mixed-content; font-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; frame-src *.ddev.site *.adform.net *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.tiktok.com *.tolk.ai *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org *.x.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; img-src *.ddev.site *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline'; script-src *.ddev.site *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://tarteaucitron.io inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline' 2 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com 'self' https://webapps.itmc.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 'self' 2 ALLOW-FROM https://app.storyblok.com https://*.saleshood.com *.saleshood.com https://*.navattic.com 2 default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://eoy-appeal-2024-2.raisely.com/ https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://*.qualtrics.com/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/ https://open.spotify.com/; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/ https://prod-donation-form.vercel.app/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/; frame-ancestors 'self' pages.sitecorecloud.io https://beyondblue-npsp.my.salesforce-sites.com; 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; child-src 'self'; font-src 'self' data; form-action https:; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; worker-src 'none' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se audience.ws.apsis.one; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'  2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com intermezzo-coop.eu:* *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net *.ada.support *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.wikimedia.org *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2 base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 2 child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com; connect-src 'self' pi.pardot.com go.jaggaer.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com www.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org app.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self' blob: *.qualified.com; upgrade-insecure-requests; 2 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2 default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2 frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.hlisb.com.my https://www.hlb.com.kh https://www.hlbank.com.sg https://www.hlbank.com.vn https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my https://10.103.8.91 wss://10.103.8.91 2 frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googletagmanager.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googletagmanager.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; font-src 'self' data:; report-uri /report-csp-violation 2 default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2 block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2 connect-src 'self' 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: * 2 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 2 default-src https: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2 block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; upgrade-insecure-requests 2 default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /report-csp-violation 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.vimeo.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com *.player.vimeo.com *.viralsweep.com js.adsrvr.org cdn.userway.org *.vimeo.com analytics.tiktok.com *.pinterest.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com *.vimeo.com 2 frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2 base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob:;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2 style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://webmessaging.usw2.pure.cloud/v1 wss://cobrowse-v2.usw2.pure.cloud; 2 default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net data:; object-src 'none'; 2 block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2 frame-ancestors 'none'; 2 default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.technipenergies.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://d3js.org; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com https://d3js.org; img-src 'self' data: *; frame-src 'self' https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com https://tools.eurolandir.com https://fr.zone-secure.net https://*.ten.com https://*.technipenergies.com; frame-ancestors 'self' https://*.ten.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com; report-uri /report-csp-violation 2 default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de web.cmp.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: uct.service.usercentrics.eu app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' web.cmp.usercentrics.eu app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 2 strict-dynamic 2 frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 2 default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2 default-src 'self'; img-src *; media-src * data: 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 2 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 2 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ 2 default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at https://*.google-analytics.com https://*.google.com https://*.google.at https://*.doubleclick.net https://*.youtube.com https://youtu.be https://*.ytimg.com https://*.facebook.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.g.doubleclick.net https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/; report-uri /report-csp-violation 2 img-src * data:; media-src * data: blob:; 2 frame-ancestors https://*.smartrecruiters.com 2 frame-ancestors https://www.degussa-goldhandel.de https://news.degussa-goldhandel.de https://www.degussa-adventskalender.de https://media.degussa-goldhandel.de 2 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2 policy-uri /'none' 2 base-uri 'none';child-src 'none';connect-src 'self' https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://consentcdn.cookiebot.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com/ https://w.soundcloud.com/ https://www.googletagmanager.com/ https://consentcdn.cookiebot.com/ https://td.doubleclick.net/;img-src 'self' data: https://i.ytimg.com https://www.google.nl/ https://www.google.com/ https://imgsct.cookiebot.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.googletagmanager.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/;style-src 'self' 'unsafe-inline';worker-src 'self'; 2 frame-ancestors 'self' https://app.storyblok.com/ 2 default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org https://storage.pardot.com/961942/1714040807BiAtzoZM/attribution_engine.min.js https://pt.onelineage.com/l/961942/2024-04-25/5n7n9/961942/1714040807BiAtzoZM/attribution_engine.min.js *.zi-scripts.com *.datadoghq-browser-agent.com *.vimeo.com js.zi-scripts.com *.zoominfo.com *.clickagy.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com; img-src 'self' data: *.crazyegg.com acsbapp.com *.acsbapp.com *.gstatic.com *.googleapis.com https://cdn.cookielaw.org/logos/static/ot_close.svg https://cdn.cookielaw.org/logos/00ede55a-7822-413c-a767-b17482b93176/6a9f63ca-67d4-447a-846e-044d865079f1/fd22dd1b-b5d9-4bdc-803d-bb78e0f32fd3/lineage_logo.png https://cdn.cookielaw.org/logos/static/powered_by_logo.svg https://id.rlcdn.com/464526.gif *.company-target.com *.everesttech.net *.linkedin.com *.bing.com *.doubleclick.net *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.casalemedia.com *.adnxs.com *.openx.net *.rubiconproject.com *.yahoo.com *.pubmatic.com *.bluekai.com *.cookielaw.org *.clickagy.com *.agkn.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com https://airtable.com/ player.vimeo.com *.googletagmanager.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://browser-intake-us5-datadoghq.com *.zi-scripts.com *.zoominfo.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com *.clickagy.com; report-uri /report-csp-violation 2 default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2 default-src 'self' *.region1.google-analytics.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://api2.abtasty.com try.abtasty.com *.region1.google-analytics.com *.analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gstatic.com z.moatads.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; connect-src 'self' https://measurement-api.criteo.com https://mtmvxcv.pa-cd.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gtm.js wss://*.bing.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://comptoir.jobs.beetween.com; img-src 'self' https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.google.com editor-assets.abtasty.com *.contentsquare.net https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com data: *; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://gum.criteo.com https://qa-assistant.abtasty.com try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; font-src 'self' data: fonts.gstatic.com common-fonts.abtasty.com; frame-src 'self' https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://bid.g.doubleclick.net https://qa-assistant.abtasty.com csxd.comptoirdesvoyages.fr *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; object-src 'none' 2 base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sdk.privacy-center.org https://api.privacy-center.org https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io https://api.widget.botmind.ai https://matomo.123roulement.com https://matomojs.trackify.info https://checkoutshopper-live.adyen.com https://checkoutshopper-live.cdn.adyen.com https://checkoutanalytics-live.adyen.com 2 frame-ancestors https://*.procampaign.net 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://*.stripe.com/ https://leadbooster-chat.pipedrive.com/ https://*.idea-commerce.com https://www.googleadservices.com; img-src 'self' data: blob: https://www.paypalobjects.com/ https://www.google.pl/; object-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/; 2 default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 2 default-src 'none'; img-src 'self'; script-src 'self'; 2 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 2 default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://www.twitter.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; 2 default-src 'self' *.google.com *.axa-assistance.cz *.axa-assistance.sk *.axa-assistance.pl *.axa-assistance.at *.axa-assistance.hu 2 default-src 'self' https://www.chatbase.co/ https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://www.chatbase.co/ https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self'; frame-src 'self' https://www.chatbase.co/ *.stage.ueberbit.de *.prev.ueberbit.de https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/ https://lv.dialoglabor.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 2 default-src 'self'; frame-src 'self' https://gssapps.ebscohost.com/hee/searchboxes/nhs_athensonly.html https://www.youtube-nocookie.com *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com https://forms.office.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js https://www.youtube.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net *.google.com 2 default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 2 img-src * data: 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com unpkg.com consentcdn.cookiebot.com consent.cookiebot.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app consentcdn.cookiebot.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com consentcdn.cookiebot.com consent.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2 default-src 'self'; style-src 'self' 'unsafe-inline' 2 default-src 'self' *.pinimg.com *.pinterest.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;font-src 'self' data: fonts.gstatic.com *.zbozi.cz *.cj.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.clarity.ms *.smartlook.cloud *.smartlook.com *.tiktok.com *.permutive.com *.teads.tv *.prmutv.co *.adnxs.com *.gjirafa.tech *.gjirafa.net *.mczbf.com *.sjwoe.com *.zbozi.cz *.foxentry.cz *.bing.com *.apple.com apple.com iplatebnibrana.csob.cz api.ipify.org *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googlesyndication.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.facebook.net *.imedia.cz *.gstatic.com *.heureka.cz *.heureka.sk *.hotjar.com *.adform.net *.teads.tv *.clarity.ms *.smartlook.cloud *.smartlook.com *.etargetnet.com *.tiktok.com *.permutive.com *.gjirafa.net *.doubleclick.net *.mczbf.com *.zbozi.cz *.seznam.cz *.cj.com https://glamipixel.com *.foxentry.cz *.foxentry.com *.bing.com *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googleadservices.com *.glami.cz *.glami.sk *.licdn.com *.linkedin.com im9.cz *.seznam.cz *.zbozi.cz *.googlesyndication.com;form-action 'self' *.facebook.com *.facebook.net ;frame-src 'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz;worker-src 'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz;frame-ancestors 'self' ;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.facebook.com *.imedia.cz im9.cz *.teads.tv *.seznam.cz *.clarity.ms *.adnxs.com www.zasilkovna.cz www.zasielkovna.sk *.packeta.com *.bing.com *.fg.cz *.zbozi.cz *.mczbf.com *.kdukvh.com *.emjcd.com *.dotomi.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.glami.cz *.glami.sk *.heureka.cz *.heureka.sk;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.gstatic.com www.googletagmanager.com *.zbozi.cz *.cj.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;object-src 'self' 2 default-src 'self'; block-all-mixed-content; connect-src sentry.trexima.sk 'self' https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.googlesyndication.com https://*.doubleclick.net https://ct.leady.com https://t.leady.com https://ads.worki.sk; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com https://trexima.ladesk.com https://2-vbus-de.ladesk.com videoservis.tasr.sk www.youtube.com www.facebook.com https://*.doubleclick.net https://*.googlesyndication.com https://*.ladesk.com; img-src 'self' data: *.googleusercontent.com *.worki.sk http.cat http.dog https://*.facebook.com https://*.google.com https://*.google.sk https://*.googletagmanager.com https://*.googlesyndication.com https://*.gstatic.com https://cdn-cookieyes.com https://*.doubleclick.net https://trexima.ladesk.com https://ct.leady.com https://t.leady.com via.placeholder.com; manifest-src 'self' https://dev.worki.sk/ https://dev.worki.sk/site.webmanifest https://stage.worki.sk/ https://stage.worki.sk/site.webmanifest https://www.worki.sk/ https://www.worki.sk/site.webmanifest https://*.worki.sk/*; script-src 'self' ajax.googleapis.com code.jquery.com www.google.com https://*.facebook.net https://*.facebook.com 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.googleadservices.com https://*.doubleclick.net/ https://cdn-cookieyes.com/ https://*.googlesyndication.com https://trexima.ladesk.com https://ct.leady.com https://ads.worki.sk; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com/; report-uri /nelmio/csp/report 2 default-src 'self' 'unsafe-inline'; img-src https://* 2 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; 2 allow 'self' 2 frame-ancestors DENY 2 frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 2 default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.people.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' * 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1 default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-WwO9ngeX9Yy4qLpHa+olWQ=='; style-src 'self' 'unsafe-inline' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.realsimple.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.popupsmart.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com fonts.googleapis.com https://cdn.popupsmart.com; img-src 'self' data: https://*; media-src 'none'; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.mapbox.com https://www.youtube.com https://youtu.be https://app.powerbi.com *.un.org https://cdnapisec.kaltura.com; frame-ancestors 'self'; child-src 'self' blob: https:; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.instyle.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 1 default-src 'self' *.destatis.de *.bewacherregister.de; base-uri 'self' *.bewacherregister.de; connect-src 'self' *.destatis.de interamt.de piwik.itzbund.de *.itzbund.de *.bewacherregister.de; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de *.bewacherregister.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net c19.bundesbots.de *.bewacherregister.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de c19.bundesbots.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.destatis.de piwik.itzbund.de c19.bundesbots.de ; child-src blob: *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ c19.bundesbots.de www9.idev.nrw.de www.idev.nrw.de storymaps.arcgis.com stba.maps.arcgis.com *.dashboard-deutschland.de shinymikrosimapp.azurewebsites.net start.video-stream-hosting.de data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com *.destatis.de piwik.itzbund.de c19.bundesbots.de *.bewacherregister.de; frame-ancestors 'self' *.destatis.de statistikportal.bwl.doi-de.net *.statistikportal.de ; upgrade-insecure-requests; 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-/35BJi2UUvyVKsFngTqYkEB8S9rep9tom6gsmr4crR8n+rIl'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.shape.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net *.sentry-cdn.com *.adobedtm.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com *.wistia.com; img-src 'self' www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms id.rlcdn.com segments.company-target.com tags.srv.stackadapt.com ad.doubleclick.net www.google.co.in *.prod.acquia-sites.com *.apple.com *.advanceinsurance.com data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.wistia.net *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com bcbsks.data.adobedc.net adobedc.demdex.net; upgrade-insecure-requests 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1 default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1 default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/ https://to.go.saleswingsapp.com/ https://tr.snapchat.com https://tr6.snapchat.com/p; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ 'sha256-9MlVOFgVL3vdQAQf3KXlQN3k3Da5b6nXBLN7fBwtG0g=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-HafXvaQJap18P9Lg3EQgSuF7N0M0NF/Wda0deflYZTI=' 'sha256-xK2ILyn56eGOiSmkE5xNp8IyiLb82KhtFoksRMn+2+8=' 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' 'nonce-173767203714500' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js https://platform.twitter.com https://challenges.cloudflare.com; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/ https://www.googletagmanager.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; upgrade-insecure-requests 1 connect-src * 'self' 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com; object-src *.brsimg.com *.boursobank.com 1 frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1 object-src none 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.peopleenespanol.com 1 default-src 'self' http: https: go.addigy.com https://*.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com https://*.pantheonsite.io wss://ws.hotjar.com;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: pages.addigy.com;img-src 'self' data: https://app-app.addigy.com https://www.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://aorta.clickagy.com https://b.sf-syn.com https://dev.visualwebsiteoptimizer.com https://alb.reddit.com https://forms.hsforms.com https://track.hubspot.com https://*.linkedin.com https://ps.eyeota.net https://match.adsrvr.org https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://ml314.com https://obseu.bzcclandlord.com https://cm.g.doubleclick.net;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1 frame-ancestors 'self' *.iza.org; 1 default-src 'none'; connect-src 'self' kraken.rambler.ru wss://messenger.online.sberbank.ru stat.tildacdn.com sysstat.tildacdn.com mc.yandex.ru gist.githubusercontent.com feeds.tildacdn.com; font-src 'self' data: fonts.gstatic.com static.tildacdn.com; frame-src 'self' youtube.com rutube.ru my.mail.ru vk.com mc.yandex.ru e.infogram.com; img-src 'self' data: 'unsafe-inline' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net kraken.rambler.ru mc.yandex.ru; manifest-src 'self'; script-src 'self' googleads.g.doubleclick.net api-maps.yandex.ru mc.yandex.ru 'unsafe-inline' yastatic.net st.top100.ru core-renderer-tiles.maps.yandex.net 'unsafe-eval' static.tildacdn.com unpkg.com cdnjs.cloudflare.com e.infogram.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /nelmio/csp/report 1 base-uri 'none'; default-src 'none'; script-src 'unsafe-inline' 'self' https://snap.licdn.com/ https://static.oktopost.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://js.hs-scripts.com/ https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com https://okt.to https://*.hs-banner.com/ https://*.hs-analytics.net https://*.headspixel.net https://*.hsadspixel.net/ 'nonce-d01ff4d6fd025b02a9aa794c68b83f0ceb2b4e17caa8' 'nonce-21bfeb0255f7430591cce48e6cd3cb514d8a7d0ff320' 'nonce-51b77c54feec5baa8047e2ac009247dd2bd79df8a360' 'nonce-4bfffeadf25de5d4bc310a94e920c05a301bbcf0b9f8' 'nonce-767059264d4ccc6d00ccbbd856347aef7b950a69fe92'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://*.ytimg.com https://okt.to/ https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.google-analytics.com/ https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.learnreligions.com 1 frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com nbcolympics.com 1 X-Content-Security-Policy 1 frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://cdn.popupsmart.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://connect.facebook.net https://partner.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com fonts.googleapis.com https://www.google.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://cdn.popupsmart.com https://use.fontawesome.com; img-src 'self' data: https://*; media-src 'self' data: https://mvsfservicefabricusva.blob.core.windows.net; frame-src 'self' https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://embed.mediavalet.com *.un.org https://cdnapisec.kaltura.com https://datawrapper.dwcdn.net https://app.powerbi.com https://vimeo.com https://player.vimeo.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://*; report-uri /report-csp-violation 1 frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 1 frame-ancestors 'self' bam.harri.com harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com new.harri.com fr.new.harri.com es.new.harri.com ru.new.harri.com de.new.harri.com pl.new.harri.com ar.new.harri.com tr.new.harri.com internal-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com internal-temp-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com live.harri.com liveschedule.harri.com; 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1 default-src https:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' http: www.google-analytics.com ajax.googleapis.com; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.agriculture.com 1 frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1 frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1 base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-BRjGhV6bLex3kiS74zhNpg==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1 script-src 'nonce-144b9a34-1382-43c6-99db-097cca681047' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1 default-src 'self'; script-src 'self' https://youtube.com/ https://cnes.matomo.cloud/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io ; object-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com ; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io/css/ cdn.tarteaucitron.io/css/ https://fonts.googleapis.com/; img-src 'self' data: https://i.ytimg.com https://*.tile.openstreetmap.fr 'unsafe-inline' https://tarteaucitron.io/log/ tarteaucitron.io/log/; media-src 'self' https://podcast.cnes.fr/ https://www.podcast.cnes.fr/; frame-src 'self' https://youtube.com https://www.youtube.com player.vimeo.com youtube.com www.youtube.com https://youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; frame-ancestors 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://tarteaucitron.io/ tarteaucitron.io https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io; child-src 'self' https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; connect-src 'self' 'unsafe-inline' https://cnes.matomo.cloud/ https://cdn.matomo.cloud/cnes.matomo.cloud/ https://tags.data-driven.fr cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1 default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect https://*.googleapis.com *.googleapis.com https://*.firebaseio.com *.firebaseio.com; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com apis.google.com https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1 default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi s3.eu-west-1.amazonaws.com/files.roidu.com/vero-mrs/ https://public.flourish.studio/ https://fonts.googleapis.com/ customer.cludo.com; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai data.reactandshare.com https://public.flourish.studio/; media-src 'self'; font-src 'self' https://public.flourish.studio/; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai cdn.reactandshare.com data.reactandshare.com mrs-p.s3.eu-west-1.amazonaws.com https://public.flourish.studio/ *.monitor.azure.com *.cdn.applicationinsights.io customer.cludo.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai data.reactandshare.com *.roidu.com *.in.applicationinsights.azure.com js.monitor.azure.com api.cludo.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com https://public.flourish.studio/; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1 frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org 1 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.bitrix24.ru *.roistat.com privacy-cs.mail.ru top-fwz1.mail.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1 default-src 'self'; script-src 'report-sample' 'self' https://contaazul.my.salesforce.com/embeddedservice/5.0/client/liveagent.esw.min.js https://d.la1-c2-ia4.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://d.la1-c2-ia5.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://www.googletagmanager.com/gtag/js; style-src 'report-sample' 'self' https://contaazul.my.salesforce.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://contaazul.my.salesforce.com; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://653a851cb68e7c6a2aefe900.endpoint.csper.io/?v=0; worker-src 'self'; 1 default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com youtu.be *.youtu.be gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net *.g.doubleclick.net addthis.com *.addthis.com 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com www.googleadservices.com www.google.com *.googleadservices.com *.google.com googleads.g.doubleclick.net bid.g.doubleclick.net *.g.doubleclick.net snap.licdn.com *.snap.licdn.com *.licdn.com p.adsymptotic.com *.adsymptotic.com *.googlesyndication.com googlesyndication.com cdn.linkedin.oribi.io www.google.com.eg *.google.com.eg *.mainstay.com addtoany.com *.addtoany.com googleapis.com *.googleapis.com noembed.com *.noembed.com plyr.io *.plyr.io cdn.jsdelivr.net *.clarity.ms surveymonkey.com *.surveymonkey.com; report-uri /report-csp-violation 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com bat.bing.net *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de *.moviexchange.com unpkg.com; block-all-mixed-content 1 default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1 default-src 'self'; script-src 'self' 1 base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-h7wmgRYPmeKWfdCl' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.*;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1 default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com *.imaginativeenterprising-intelligent.com *.mouseflow.com *.clarity.ms *.publuu.com *.buzzsprout.com *.lfeeder.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com *.cloudflare.com *.avl-marketing.com *.clarity.ms *.amazonaws.com *.lfeeder.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at *.publuu.com publuu.com *.buzzsprout.com publications.avl.com www.googletagmanager.com; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com *.mouseflow.com *.cloudflare.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com *.mouseflow.com *.clarity.ms bat.bing.com; report-uri /report-csp-violation 1 frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1 default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com *.onelink-edge.com googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com cdn.linkedin.oribi.io *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com www.googleadservices.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com cdn.userway.org; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net ad.doubleclick.net *.google.ca *.gstatic.com *.googletagmanager.com; media-src 'self' 'unsafe-inline' youtube.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com onelink-edge.com googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com bid.g.doubleclick.net *.company-target.com youtu.be; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com *.onelink-edge.com googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com cdn.linkedin.oribi.io *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com *.linkedin.com *.google.com *.g.doubleclick.net *.analytics.google.com *.google.ca *.demandbase.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' *.crazyegg.com https://www.clarity.ms https://*.clarity.ms 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://93903118.adoric-om.com/adoric.js cdn.pushcrew.com *.crazyegg.com https://script.crazyegg.com https://www.youtube.com https://bat.bing.com https://bat.bing.com/bat.js https://www.youtube.com/s/player/652ba3a2/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/s/player/9135c2ab/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__en.js https://www.google.com/recaptcha/api.js https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com http://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com http://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com http://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://static.adoric.com/adoric.v9.11.min.css *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://dev.visualwebsiteoptimizer.com/static/latest/styles/themes/light-1975c1b85dd0e3c2ab714e934485e6dc.css https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://e.clarity.ms/collect https://app.adoric-om.com https://www.google.com https://r3.visualwebsiteoptimizer.com https://s.clarity.ms/collect https://u.clarity.ms/collect https://q.clarity.ms/collect https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://script.crazyegg.com https://v.clarity.ms/collect https://z.clarity.ms/collect https://i.clarity.ms/collect https://bat.bing.com https://pagead2.googlesyndication.com https://r.clarity.ms/collect https://d.clarity.ms/collect https://h.clarity.ms/collect https://api.nelioabtesting.com https://googleads.g.doubleclick.net/pagead/landing https://b.clarity.ms/collect https://www.google.com/pagead/landing https://l.clarity.ms/collect https://k.clarity.ms/collect https://j.clarity.ms/collect https://a.clarity.ms/collect https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com http://play.vidyard.com https://play.vidyard.com http://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com https://brandfolder.com https://aurora.videojet.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.crazyegg.com https://ce-user-images.s3.amazonaws.com https://r3.visualwebsiteoptimizer.com https://cdn.videojet.com https://bat.bing.com https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.videojet.com https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' blob: https://www.videojet.com/8f800ce3-8244-4b89-89b5-f03508f5a826 https://www.videojet.com/17d37230-7797-4321-a585-61ea33fad9f3 https://www.videojet.com/cc4a4225-3925-4a45-9842-5933b7d1004b https://www.videojet.com/56d54f80-c9ab-4331-b33f-e06b66dc3b0d https://www.videojet.com/4a05e78f-8c13-4b73-b62e-cf1df09d0daf https://www.videojet.com/450800d5-f8dd-4adc-9cee-572a40fcf72d https://www.videojet.com/77112999-e527-4268-a2e0-3fc213b55130 https://www.videojet.com/35be1011-2e28-417c-8a5e-7f73009dc4f4 https://www.videojet.com/852f27a1-4c63-4e96-b551-09b8f4c8fec9 https://www.videojet.com/7f16fe24-41b5-48db-84d6-22eba56fbc4b https://www.videojet.com/0b2010b5-5b14-4954-8230-e5816ffb81e5 https://www.videojet.com/346cc51c-f115-4697-9b12-446a731a14ce https://www.videojet.com/16590a3a-1258-41d0-aa21-eb1844b7c560 https://www.videojet.com/b6d93fc6-05bb-4ce9-9e4a-80cf090dc381 https://www.videojet.com/64a77bc7-a7fe-4ba2-93d4-9c66636966c6 https://www.videojet.com/37656ea4-dd66-4da7-9bc8-0e8454b7f99d https://www.videojet.com/0c3580f6-3734-462d-b2b3-ec419e4341aa https://www.videojet.com/af68f78b-610e-437a-b4b5-72e77a2e56cb https://www.videojet.com/0a433153-d644-4a90-9e9d-2a6798084d16 https://www.videojet.com/5fb9fe23-9ef9-4843-a751-337ccd9d9ff7 https://www.videojet.com/176f0f62-9ad1-4968-a8c0-bf0cef77d9df https://www.videojet.com/01e5614d-ef9b-4ee9-aabf-d467a15efe37 https://www.videojet.com/d0efd544-1d21-412c-b5df-f4bb1e962a0e https://www.videojet.com/41077642-ba17-4a59-8c15-b88998d01515 https://www.videojet.com/f5dcab1f-c82e-4e77-a4a3-bda49f73c4b8 https://www.videojet.com/2714c20b-65e2-44de-b392-7de6d9ed1d0b https://www.videojet.com/00d52daf-2ce5-43d5-8aa5-bada1ae6bb35 https://www.videojet.com/c2a9034a-2113-47b0-95e0-ba70f153ada0 https://www.videojet.com/5e605692-361b-4b3b-8e35-f390a089aec5 https://www.videojet.com/8c980ae2-aee2-49ae-a310-01d4ec69b200 https://www.videojet.com/93a2e38a-1795-4548-a9d5-77016b60d2da https://www.videojet.com/da4bf386-65f8-48d1-9320-7bc8baffb942 https://www.videojet.com/27924d43-ac34-4b4f-9dc8-8c4044b64419 https://www.videojet.com/053c2f2d-12c6-4c7a-ad65-dc3a9fa37e11 https://www.videojet.com/8a8ed960-d9e4-4e75-bcee-b10b973e5538 https://www.videojet.com/4b26b4de-e236-45b4-a332-dcbcab49a215 https://www.videojet.com/6589a4db-4107-48fe-b7ec-a64dfde8efe4 https://www.videojet.com/90e5c3a7-ace9-4cfd-850c-a7cf3bb63a7f https://www.videojet.com/876a4b1e-29d5-4aa9-b700-d19e22919ab3 https://www.videojet.com/be48ff17-3c5f-4363-a81d-fc019f7989d9 https://www.videojet.com/b513495a-d5af-406f-956b-ea8f707d3c83 https://www.videojet.com/9412d8a5-1a32-4101-8a63-6b1f6e039630 https://www.videojet.com/a05777b4-dd1a-4c6c-b531-2f6723deae8d https://www.videojet.com/8d61af98-d917-4429-94b1-0936842ac333 https://www.videojet.com/c134f1fc-70df-4ad4-a498-20f0037e8c5c https://www.videojet.com/c17d1145-be66-4f9c-b6eb-92acdfcf315d https://www.videojet.com/7e685416-f3f7-4121-a4f1-174f7f0c3bec https://www.videojet.com/c696b255-535b-4608-81b7-39e0806df13a https://www.videojet.com/61bd0fb4-b015-40bb-96c9-130e3b985be0 https://www.videojet.com/46892d75-c151-4707-b51c-2292d2d6d65f https://www.videojet.com/f118d694-df45-4bcf-bd4d-aab3b7aeee33 https://www.videojet.com/48017537-929e-4ad5-9757-e67b262d45df https://www.videojet.com/117795bb-b988-48b3-9b0f-5db989c4b691 https://www.videojet.com/1cafafe3-39ff-4f4f-b692-5e038933fc7d https://www.videojet.com/b0936365-29d0-426c-ae87-760d4b3613da https://www.videojet.com/14adb335-c443-4497-ba6a-62aeec9d5f68 https://www.videojet.com/22033d11-8285-45c6-9096-42f6f039514c https://www.videojet.com/d006e5b8-84f5-4676-9727-f926834dcc6c https://www.videojet.com/101e1222-bf33-40be-863f-81ee6807c9c4 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/54d65f82-d9d5-4f40-b356-5ff2bfa1ede5 https://www.videojet.com/c27ea47d-1ace-4499-8f48-dd365c2c2cff https://www.videojet.com/67328adb-ce0e-44d8-89ff-907cec9a9572 https://www.videojet.com/2c5dac11-53be-45bd-a1bf-9158e0c258e9 https://www.videojet.com/6c37e40f-eef0-425f-afd2-07cf2902f0c8 https://www.videojet.com/b03ab104-a4cc-490a-8c46-1e6ec48ab5ab https://www.videojet.com/043af784-9c5c-4edd-bff3-38c5eb2f5768 https://www.videojet.com/3585e1e8-d56e-4662-92db-efd1a3f74c40 https://www.videojet.com/3dbad550-e88f-4360-b5d8-9c9281e07435 https://www.videojet.com/095ee2b7-26bc-4836-8d0a-74706fecb366 https://www.videojet.com/00ad9452-3529-4ce0-9ed6-1eaff508d2e9 https://www.videojet.com/114b0a18-57c7-4663-9c1a-527928629afc https://www.videojet.com/32e1040a-1837-41a2-a9f0-af59f6b3b271 https://www.videojet.com/429959ec-3e8a-4c07-9fab-c386491ccd9b https://www.videojet.com/3b662cf4-d714-41f9-bc28-e984e2646ec5 https://www.videojet.com/60497885-22f7-4d78-b232-8a03496a511a https://www.videojet.com/975addda-33ab-419b-be30-f8f28cbcbed2 https://www.videojet.com/fdd687c5-3a20-455e-93a8-249ca0be729b https://www.videojet.com/6d404870-636e-4a2e-90c0-23ff00ec0091 https://www.videojet.com/6a51256c-7fc3-48c4-8ba2-4c2fed76f3fd https://www.videojet.com/159c39b4-c875-49e1-afee-1484faed62e2 https://www.videojet.com/489d5d2c-4da2-4d03-ba13-d691b2048e29 https://www.videojet.com/6ef4e507-36a9-4608-b214-b25fc9f3826c https://www.videojet.com/10d5333b-d694-4260-8849-5409a982f4f2 https://www.videojet.com/7f6f422a-f91d-4566-a955-280febef40f0 https://www.videojet.com/642c9f9a-9c7f-48af-a8bc-b11952d37dbf https://www.videojet.com/70a6aac0-b30b-45dc-a2bf-26c7d77b18fc https://www.videojet.com/a671e91f-8658-4818-ba3f-27a99afbe204 https://www.videojet.com/0d0cc83f-b381-4158-8b09-3694096c6fe6 https://www.videojet.com/440cf408-5c40-42b4-a359-749f3acac925 https://www.videojet.com/36214bec-996a-4e05-970a-d241d12f2db8 https://www.videojet.com/926a8753-53b5-4ad4-a62c-4713dbd1c37f https://www.videojet.com/c9d5afaf-a0aa-4db7-b518-d967b3d81b36 https://www.videojet.com/1295068b-cdb0-46ed-819a-deec0a6a36bd https://www.videojet.com/a644a86c-7519-4f37-aea1-b6d2f9fdc74d https://www.videojet.com/3c3628c1-5a46-41af-a537-db43daeef27f https://www.videojet.com/eaee86f7-2def-47cd-a2da-c205fd59ff74 https://www.videojet.com/d474b2a2-dfbd-4839-801c-7bfa3d00d171 https://www.videojet.com/2bc12286-5f03-4415-8f6b-0b18c6c90678 https://www.videojet.com/53cde3ea-2d8d-4289-aa7e-64e16b22c213 https://www.videojet.com/3243adbf-8aa3-4fa5-8666-2ec5bdb6f8b7 https://www.videojet.com/08a2f4c8-c23c-41fa-b029-ea7e111c1514 https://www.videojet.com/3191c924-2f60-4df2-b958-218e0b9b123e https://www.videojet.com/91a64e33-4c05-4b24-b405-a8461f7f1322 https://www.videojet.com/9600bcf4-3d06-4e24-b9af-7acd859cf28a https://www.videojet.com/0a315fd7-f8d2-4b2b-915b-77c4bd3c0217 https://www.videojet.com/7ab9984b-8cab-4783-b2ab-2427d3b33600 https://www.videojet.com/32afd7a5-fa8b-4d05-8146-ef4a0a4369ab https://www.videojet.com/84173372-c53e-4ed0-8ffe-bdbb31359feb https://www.videojet.com/cf6e098c-906f-4e75-b259-dd7e1c6a0786 https://www.videojet.com/d1fc4e99-bda5-42fd-ac03-2b4ec19dc3ac https://www.videojet.com/3e11e14c-6fe1-45e3-b8bd-5f2339b05902 https://www.videojet.com/e25e662a-d923-4559-aee9-e5fa12862a4f; 1 default-src 'self'; script-src 'self'; object-src 'none'; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv https://cdn01.spd.de https://mitgliedwerden.spd.de ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de https://socialwall.spd.de https://cdn01.spd.de https://*.spd.de https://*.openstreetmap.de https://images.admiralcloud.com ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://*.spd.de https://dpa-electionslive.s3.amazonaws.com https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net https://sipg.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://t3prod.admiralcloud.com https://player.admiralcloud.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de https://static.spd.de ; connect-src 'self' https://analytics.spd.de https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de https://mitgliedwerden.spd.de https://static.spd.de ; 1 frame-ancestors 'self' cmsv2.zebrix.net 1 default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; script-src-elem: cdn.dashjs.org; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self' datawrapper.dwcdn.net; 1 base-uri 'self';child-src 'none';connect-src 'self' webpack://* *.algolia.net *.algolianet.com *.adnxs.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io privacyportal-fr.onetrust.com bat.bing.com geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com *.googleadservices.com *.facebook.com googleads.g.doubleclick.net *.hotjar.io *.google-analytics.com metrics.relaischateaux.com *.adyen.com sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self' *.adyen.com *.adyenpayments.com;frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com recaptcha.net www.google.com www.googletagmanager.com *.adyen.com;img-src 'self' data: blob: www.relaischateaux.com maps.gstatic.com maps.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com www.facebook.com ib.adnxs.com *.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com *.googletraveladservices.com *.googletagmanager.com googleads.g.doubleclick.net *.adyen.com *.zemanta.com d1m7xnn75ypr6t.cloudfront.net cdn.worldweatheronline.com loremflickr.com c1.tacdn.com www.tripadvisor.com www.tripadvisor.fr assets.relaischateaux.com;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com recaptcha.net www.gstatic.com www.google.com *.adyen.com *.zemanta.com *.actito.be secure-hotel-tracker.com *.googleadservices.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com *.googletagmanager.com;worker-src 'self';upgrade-insecure-requests ; 1 frame-ancestors https://*.omantel.om 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.dailypaws.com 1 default-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk 'strict-dynamic'; script-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://static.addtoany.com https://www.googletagmanager.com https://px.ads.linkedin.com https://f.vimeocdn.com https://www.google-analytics.com https://*.vimeo.com https://vimeo.com https://snap.licdn.com https://maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; object-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk; style-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk 'unsafe-inline' https://fonts.googleapis.com; img-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://px.ads.linkedin.com https://i.vimeocdn.com https://www.google-analytics.com/collect https://i.ytimg.com https://www.googletagmanager.com data:; media-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk; frame-ancestors 'self' https://*.carlyle.com; child-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk static.addtoany.com *.vimeo.com https://td.doubleclick.net https://www.youtube.com; font-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://fonts.gstatic.com; connect-src *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://www.google-analytics.com/j/collect https://vimeo.com https://px.ads.linkedin.com https://analytics.google.com https://f.vimeocdn.com https://fresnel.vimeocdn.com/add/player-stats https://stats.g.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1 frame-ancestors self; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://thirdiron-assets.s3.amazonaws.com/ https://maps.googleapis.com https://www.youtube.com/ https://www.google.com https://www.gstatic.com/; img-src 'self' data: https://thirdiron.com https://thirdiron-assets.s3.amazonaws.com https://assets.thirdiron.com https://secure.gravatar.com; object-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; frame-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; 1 font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de 'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de; img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1 img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1 default-src https: 1 frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com cdn.jsdelivr.net *.akamaihd.net *.ceros.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net *.facebook.com *.ceros.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1 default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-2ea26f7e2d43377f0b2989dda1aa6888' 'nonce-499dee3b32cb19c7c2e179a67a1c5dac' 'nonce-0f1b572e0090e8dcd0d2646a8bef0d3f' 'nonce-2ac66cf8f3d254fe1157da61b6a59239' 'nonce-6edf24e526c6bd89f1d8ff819f5e113e' 'nonce-751c09d65455fa457402bfdd25b2ca06' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-2ea26f7e2d43377f0b2989dda1aa6888' 'nonce-499dee3b32cb19c7c2e179a67a1c5dac' 'nonce-0f1b572e0090e8dcd0d2646a8bef0d3f' 'nonce-2ac66cf8f3d254fe1157da61b6a59239' 'nonce-6edf24e526c6bd89f1d8ff819f5e113e' 'nonce-751c09d65455fa457402bfdd25b2ca06' 'self' 'unsafe-inline' https: 'report-sample' 1 frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1 frame-ancestors 'self' boomerang.pierreetvacances.com 1 default-src 'self' data: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com nonce-0688f2011cf32c6c471ed4de1e1b983a *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob: www.googletagmanager.com; media-src 'self' data: https: blob:; frame-src 'self' data: blob: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1 frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1 default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1 frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com *.google.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1 frame-ancestors 'self' https://www.genau-lotto.de https://genau-lotto.de https://*.etracker.com 1 default-src *;script-src 'self' 'nonce-rDxtzOyTpBFa6kiuU86O9J8G9Tl2Ddw7A/gpKkrgPXA='; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1 default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.youtube.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com youtu.be *.youtube.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-src 'self' player.vimeo.com *.youtube.com *.youtube-nocookie.com youtu.be *.youtube.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com youtu.be *.youtube.com *.ytimg.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://gtm.zone-secure.net https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/ *.woosmap.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com maps.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com maps.gstatic.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com https://www.centrakor.com/ https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io *.woosmap.com https://purecatamphetamine.github.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/ https://service.zone-secure.net/ *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net;base-uri 'self';media-src 'self' data: *.flbx.io;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1 base-uri 'none';child-src 'none';connect-src 'self' https://www.facebook.com https://www.google.com.ar https://www.google-analytics.com https://analytics.google.com http://static.ads-twitter.com http://script.crazyegg.com http://onelinksmartscript.appsflyer.com https://*.amplitude.com https://www.googletagmanager.com https://facebook.net https://analytics.tiktok.com https://map-handler.qa.playdigital.com.ar https://stats.g.doubleclick.net https://tracking.crazyegg.com https://*.crazyegg.com https://go.botmaker.com https://cdn.freshbots.ai https://www.freshbots.ai https://m-infra.appspot.com wss://ws.botmaker.com *.freshbots.ai *.crazyegg.com *.botmaker.com *.googleapis.com *.playdigital.com.ar *.doubleclick.net;default-src 'self';font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;form-action 'self';frame-ancestors *;frame-src https://*.doubleclick.net;img-src 'self' data: www.afip.gob.ar www.argentina.gob.ar modo.onelink.me *.playdigital.com.ar https://maps.gstatic.com https://maps.googleapis.com https://assets.mobile.preprod.playdigital.com.ar https://assets.mobile.qa.playdigital.com.ar https://assets.mobile.develop.playdigital.com.ar https://assets.mobile.playdigital.com.ar https://s3.amazonaws.com https://www.google.com a.storyblok.com www.google.com.ar www.facebook.com storage.googleapis.com www.googletagmanager.com *.doubleclick.net;manifest-src 'self';media-src https://storage.googleapis.com *.playdigital.com.ar *.googleapis.com;object-src https://amplitude.com;prefetch-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://connect.facebook.net https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com https://www.googleadservices.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.freshbots.ai;worker-src 'self' *.modo.com.ar blob:;script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com;report-uri /api/reporting;report-to /api/reporting; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mista.ua https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.adtrafficquality.google *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org https://polyfill.io/ wikimapia.org https://*.jsdelivr.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com syndicatedsearch.goog *.googletagservices.com *.adtrafficquality.google *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org *.adsensecustomsearchads.com https://www.tiktok.com/; 1 default-src 'self';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline';connect-src 'self';font-src 'self';style-src 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://app-sj27.marketo.com/ https://cdn.transifex.com/ https://segments.company-target.com/ https://api.company-target.com/ https://s.company-target.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://*.fontawesome.com/ https://https://us.i.posthog.com https://*.posthog.com http://*.posthog.com; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://cdn.vidyard.com/ https://cdn.transifex.com/ https://segments.company-target.com/ https://id.rlcdn.com/ https://px.ads.linkedin.com/ https://pixel.sitescout.com/ https://www.google.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://*.fontawesome.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.transifex.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://kit.fontawesome.com/; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.transifex.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://kit.fontawesome.com/; 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1 script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; img-src 'self' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de *.webview.isb-mopa.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; Content-Security-Policy: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; X-Webkit-CSP: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de*.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; 1 object-src none; report-uri /report-csp-violation 1 default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src 'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1 default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; connect-src * 'self' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.midwestliving.com 1 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://gateway.mobbeel.com/ mobbeel.com *.mobbeel.com 1 default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1 default-src 'self'; connect-src 'self' https://*.digiaccess.org https://*.usercentrics.eu https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://*.ekir.de; frame-src 'self' https://*.usercentrics.eu https://umap.openstreetmap.fr https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://contentpool3.ekir.customers.intentive.net https://*.usercentrics.eu https://*.openstreetmap.fr https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.digiaccess.org https://*.usercentrics.eu https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; frame-ancestors 'none'; 1 default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1 frame-ancestors https://*.holman.com 1 default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-6b40a1ebfb07e3d422528f531f8279b3' 'nonce-10ddfa6f2d871fed6106238d0414d49a' 'nonce-47dd756df7a67c718d230ec58b5b6808' 'nonce-94f1b999c9c7afcda5a3b8d903e29a1c' 'nonce-b357f4ed8bdd61b9ea026a390f8146bd' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6b40a1ebfb07e3d422528f531f8279b3' 'nonce-10ddfa6f2d871fed6106238d0414d49a' 'nonce-47dd756df7a67c718d230ec58b5b6808' 'nonce-94f1b999c9c7afcda5a3b8d903e29a1c' 'nonce-b357f4ed8bdd61b9ea026a390f8146bd' 'self' 'unsafe-inline' https: 'report-sample' 1 upgrade-insecure-requests; default-src * data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' data: https://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline' 'unsafe-eval' https://web106.reachmee.com https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://cdn.plyr.io https://player.vimeo.com https://static.cloud.coveo.com https://cdn.jsdelivr.net https://view.ceros.com https://jamesleist.com https://clientweb.passle.net https://cdn.iframe.ly; style-src 'self' data: 'unsafe-inline' https://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.plyr.io https://static.cloud.coveo.com https://jamesleist.com; img-src * 'self' data: https://*.hotjar.com https://jamesleist.com; font-src 'self' data: https://*.hotjar.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com https://jamesleist.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://jamesleist.com; frame-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com https://view.ceros.com https://jamesleist.com https://www.podcaster.de https://w.soundcloud.com https://open.spotify.com/ https://cdn.iframe.ly; frame-ancestors 'self' https://sdn.sitecore.net 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.googleapis.com https://cdn.addevent.com https://platform.twitter.com embed.aidaform.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://partner.googleadservices.com https://*.list-manage.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.google.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net https://cdn-images.mailchimp.com; img-src 'self' data: https://*; media-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://flo.uri.sh https://api.mapbox.com https://app.powerbi.com https://data.humdata.org https://drive.google.com calendar.google.com https://www.youtube.com https://datawrapper.dwcdn.net https://teamup.com https://lookerstudio.google.com https://experience.arcgis.com https://public.tableau.com https://rrmniger.azurewebsites.net/ *.unocha.org https://*.addevent.com https://cdn.knightlab.com https://dashboards.impact-initiatives.org https://docs.google.com https://e.infogram.com https://jmmi-northernsyria.shinyapps.io https://logie.logcluster.org https://m.facebook.com https://miro.com https://spxih.mjt.lu https://turkiyeeq.thedeep.io https://ukraine.servicesadvisor.net https://unhcr.carto.com https://www.arcgis.com https://www.facebook.com https://rwsupport.aidaform.com https://analytics.wfp.org *.un.org https://cdnapisec.kaltura.com https://vimeo.com https://player.vimeo.com https://ukraine.servicesadvisor.net https://*.kobotoolbox.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-zH1U5fy4VtKYcZ2pwxWM3w=='; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; font-src 'self' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' cdn.pendo.io; img-src 'self' https://purecatamphetamine.github.io; object-src 'none'; frame-src 'self'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1 default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com t.co/i/adsct cf.zortrax.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.woodmagazine.com 1 default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-85453dc4d2a1e6121823289d75a5860f' 'nonce-b12935af63aed33f51cc5dd413b40f6e' 'nonce-25d242dc8ce0276edb89b9a99b4f83f8' 'nonce-727ee88597f0201af74ad6e4b5ee4c67' 'nonce-2abb75c4691f90bf0627f20a543b836a' 'nonce-a8336b489daa675db9203e0a54fde52d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-85453dc4d2a1e6121823289d75a5860f' 'nonce-b12935af63aed33f51cc5dd413b40f6e' 'nonce-25d242dc8ce0276edb89b9a99b4f83f8' 'nonce-727ee88597f0201af74ad6e4b5ee4c67' 'nonce-2abb75c4691f90bf0627f20a543b836a' 'nonce-a8336b489daa675db9203e0a54fde52d' 'self' 'unsafe-inline' https: 'report-sample' 1 frame-ancestors 'self' forms.saib.com.sa *.saib.com.sa; report-uri /report-csp-violation 1 frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com https://*.cevalogistics.com https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.clickandboat.com/frontend-assets/master/elements/ https://assets.clickandboat.com/frontend-assets/master/ https://assets.clickandboat.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.clickandboat.com/frontend-assets/master/ https://assets.clickandboat.com/frontend-assets/master/elements/ blog.clickandboat.com blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.clickandboat.com/frontend-assets/master/elements/ https://assets.clickandboat.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com 'unsafe-inline' 'nonce-ER/AWS8fp7IdxgGpPRUiYw=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.clickandboat.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com 1 default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob data: 1 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1 default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de cdnjs.cloudflare.com; object-src 'self' multimedia.gsb.bund.de download.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de download.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de multimedia.gsb.bund.de download.gsb.bund.de cdnjs.cloudflare.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1 default-src 'self'; frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com https://forms.hsforms.com; frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://vmecharttest3 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://maps.googleapis.com https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://vmecharttest3 https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com; font-src 'self' https://fonts.gstatic.com https://code.jquery.com; form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com; img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://maps.gstatic.com https://hyropublic.blob.core.windows.net https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com https://www.google.com https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com; connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net wss://web.hyro.ws/widget-client https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://app.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com; object-src 'none'; base-uri 'self'; media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1 default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://cdn.fhstp.ac.at https://sentry.fhstp.ac.at/ https://my2.siteimprove.com https://rest.visitlead.com https://*.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://*.pagestrip.com https://pagestrip.com https://*.google.com https://*.linkedin.oribi.io; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://my2.siteimprove.com/ https://www.podbean.com https://*.doubleclick.net https://www.googletagmanager.com/; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://i1.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://app.visitlead.com https://www.filmspektakel.at https://*.pagestrip.com https://bat.bing.com; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com https://*.pagestrip.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://cdn.siteimprove.net/cms/overlay.js https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://*.pagestrip.com https://browser-update.org https://unpkg.com https://bat.bing.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://*.pagestrip.com; 1 default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-scripts.com https://app.privally.global; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com https://www.googletagmanager.com/; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.google.com/ads/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://b.6sc.co/ https://app-sj27.marketo.com/ https://go.scaledagile.com/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://static.smartrecruiters.com/ https://*.company-target.com/ https://www.smartrecruiters.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://s.company-target.com/ https://scaledagilenetwork.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://www.google.com/ https://www.google.com/ads/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://cdn.vidyard.com/ https://cdn.vidyard.com/thumbnails/18287566/TcTilRh6vhdyHxZi9F4VIQ.png https://play.vidyard.com/ https://id.rlcdn.com/ https://b.6sc.co/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.linkedin.com/* https://go.scaledagile.com/ https://www.googletagmanager.com/ https://segments.company-target.com/ https://scaledagile.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://scaledagilenetwork.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/; 1 default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' http://*.usercentrics.eu:* https://*.usercentrics.eu:* http://*.usercentrics.eu https://*.usercentrics.eu wss://*.usercentrics.eu 'unsafe-inline' https://*.yoast.com; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob: https://*.reactful.com http://*.reactful.com; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1 default-src 'self' dock.ui.bosch.tech vars.hotjar.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com; font-src 'self' *.bosch-pt.com bosch-pt.com www.bosch-pt.com *.bosch-professional.com ; object-src data: 'self'; img-src https: data:; style-src 'self' ptlegalpagesnew.kittelberger.net *.bosch-pt.com bosch-pt.com *.bosch-professional.com 'unsafe-inline'; script-src https: http://www.bosch-pt.com 'unsafe-inline' 'unsafe-eval'; connect-src https: search.internet.bosch.com wss://*.hotjar.com; script-src-elem https: http: 'unsafe-inline' *.bosch-pt.com 1 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://js.cdn.applicationinsights.io https://js.cdn.monitor.azure.com *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src-attr 'self' data: 'unsafe-inline' 'unsafe-eval' *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://embed.typeform.com/ www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://cdn.optimizely.com *.siteimproveanalytics.io *.linkedin.com *.cookiebot.com *.vimeocdn.com maps.googleapis.com maps.gstatic.com https://*.google-analytics.com www.gstatic.com videoapi-sprites.vimeocdn.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: www.taylorwessing.com taylorwessing.com *.taylorwessing.com *.podigee-cdn.net fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' https://js.monitor.azure.com https://dc.services.visualstudio.com www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://logx.optimizely.com https://*.optimizely.com idx.liadm.com *.doubleclick.net *.linkedin.com cdn.linkedin.oribi.io consentcdn.cookiebot.com maps.googleapis.com www.google-analytics.com player-telemetry.vimeo.com region1.google-analytics.com 132vod-adaptive.akamaized.net 62vod-adaptive.akamaized.net *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' www.taylorwessing.com taylorwessing.com *.taylorwessing.com blob:; object-src 'none'; frame-src 'self' https://*.doubleclick.net www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://a27617570016.cdn.optimizely.com https://a27617570016.cdn-pci.optimizely.com cdn.yoshki.com form.typeform.com tw.bryter.io *.podigee.io *.podigee-cdn.net *.newsmailservice.de *.soundcloud.com *.podcasts.apple.com *.spotify.com *.fliplet.com sites-taylor-wessing.vuturevx.com v6.newsmailservice.de app.livestorm.co *.buzzsprout.com consentcdn.cookiebot.com player.vimeo.com www.google.com *.youtube.com taylorwessing.foleon.com datastudio.google.com lookerstudio.google.com https://www.googletagmanager.com; worker-src 'self'; frame-ancestors 'self'; report-uri https://taylorwessing.report-uri.com/r/d/csp/enforce; report-to https://taylorwessing.report-uri.com/r/d/csp/wizard 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1 default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com www.kununu.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1 allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1 default-src 'none'; block-all-mixed-content; connect-src 'self' *.abtasty.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.nr-data.net *.regionsjob.com *.twitter.com bat.bing.com bat.bing.net cdn.jsdelivr.net/gh/magma-app/magma-widget@latest/src/widget-v3.min.js googleads.g.doubleclick.net vimeo.com; font-src 'self' fonts.cdnfonts.com/s/14903/ *.abtasty.com; frame-ancestors 'self'; frame-src 'self' *.abtasty.com *.francetv.fr *.googletagmanager.com *.instagram.com *.linkedin.com *.magma.app *.podcasts.apple.com *.slideshare.net *.soundcloud.com *.tiktok.com *.ttwstatic.com *.twitter.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.youtube.br *.youtube.com td.doubleclick.net; img-src 'self' data: *.abtasty.com *.facebook.com *.hellowork.com *.osm.org *.twitter.com diplomeo-static.com bat.bing.com bat.bing.net diplomeo.com local:// https://i.hellowork.com *.tile.openstreetmap.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.aticdn.net *.dev-hellowork.com *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleadservices.com *.hellowork.com *.regionsjob.com *.tiktok.com *.ttwstatic.com *.twitter.com *.instagram.com bat.bing.com bat.bing.net js-agent.newrelic.com; style-src 'self' 'unsafe-inline' *.abtasty.com *.hellowork.com *.ttwstatic.com fonts.cdnfonts.com/css/sofia-pro 1 frame-ancestors 'self' https://twitter.com; 1 base-uri 'self' 'strict-dynamic' https://www.industowers.com/; script-src 'self' 'nonce-mgmVsFwdsw5G4cH8j86JBw==' 'unsafe-inline' 'strict-dynamic' https://www.industowers.com/ https://*.industowers.com/ http://*.industowers.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/ https://s.tradingview.com/ ; img-src 'self' data: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://goo.gle/ https://www.industowers.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; object-src; frame-src 'self' data: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/; form-action 'self' data: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; worker-src 'self' data: 'nonce-mgmVsFwdsw5G4cH8j86JBw==' 'unsafe-inline' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; 1 frame-ancestors *.mastercardconnect.com *.brighteriondev.com 1 default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1 default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self'; frame-src 'self' https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://studio.eu.screencloud.com/ https://screencloud.com/ https://cdn.tickettailor.com/js/widgets/min/widget.js *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.webspellchecker.net/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://studio.eu.screencloud.com/ https://screencloud.com/ *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://translate-pa.googleapis.com/ https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.analytics.google.com/ https://www.doctify.com/ *.webspellchecker.net/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1 default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data: 1 block-all-mixed-content; frame-ancestors 'self' 1 base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self' *;frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1 upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com fundingchoicesmessages.google.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1 default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io calendly.com *.calendly.com *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr *.youtube.com *.vimeo.com *.atlantic.fr *.cookiebot.com *.doubleclick.net *.vectary.com *.instagram.com *.facebook.com *.cdninstagram.com *.pinterest.com calendly.com *.calendly.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.pinterest.com *.googletagmanager.com *.groupe-atlantic.com *.cookiebot.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.google-analytics.com *.soyooz.com *.mxpnl.com code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com googleads.g.doubleclick.net *.facebook.net *.tradelab.fr *.pinimg.com *.inbenta.services *.inbenta.io calendly.com *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.calendly.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://*.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-inpm55v2v-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com fonts.googleapis.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio;frame-src 'self' https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; img-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://media.giphy.com/ https://*.tile.openstreetmap.org/ https://*.hcaptcha.com/; object-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; frame-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; 1 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com *.twitter.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.instagram.com *.cdninstagram.com *.bund.de *.bundesbots.de https://twemoji.maxcdn.com https://pbs.twimg.com https://cdn.jsdelivr.net https://www.kununu.com https://assets.kununu.com; frame-ancestors 'self'; 1 default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; object-src 'none'; frame-ancestors 'self'; report-uri /report-csp-violation 1 upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com https://*.analytics.google.com https://*.youtube.com/ https://analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ https://zeptojs.com/zepto.min.js https://*.doubleclick.net/ wss://ws.hotjar.com/ https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com; 1 frame-ancestors 'self' https://*.felgenoutlet.de 1 default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1 default-src 'self' ; script-src 'self' 1 default src 1 default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/*; connect-src 'self' *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net *.google-analytics.com *.gstatic.com *.google.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com *.youtube.com 1 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' * blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com platform.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://partner.googleadservices.com https://connect.facebook.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com fonts.googleapis.com https://www.google.com; img-src 'self' data: https://*; media-src 'self' data:; frame-src 'self' https://www.googletagmanager.com *.youtube.com platform.twitter.com view.genial.ly interactive.unocha.org https://bid.g.doubleclick.net https://td.doubleclick.net https://syndication.twitter.com *.un.org https://cdnapisec.kaltura.com https://vimeo.com https://player.vimeo.com https://app.powerbi.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com https://use.typekit.net interagencystandingcommittee.org; connect-src 'self' https://*; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' https://cdn.ckeditor.com data: ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net d3rxaij56vjege.cloudfront.net googleads.g.doubleclick.net snap.licdn.com sourcepoint.activehosted.com static.hsappstatic.net https://tag.demandbase.com trackcmp.net www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com https://www.influ2.com https://sc.lfeeder.com https://*.hsforms.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hs-scripts.com cdn.jsdelivr.net https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.simplecast.com https://www.clarity.ms https://static.ads-twitter.com 'sha256-/RJ8NoT76/a8Ofw1yEJbkar6uEejOHUvY4mRxpEg6BA='; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com fonts.bunny.net js.hsforms.net js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net cdn.jsdelivr.net https://cdn.ckeditor.com; img-src data: *; media-src 'self'; frame-src 'self' td.doubleclick.net s.company-target.com www.google.com player.vimeo.com gateway.zscalerthree.net www.googletagmanager.com block.opendns.com https://*.hsforms.com https://www.youtube-nocookie.com https://www.youtube.com https://player.simplecast.com/ https://www.slideshare.net; frame-ancestors https:; font-src 'self' data: fonts.gstatic.com static.zip.co fonts.bunny.net; connect-src 'self' https://*.google.com https://adservice.google.com api.company-target.com px.ads.linkedin.com segments.company-target.com stats.g.doubleclick.net t.influ2.com tag-logger.demandbase.com www.google-analytics.com www.influ2.com https://*.hsforms.com https://*.hscollectedforms.net https://www.googleadservices.com https://*.hubspot.com https://www.youtube-nocookie.com https://www.youtube.com https://*.clarity.ms https://www.facebook.com https://connect.facebook.net; report-uri /report-csp-violation 1 object-src 'none'; frame-ancestors *; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1 child-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru ; connect-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru wss://coapi.myoffice.team data:; default-src 'none'; font-src 'self' data: cdn.myoffice.team boards.myoffice.team; frame-ancestors auth.myoffice.team boards.myoffice.team cdn.myoffice.team docs.myoffice.team files.myoffice.team links.myoffice.team im.ncloudtech.ru mail.myoffice.team; frame-src 'self' blob: coapi.myoffice.team auth.myoffice.team boards.myoffice.team cdn.myoffice.team docs.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru im.ncloudtech.ru; img-src 'self' data: blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru ; media-src 'self' blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru ; object-src 'self' blob: coapi.myoffice.team; prefetch-src 'self' auth.myoffice.team boards.myoffice.team cdn.myoffice.team docs.myoffice.team files.myoffice.team links.myoffice.team; report-uri https://coapi.myoffice.team/csp-report; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.myoffice.team boards.myoffice.team; style-src 'self' 'unsafe-inline' cdn.myoffice.team boards.myoffice.team 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob data: *.maxima.lt *.maxima.ee *.google.com *.google.lt *.google.ee *.google.lv *.googleapis.com *.gstatic.com *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.issuu.com *.youtube.com *.youtube-nocookie.com *.adform.net *.doubleclick.net *.facebook.com *.googleadservices.com maxima.teamdash.com *.flipsnack.com view.publitas.com; block-all-mixed-content; font-src 'self' data: https:; frame-ancestors 'self' *.maxima.lt *.maxima.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com; report-uri /csp/report 1 default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-5bc27afc51f6ee581996486219e8f929' 'nonce-aa5cb99036c56787cc9e1e9a2e27efa5' 'nonce-3a92d0152007abbc9b9c76cfaf41ddf1' 'nonce-652763538d80a72ce7211b1739ce8ec1' 'nonce-831f7fd8604594e14308ba08b1705abc' 'nonce-22f4f1d826018d792cd75051f70c6232' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-5bc27afc51f6ee581996486219e8f929' 'nonce-aa5cb99036c56787cc9e1e9a2e27efa5' 'nonce-3a92d0152007abbc9b9c76cfaf41ddf1' 'nonce-652763538d80a72ce7211b1739ce8ec1' 'nonce-831f7fd8604594e14308ba08b1705abc' 'nonce-22f4f1d826018d792cd75051f70c6232' 'self' 'unsafe-inline' https: 'report-sample' 1 frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live pl.team.live ar.team.live tr.team.live; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-ahg8hAcHAdVbuBoTOhxxIbybxb0hQtRc' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src 'self'; child-src data: blob:; connect-src 'self' *.aticdn.net *.cdnbasket.net *.cookiebot.com *.googleapis.com *.hotjar.com *.hotjar.io *.onconnect-coach.3slab.fr *.payline.com *.suez.com *.xiti.com apisimulator.toutsurmoneau.test bam.eu01.nr-data.net bam.nr-data.net data.gouv.nc ids.cdnwidget.com payline.com smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net stats.g.doubleclick.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com wss://*.hotjar.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test; font-src 'self' data: *.hotjar.com *.payline.com *.suez.com fonts.gstatic.com maxcdn.bootstrapcdn.com payline.com smartsolution-onconnectcoach.azureedge.net *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-ancestors 'self' https://eco-gagnant-recette.stellio.io/ https://eco-gagnant.cud.fr https://seleniumbase.io/; frame-src 'self' data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com *.qualtrics.com *.cloudflare.com; img-src 'self' data: blob: *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.hotjar.com *.payline.com *.suez.com *.youtube-nocookie.com *.youtube.com api.cabestan.com cdn1.iconfinder.com cloudfront.net maps.googleapis.com maps.gstatic.com payline.com smartsolution-onconnectcoach.azureedge.net www.googletagmanager.com *.suez.com *.cookiebot.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test cdn.jsdelivr.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ati-host.net *.aticdn.net *.atinternet-solutions.com *.atinternet.com *.atinternet.io *.bootstrapcdn.com *.capadresse.com *.capadresse.com:2814 *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.google.com *.google.com/maps *.hotjar.com *.js-agent.newrelic.com *.newrelic.com *.onconnect-coach.3slab.fr *.payline.com *.piano.io *.suez.com *.xiti.com ajax.cloudflare.com api.cabestan.com apisimulator.toutsurmoneau.test bam.nr-data.net capadresse.apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 code.jquery.com maps.googleapis.com payline.com smartsolution-smartcoach.azureedge.net suez-eau-france.dimelochat.com ws.livingactor.com www.googletagmanager.com www.gstatic.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test *.cloudflare.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.hotjar.com *.payline.com *.suez.com fonts.googleapis.com payline.com smartsolution-smartcoach.azureedge.net www.gstatic.com *.googleapis.com *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test cdn.jsdelivr.net; worker-src blob: 1 default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self' 'unsafe-inline' *.interiorhealth.ca fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1 frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.san.com *.go-vip.net *.doubleclick.net *.cookiebot.com *.googleapis.com *.googletagmanager.com *.wp.com *.wordpress.com interactives.ap.org wordpress.com *.parsely.com *.brightcove.net *.brightcove.com *.zencdn.net *.gstatic.com *.newrelic.com *.surveycarrot.com *.googlesyndication.com *.googletagservices.com *.dwcdn.net *.jsdelivr.net *.appboycdn.com *.twitter.com *.x.com *.instagram.com *.facebook.net *.facebook.com *.google.com *.tiktok.com *.truthsocial.com *.c-span.org truthsocial.com *.byspotify.com byspotify.com *.mediaengagement.org mediaengagement.org *.tiktokcdn-us.com *.mouseflow.com *.typeform.com *.sparkloop.app *.polldaddy.com *.cloudflare.com *.sketchfab.com; img-src * data:; font-src * data:; connect-src *; worker-src * blob:; media-src * blob:; frame-src 'self' san.com *.san.com san-maps.vercel.app *.google.com *.wp.com *.wordpress.com interactives.ap.org wordpress.com *.cookiebot.com *.twitter.com *.x.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.facebook.net *.facebook.com *.g.doubleclick.net *.googlesyndication.com *.safeframe.googlesyndication.com *.tiktok.com *.truthsocial.com *.c-span.org truthsocial.com *.byspotify.com byspotify.com *.mediaengagement.org mediaengagement.org *.typeform.com sketchfab.com *.sketchfab.com *.polldaddy.com; 1 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/fbevents.js comparison.go2jump.org/aff_goal bat.bing.com analytics.tiktok.com kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com cdn.sajari.net cdn.sajari.com analytics.twitter.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com assets.adobedtm.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; http://dtwebsite2.datatoolscloud.net.au; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com global.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-MWiFy1XRX6ckk80OrNDolSsfAdLnfvQw' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-P+h9QLhPps1d/LXy' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.*;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 allow 'self'; options inline-script eval-script 1 default-src 'none'; block-all-mixed-content; connect-src https://www.ntppool.org 'self'; img-src https://imgproxy.jonasled.de https://www.gravatar.com 'self' data:; script-src 'self' 'nonce-wLwwu89dLTIWGrkObrJOtA=='; report-uri /nelmio/csp/report; style-src 'none' 'nonce-wLwwu89dLTIWGrkObrJOtA==' 1 default-src \'self\'; img-src *; media-src * data:; 1 connect-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://api.carrotquest.app/ https://api.carrottrack.app/ https://rts-v2.carrotquest.app/ wss://rts-v2.carrotquest.app/ https://tracker.comagic.ru/ https://stats.g.doubleclick.net;default-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://tracker.comagic.ru https://stats.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://maps.google.com http://bitrix.info https://connect.facebook.net https://*.gstatic.com:* https://*.googleapis.com https://www.google.ru https://*.googleadservices.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.maps.yandex.net https://cdnjs.cloudflare.com https://app.comagic.ru https://cllctr.roistat.com/ https://cloud.roistat.com/ https://cdn.jsdelivr.net/ https://cdn.carrotquest.app/ https://use.fontawesome.com/ https://www.google.com/recaptcha/ https://yastatic.net:*;style-src 'self' 'unsafe-inline' data: https://mc.yandex.ru:* https://*.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.jsdelivr.net https://*.gstatic.com:*;img-src 'self' data: https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app/ blob: https://*.maps.yandex.net;font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.carrotquest.app/ https://*.gstatic.com:*;frame-src 'self' data: https://*.youtube.com https://*.youtu.be https://*.yandex.ru https://yandex.ru https://mc.yandex.ru/ https://www.google.com https://*.youtube-nocookie.com;base-uri 'self';form-action 'self' data: ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://fonts.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://stats.g.doubleclick.net https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1 default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-TLSnnw1Yq4OUWEJH5iWC11evePmQuK5j' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com; 1 script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 1 default-src 'self';img-src *; script-src *; 1 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://*.hs-koblenz.de https://player.vimeo.com https://www.google.com; style-src 'self' 'unsafe-inline'; default-src https://*.hs-koblenz.de 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data:; script-src https://*.hs-koblenz.de 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' https://*.tile.openstreetmap.de data: 'self'; 1 base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1 default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com fonts.googleapis.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.qenta.com; navigate-to 'self' https: 1 upgrade-insecure-requests; default-src https://urzadskarbowy.gov.pl/; script-src 'self'; frame-src 'self' https://login.mf.gov.pl/; connect-src https://dc.services.visualstudio.com/ https://eurzad.datahub.mf.gov.pl/ https://urzadskarbowy.gov.pl/ https://login.mf.gov.pl/ https://api-klient-eformularz-logged.mf.gov.pl/; img-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'none'; object-src 'none'; base-uri 'self'; sandbox allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads; 1 default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1 default-src 'none'; block-all-mixed-content; connect-src 'self' neopay.online www.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.lt *.doubleclick.net cdn.jsdelivr.net *.pipedrive.com www.googleadservices.com; font-src 'self' neopay.online fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net assets.neopay.online *.pipedrive.com maxcdn.bootstrapcdn.com; form-action 'self' neopay.online; frame-ancestors 'self' neopay.online; frame-src 'self' neopay.online www.googletagmanager.com *.google.com *.google.lt *.doubleclick.net; img-src 'self' neopay.online data: assets.neopay.online assets.neopay.lt cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.pipedrive.com www.gstatic.com *.google.com *.google.lt *.doubleclick.net; manifest-src 'self' neopay.online; object-src data:; script-src 'self' neopay.online cdn.jsdelivr.net ajax.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.cookie-script.com www.googletagmanager.com cdn.ampproject.org *.googlesyndication.com *.google-analytics.com *.google.com *.google.lt www.gstatic.com www.googleadservices.com *.pipedrive.com 'unsafe-inline'; style-src 'self' neopay.online fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdn.cookie-script.com *.pipedrive.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com assets.neopay.online 'unsafe-inline' 1 default-src https: wss:; base-uri 'none'; font-src https: data:; img-src https: data:; script-src 'strict-dynamic' 'nonce-15goRr4UUYSTGLEslGInOg=='; style-src https: 'unsafe-inline' 1 frame-ancestors https://*.posylka.de 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com google.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com www.linkedin.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors https://goloadup.com 1 default-src 'self' https; connect-src 'self' https://dc.services.visualstudio.com https://attach.ukpowernetworks.co.uk https://*.go-mpulse.net https://*.akstat.io/ https://*.akamaihd.net/ www.google-analytics.com region1.google-analytics.com https://apikeys.civiccomputing.com/c/v https://in.hotjar.com/ https://vc.hotjar.io https://clapi.civiccomputing.com/ stats.g.doubleclick.net https://translate.googleapis.com https://maps.googleapis.com https://api.what3words.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://*.applicationinsights.azure.com https://*.azurewebsites.net https://graph.microsoft.com/ https://*.tangentlabs.co.uk https://col.site24x7rum.eu https://l.sharethis.com https://platform.twitter.com/widgets.js https://connect.facebook.net https://api.reciteme.com https://stats.reciteme.com https://speechstreamv3-webservices-8.texthelp.com/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.speechstream.net https://en.wikipedia.org/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://apps.parcelforce.com/sso/Home/IsAlive https://apps.parcelforce.com/sso/ https://static.queue-it.net 956e469338e2e6898c68816e7d5d70.4d.environment.api.powerplatform.com 122893fe7778e05ebe27d6a1abed5c.42.environment.api.powerplatform.com 0f561d2ccae5e5c6b9552edc1c9164.5b.environment.api.powerplatform.com europe.directline.botframework.com wss://europe.directline.botframework.com; font-src 'self' ukpn.local hello.myfonts.net data: fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk; style-src 'self' 'unsafe-inline' ukpn.local fonts.googleapis.com https://fonts.googleapis.com https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net; script-src 'self' 'unsafe-eval' ukpn.local https://*.go-mpulse.net 'unsafe-inline' https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.googletagmanager.com/ns.html www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com script.hotjar.com static.hotjar.com z.moatads.com https://translate.google.com/ https://translate.googleapis.com/ apis.google.com www.google.com www.gstatic.com maps.googleapis.com ajax.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://static.site24x7rum.eu https://widget.trustpilot.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://graph.facebook.com https://www.youtube.com https://www.linkedin.com/ https://s.ytimg.com https://platform.twitter.com https://connect.facebook.net https://api.reciteme.com https://stats.reciteme.com v4in1-si.click4assistance.co.uk https://*.speechstream.net https://wikisum.texthelp.com/ https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://ukpowernetworks.queue-it.net https://ukpowernetwork.queue-it.net https://static.queue-it.net/script/queueclient.min.js https://static.queue-it.net/script/queueconfigloader.min.js https://assets.queue-it.net cdn.botframework.com https://grid.is; img-src 'self' data: https://api.umbraco.io https://media.umbraco.io https://img.youtube.com www.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads https://translate.google.com maps.gstatic.com maps.googleapis.com https://www.google.com https://www.google.co.uk/ https://www.google.com/images/cleardot.gif https://www.gstatic.com fonts.googleapis.com apis.google.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://l.sharethis.com https://api.reciteme.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net prod3si.click4assistance.co.uk v4in1-si.click4assistance.co.uk https://speechstreamv3-webservices-8.texthelp.com/ https://upload.wikimedia.org blob:; child-src 'self' https://www.googletagmanager.com/ns.html https://content.googleapis.com; frame-src 'self' https://powerupgames.z33.web.core.windows.net https://vars.hotjar.com https://powerupgames.z33.web.core.windows.net/hunt-the-hazards/story.html www.google.com *.google.com www.youtube.com www.linkedin.com https://widget.trustpilot.com https://platform-api.sharethis.com https://platform.twitter.com https://web.facebook.com/ https://www.facebook.com/ https://m.facebook.com/ https://api.reciteme.com v4in1-ti.click4assistance.co.uk https://*.speechstream.net web.powerva.microsoft.com https://956e469338e2e6898c68816e7d5d70.4d.environment.api.powerplatform.com https://122893fe7778e05ebe27d6a1abed5c.42.environment.api.powerplatform.com https://0f561d2ccae5e5c6b9552edc1c9164.5b.environment.api.powerplatform.com https://grid.is; object-src 'none'; worker-src blob:; media-src https://api.reciteme.com self https://*.speechstream.net; 1 default-src 'self' data: https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self' https://ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: https://*.ckeditor.com https://*.hotjar.com https://*.hotjar.io https://*.teads.tv https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://maps.googleapis.com https://p1.zemanta.com https://region1.analytics.google.com https://region1.google-analytics.com https://static1.r66net.com https://stats.g.doubleclick.net; frame-src 'self' https://*.doubleclick.net https://*.greenconnected.fr https://bonusqualirepar.ecosystem.eco https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://ecosystemfrance.qualtrics.com https://form.jotform.com https://insight.adsrvr.org https://match.adsrvr.org https://page.ecosystem.eco https://portail-reparateurs.ecosystem.eco https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.doubleclick.net https://*.ecosystem.eco https://*.teads.tv https://6745d80ec3904300272752ef.tracker.adotmob.com https://img.youtube.com https://imgsct.cookiebot.com https://insight.adsrvr.org https://jedonnemontelephone.fr https://ks1.b26net.com https://ks1.invibes.com https://maps.googleapis.com https://maps.gstatic.com https://p1.zemanta.com https://track.adform.net https://www.google.fr https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://*.ecosystem.eco; object-src 'none'; script-src 'unsafe-inline' 'self' https://*.hotjar.com https://cdn.datatables.net https://cdn.matomo.cloud https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://fonts.googleapis.com https://insight.adsrvr.org https://js-tag.zemanta.com https://js.adsrvr.org https://k.r66net.com https://maps.googleapis.com https://p.teads.tv https://s2.adform.net https://static.r66net.net https://track.adform.net https://www.googletagmanager.com https://www.youtube.com; style-src 'unsafe-inline' 'self' https://cdn.datatables.net https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'none' 1 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/HTMLCS.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://code.highcharts.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com https://openfed.github.io/AccessibilityCheck/build/HTMLCS.css; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/Images/; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be https://app.usercentrics.eu/ https://burden.sciensano.be heyzine.com/flip-book/ https://charts.sciensano.be https://podcasters.spotify.com https://lucid.app/documents/embedded/; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://maps.googleapis.com/; report-uri /en/report-csp-violation 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://www.buymusic.club wss://ws.hotjar.com https://*.hcaptcha.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors 'none'; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com https://www.googletagmanager.com/ https://td.doubleclick.net/; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com https://*.licdn.com https://*.snapchat.com 'nonce-AIycAwrUeEOhRymCynZa7Q=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1 script-src 'self' 'nonce-gWiD3JaGjcehOjO5gdiJTMOTHuI=' 'strict-dynamic' 'unsafe-inline' https://*.googleapis.com/ https://connect.facebook.net/ https://s.adroll.com/ 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.snapchat.com snapchat.com *.medallia.eu medallia.eu; frame-src 'self' directus.br.extranet.addmore.cloud test.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com *.snapchat.com snapchat.com *.googletagmanager.com googletagmanager.com; img-src 'self' data: 'unsafe-inline' test.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com *.bing.net bing.net maps.gstatic.com *.googletagmanager.com googletagmanager.com; media-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com *.sc-static.net sc-static.net *.snapchat.com snapchat.com; worker-src 'self' blob: 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com *.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://img.youtube.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com translate-pa.googleapis.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com player.vimeo.com; 1 frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tour.klapty.com/; 1 allow *; options inline-script eval-script; frame-ancestors 'self'; 1 child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1 default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.google-analytics.com https://*.googleapis.com https://checkout.stripe.com https://api.stripe.com https://*.ads.linkedin.com; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com https://px.ads.linkedin.com https://www.linkedin.com/px; object-src https://s3-eu-west-1.amazonaws.com/catapush-cdn/; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://checkout.stripe.com https://js.stripe.com https://js.hsforms.net/forms/v2.js https://snap.licdn.com https://*.ads.linkedin.com 'report-sample' 'unsafe-inline' 'nonce-ehWiT3f/DyDG/l62dk6s9g=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1 default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src 'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1 base-uri 'none';connect-src 'self' http://localhost:3001 http://127.0.0.1:3001 *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se *.oresundsbron.com *.adnxs.com *.strossle.com;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com *.strossle.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com;worker-src 'self'; 1 https://client.libertydentalplan.com; https://libertydentalplan.com 1 default-src 'none'; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1 frame-ancestors https://*.nywerk.de https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com *.secutix.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data: *.secutix.com *.amazonaws.com; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com wjrmdnw.pa-cd.com billetterie.pinaultcollection.com *.secutix.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1 base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.polkastarter.com https://*.cookie3.co https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://*.bnbchain.org https://*.bnbchain.org:8545/ https://rpc.ankr.com/bsc https://*.binance.org https://testnet.omni.network https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.base.org https://sepolia.base.org https://forno.celo.org https://alfajores-forno.celo-testnet.org https://mainnet.mode.network https://sepolia.mode.network https://goerli.optimism.io https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc.ankr.com/polygon_mumbai https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://rpc.ankr.com https://rpc.ankr.com/eth;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'none';frame-src https://verify.synaps.io/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live https://www.tradingview-widget.com https://s.tradingview.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co https://www.youtube.com https://unpkg.com https://s3.tradingview.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1 default-src 'self'; script-src 'self'; img-src 'self' 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' localhost static.formstack.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: siteimproveanalytics.com js-agent.newrelic.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com browser-update.org api.eventcalendarapp.com *.formstack.com www.google.com www.gstatic.com web2.production.gyantts.com *.vimeocdn.com cdnjs.cloudflare.com hcaptcha.com newassets.hcaptcha.com stripe.com *.stripe.com *.stripecdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.visualweboptimizer.com app.vwo.com api.eventcalendarapp.com *.gstatic.com fonts.googleapis.com s3.amazonaws.com *.typekit.net *.vimeocdn.com cdnjs.cloudflare.com js.stripe.com; img-src * data:; form-action 'self' *.formstack.com https://bellin.org; frame-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; frame-ancestors 'self'; child-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; font-src 'self' data: fonts.gstatic.com *.typekit.net api.eventcalendarapp.com s3.amazonaws.com *.formstack.com; connect-src 'self' bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com wss://web2.production.gyantts.com web2.production.gyantts.com *.hcaptcha.com stripe.com *.stripe.com; base-uri 'self'; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.stripe.com/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.valued.app; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.valued.app 'unsafe-inline' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-jbA8VreA42SNzS8N9VHJ5N6pZWjqC2B/c/cBk+1diXE=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' https://api.recurly.com 'unsafe-inline'; report-uri /nelmio/csp/report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:* https://form.jotform.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:* https://form.jotform.com:* https://submit.jotform.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allpeoplequilt.com 1 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://ckf02.lancsd.org https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://bam.nr-data.net https://dmaqfsvvftg8w.cloudfront.net/dtc.all.min.js https://reactjs.org/link/react-devtools https://pscentral.shoppable.com/cartAuth https://*.krxd.net https://s.yimg.com https://www.youtube.com *.bazaarvoice.com *.ada.support https://mpsnare.iesnare.com/ https://tr.snapchat.com https://analytics.tiktok.com https://api.ipify.org https://script.crazyegg.com https://acsbapp.com http://static.ads-twitter.com http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://bat.bing.com/bat.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js https://cdnjs.cloudflare.com/ajax/libs/image-picker/0.3.1/image-picker.js https://insight.adsrvr.org https://cdn.optimizely.com/js/27562260171.js https://a25353130117.cdn.optimizely.com https://*.optimizely.com https://cdn.optimizely.com https://*.cdn.optimizely.com https://staging-dogcheckupchallenge.snipp.us/Upload.aspx https://staging-catcheckupchallenge.snipp.us/Upload.aspx https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://checkupchallenge-dog.snipp.us/ https://checkupchallenge-cat.snipp.us/ https://cdn.ampproject.org https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css *.qualtrics.com https://royalcanincx.qualtrics.com/ https://znbogsizglasvsj70-royalcanincx.siteintercept.qualtrics.com https://cdnjs.cloudflare.com https://shoppable.commerce-connector.com https://t.contentsquare.net/uxa/629ab3f372251.js https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net/pagead https://www.googleadservices.com/*; object-src 'none'; frame-src 'self' https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://processor808.shoppable.com https://www.youtube.com/ https://ct.pinterest.com https://*.krxd.net https://*.bazaarvoice.com *.ada.support/ https://marspetcare-na.ada.support https://pedigreedg.snipp.us https://marspetcare-bark.ada.support/ https://www.facebook.com https://checkupchallenge-cat.snipp.us https://checkupchallenge-dog.snipp.us https://td.doubleclick.net/ https://stagingiamssweepstakes.snipp.us https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js https://iamssweepstakes.snipp.us https://a25353130117.cdn.optimizely.com https://insight.adsrvr.org *.id.opendns.com https://match.adsrvr.org https://checkupchallenge-dog.snipp.us/ https://checkupchallenge-cat.snipp.us/ https://royalcanincx.qualtrics.com/ https://shop.pricespider.com/; child-src blob: 1 default-src https: data: 'unsafe-inline' blob:;; frame-ancestors 'self'; report-uri /report-csp-violation 1 default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io imgsct.cookiebot.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1 default-src 'self' https://*.fbcdn.net https://*.cdninstagram.com; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com https://connect.facebook.net https://www.facebook.com https://audio7.audima.co blob: data:; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com https://api.cvortex.com https://backmenu.audima.co https://ka-f.fontawesome.com https://cdn.privacytools.com.br https://pt.wiktionary.org https://en.wiktionary.org https://es.wiktionary.org https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://menu.audima.co https://ka-f.fontawesome.com https://vlibras.gov.br https://cdn.jsdelivr.net https://fonts.bunny.net data:; form-action 'self' https://www.facebook.com https://wpmudev.com data:; frame-ancestors 'none'; frame-src https://www.gstatic.com https://www.google.com https://audio7.audima.co https://www.youtube.com https://open.spotify.com https://clarity.microsoft.com https://td.doubleclick.net/ blob:; img-src 'self' https://minervafoods.com https://vlibras.gov.br https://www.google.com.br https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net https://s.w.org https://claritystatic.blob.core.windows.net https://menu.audima.co https://2.gravatar.com https://*.cdninstagram.com data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://menu.audima.co https://audio7.audima.co https://kit.fontawesome.com https://www.youtube.com https://cdn.privacytools.com.br https://www.vlibras.gov.br https://unpkg.com https://clarity.microsoft.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.privacytools.com.br https://fonts.bunny.net 'unsafe-inline'; upgrade-insecure-requests 1 report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.creditsafe.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; script-src https://*.axept.io 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.hipay.com *.paypal.com *.static.axept.io 'sha256-Tzsl1EqoO9KsY3ZLwZ/PCkw3WnjUwoiMZoQUR6wG6mw=' 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com *.screeb.app 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-Dzik/WB+gJBcz9UYbbFUYFlTaU4qb0rrolNQQCQBQLU=' 'sha256-t19EsRsyX2bh0qql+yUUtI62N0Lx4bXF/EmD3xAx6B8='; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com *.screeb.app wss://*.screeb.app; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; connect-src 'self' https://client.axept.io https://api.axept.io https://user-api-dot-pi-prod-user-management-api.ew.r.appspot.com https://*.axeptio.eu *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.hipaytech.com *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.run.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com *.screeb.app *.paypalobjects.com twemoji.maxcdn.com https://axeptio.imgix.net https://favicons.axept.io https://*.gstatic.com; frame-src https://authentication.hipay.com; frame-ancestors 'none' 1 frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self'; 1 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://snazzymaps.com https://maps.googleapis.com https://player.vimeo.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://use.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://snazzymaps.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://*.warburgpincus.com *.warburgpincus.com https://warburgpincus.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://i.vimeocdn.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://snazzymaps.com https://player.vimeo.com https://maps.googleapis.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/ https://public.tableau.com public.tableau.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org piwik.bzga.de; style-src 'self' 'unsafe-inline';font-src 'self' data:; media-src 'self' *.stage.bio; connect-src 'self' nominatim.openstreetmap.org ws://socket.stage.bio *.stage.bio piwik.bzga.de; img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de *.stage.bio; 1 default-src 'self' *.metta.ru metta.ru *.metta-germany.com metta-germany.com metta-germany.com.tr *.ergolife.pro ergolife.pro *.metta.pro metta.pro api-maps.yandex.ru top-fwz1.mail.ru suggest-maps.yandex.ru mc.yandex.com core-renderer-tiles.maps.yandex.net yandex.ru data: mc.yandex.ru localhost content.saas-support.com piper.amocrm.ru cdn.jsdelivr.net whitesaas.com blob: localhost:8080 wss: www.google.com google.com fonts.googleapis.com fonts.gstatic.com pay.yandex.ru sandbox.pay.yandex.ru suggestions.dadata.ru autofill.yandex.ru oauth.yandex.ru login.yandex.ru widgetecom.ru widgetecom.sberbank.ru sbi.sberbank.ru:9443 qrcode.tec-it.com passport.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' bitrix.info api-maps.yandex.ru suggest-maps.yandex.ru mc.yandex.com yastatic.net core-renderer-tiles.maps.yandex.net localhost:8080 mc.yandex.ru cdn.envybox.io cloud.roistat.com cllctr.roistat.com whitesaas.com content.saas-support.com piper.amocrm.ru suggest-maps.yandex.ru cdn.jsdelivr.net blob: top-fwz1.mail.ru www.google.com google.com goopler.ru www.gstatic.com gstatic.com www.googletagmanager.com pay.yandex.ru static.cloudflareinsights.com widgetecom.ru passport.yandex.ru; style-src 'self' 'unsafe-inline' cdn.envybox.io cdn.jsdelivr.net blob: fonts.googleapis.com; frame-ancestors 'self' https://metrika.yandex.ru https://awards.ratingruneta.ru 1 script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1 default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com https://*.juicer.io ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com https://*.sc-static.net https://*.bing.com https://*.ads-twitter.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com ;connect-src 'self' https://docs.google.com https://www.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co https://*.muchloved.com ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' 'unsafe-inline' data: ; 1 default-src 'self' data: https://www.dw.com https://api.service-digitale-verwaltung.de https://events.click-around.systems/ https://ictp-trst-001.westeurope.cloudapp.azure.com/matomo/ https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com cdn.usefathom.com *.hotjar.com *.dotdigital-pages.com *.tiktok.com *.vimeo.com https: data:;style-src 'self' 'unsafe-inline' *.hotjar.com https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.googleadservices.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.vimeocdn.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com *.adnxs.com cdn.usefathom.com *.smooch.io wss://api.smooch.io *.hotjar.com *.hotjar.io wss://*.hotjar.com ct.pinterest.com pro.ip-api.com api.hellobar.com *.flippingbook.com *.tiktok.com *.bing.com *.convertexperiments.com data:;font-src 'self' static.tacdn.com *.gstatic.com assets.hootsuite.com *.hotjar.com my.hellobar.com *.tiktok.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net cdn.usefathom.com assets.hootsuite.com *.hotjar.com hi.hellobar.com px.gumgum.com *.flippingbook.com data:;frame-src 'self' *.vimeo.com vimeo.com *.vimeocdn.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net e.issuu.com ct.pinterest.com *.dotdigital-pages.com www.googletagmanager.com *.flippingbook.com ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1 default-src 'self'; script-src 'self' maps.googleapis.com e.issuu.com/embed.js embed.flickr.com https://js.stripe.com 'strict-dynamic' https: 'unsafe-eval' 'nonce-25c6e3ee523173ebd3423b3c8c38af3d'; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://sentry.issuu.com/api/ https://api.stripe.com data: blob:; img-src * data:; media-src * data:; frame-src e.issuu.com *.google.com player.vimeo.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' https://fonts.googleapis.com 'nonce-ca4791a88bb9b0f9c858d69dacbe219e'; font-src * data:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org unpkg.com s2.adform.net browser.sentry-cdn.com js.hubspot.com js.sentry-cdn.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net maps.googleapis.com pagead2.googlesyndication.com server.adform.net *.lytics.io; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css *.lytics.io; img-src 'self' blob: data: cdn.cookielaw.org *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net *.lytics.io; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' fast.wistia.net *.hs-sites.com fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net c.lytics.io; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org adservice.google.com px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'none';child-src 'self' https://*.twitch.tv https://*.youtube.com;connect-src 'self' https://*.immutable.com https://cms.staging.gam3s.gg https://analytics.gam3s.gg https://staging.api.gam3s.gg/ http://localhost:3001/ http://localhost:3002/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://dev.api.polkastarter.gg/ https://api.twitch.tv https://cms.gam3s.gg http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.cookie3.co https://gam3s.featurebase.app https://*.thirdweb.com https://*.alchemy.com http://cdn.cpmstar.com https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://*.walletconnect.com https://*.walletconnect.org wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://enhanced-provider.rainbow.me https://rpc.ankr.com;default-src 'self';font-src 'self' data: https://*.hotjar.com https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'self' https://*.gam3s.gg https://*.polkastarter.gg;frame-src 'self' *;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gleam.io https://widget.gleamjs.io https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://*.hotjar.com https://*.cookie3.co https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://cdn.blockpass.org https://do.featurebase.app https://*.cpmstar.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://embed.typeform.com https://vercel.live/fonts https://do.featurebase.app;worker-src 'self' blob:; 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com app.privacybee.ch app.privacybee.io maps.googleapis.com; font-src 'self' fonts.gstatic.com cdn.scaleflex.it; frame-src player.vimeo.com www.googletagmanager.com challenges.cloudflare.com; img-src 'self' data: region1.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com; script-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.privacybee.ch app.privacybee.ch app.privacybee.io challenges.cloudflare.com 'nonce-21Gr6BOfsUaAQJuOFAdgNA=='; style-src 'self' fonts.googleapis.com app.privacybee.ch app.privacybee.io 'unsafe-inline'; upgrade-insecure-requests; report-uri /nelmio/csp/report; worker-src 'self' blob: 1 base-uri 'none';child-src 'none';connect-src 'self' https://o554791.ingest.us.sentry.io webpack://* https://api2.amplitude.com https://admin.keikiworld.com;default-src 'self';font-src 'self' https://*.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://*.google.com;img-src 'self' https://cdn.keikiworld.com https://keikiworld.com data:;manifest-src 'self';media-src 'self' https://cdn.keikiworld.com https://keikiworld.com;object-src 'none';script-src 'self' 'unsafe-inline' https://*.google.com https://*.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; style-src https: 'unsafe-inline' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://www.instagram.com https://static.cdninstagram.com; frame-src 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de https://www.youtube-nocookie.com https://www.youtube.com https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; frame-ancestors 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de; 1 : default-src 'self' 1 default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-9532325f7fdd0f1bf35d0f19336e3662' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9532325f7fdd0f1bf35d0f19336e3662' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1 object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms https://c.bing.com https://*.bing.com https://*.bing.net;frame-src https://www.youtube.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.linkedin.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com https://*.bing.com https://*.bing.net;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=' https://*.bing.com https://*.bing.net;style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.licdn.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;child-src *.facebook.com *.facebook.net;manifest-src https://www.wefact.nl 1 default-src 'self'; base-uri 'self'; 1 allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1 default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ blog.clickandboat.com blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com 'unsafe-inline' 'nonce-E4so07DgfkwSRzTXrjK3Xg=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com 1 frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com; 1 default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ wss://api.staging.abchosting.org/ https://*.facebook.net https://*.facebook.com https://*.ingest.de.sentry.io/ https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure https://identitytoolkit.googleapis.com; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to https://fonts.googleapis.com; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com https://mintme.firebaseapp.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-0DBtgtzivGafVAyLzz2hYw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1 default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-eval' 'nonce-b156f8685b0c61c907c414ec1f7eb658' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'nonce-b156f8685b0c61c907c414ec1f7eb658' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U=' 'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU=' 'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4=' 'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o=' 'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A=' 'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0=' 'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg=' 'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0=' 'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk=' 'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k=' 'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g=' 'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM=' 'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc=' 'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA=' 'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw=' 'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA=' 'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8=' 'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM=' 'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60=' 'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk=' 'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA=' 'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4=' 'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA=' 'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0=' 'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo=' 'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg=' 'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8=' 'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk=' 'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4=' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1 default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io https://s.pinimg.com https://*.pinterest.com https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.taboola.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self' *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io https://*.pinterest.com https://open.spotify.com *.fontawesome.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com https://ct.pinterest.com *.fontawesome.com https://*.cookiepro.com https://*.taboola.com; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'self' https://www.google.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src 'self' data: fonts.gstatic.com;frame-src 'self' https://www.google.com; report-uri https://login.microworkcloud.com.br/csp/report 1 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1 base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; connect-src 'self' https://www.googletagmanager.com/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://api.cloud.247-inc.net/ https://stg-tie.cloud.247-inc.net/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://d1af033869koo7.cloudfront.net http://d1af033869koo7.cloudfront.net https://dpm.demdex.net/ https://adobedc.demdex.net/ https://edge.adobedc.net https://privacyportal-eu.onetrust.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://fonts.gstatic.com/ https://cm.everesttech.net/ data: blob:; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=WPXTlxnLsYZazAEQYzoLmdZEanxsYh7AOqu8QN5Srm8o8mPgZx4vgqHY2iwqjdY9DmRS1fXN6tTA9A7CTxf0mw%3D%3D; 1 default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrich.ai *.cookiebot.eu *.usemessages.com *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src *.nrich.ai *.usercentrics.eu *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.googletagmanager.com *.cookiebot.eu *.hubspot.com td.doubleclick.net ad.doubleclick.net *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.nrich.ai *.cookiebot.eu google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-szeu9GnRC+qhkdh2YQTQ2A=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-szeu9GnRC+qhkdh2YQTQ2A=='; upgrade-insecure-requests; report-uri /csp/report 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; block-all-mixed-content; frame-src https://www.youtube-nocookie.com https://privacy.telethon.fr/ https://td.doubleclick.net 1 script-src self; object-src self; upgrade-insecure-requests 1 default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com www.googleadservices.com crmweb.burkert.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com googleads.g.doubleclick.net; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net crmweb.burkert.com; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com scnem2.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.google-analytics.com *.googleapis.com *.openstreetmap.org *.xiti.com *.osm.org https://stats.g.doubleclick.net https://www.googletagmanager.com https://cdn.icade.fr https://cdn.icade.fr https://cdnjs.cloudflare.com cdn.jsdelivr.net cdn.crowdin.com *.tarteaucitron.io *.google.com *.flockler.com *.flockler.app https://widget.rogervoice.com https://tag.aticdn.net *.gstatic.com placehold.it https://via.placeholder.com https://picsum.photos *.youtube.com https://i.ytimg.com *.fbcdn.net *.cdninstagram.com *.twimg.com *.licdn.com; base-uri 'self'; block-all-mixed-content; frame-ancestors 'self' https://www.google.com; frame-src 'self' *.vimeo.com *.royalcast.com *.companywebcast.com 'unsafe-inline' https://www.google.com https://www.youtube-nocookie.com *.youtube.com https://production-rogeraccess-webapp.rogervoice.com; object-src 'none' 1 frame-ancestors https://go.cargomatic.com/l/911892/2023-10-10/rzl4f 1 default-src 'self' 'unsafe-inline' https://vrweb15.linguatec.org https://piwik.bzga.de/ data: https://shop.bzga.de/ ; img-src 'self' data: blob: https://piwik.bzga.de/ https://shop.bzga.de/ ; script-src 'self' 'unsafe-inline' youtube.com www.youtube.com www.youtube-nocookie.com https://piwik.bzga.de/ ; font-src 'self' data:; worker-src 'self' blob: ; child-src 'self' blob: ; connect-src 'self' https://fonts.openmaptiles.org https://vrweb15.linguatec.org https://piwik.bzga.de/ ; frame-src youtube.com www.youtube.com www.youtube-nocookie.com ; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1 default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005 *.hcaptcha.com; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com *.hcaptcha.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net *.hcaptcha.com 'unsafe-inline' 'nonce-puzZGJ5VIPFl+S5qZYrtYQ=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com *.hcaptcha.com 'unsafe-inline' 'nonce-puzZGJ5VIPFl+S5qZYrtYQ=='; report-uri /csp/report 1 frame-ancestors 'self'; default-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; img-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; font-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; 1 frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1 default-src 'self' *.akamaihd.net *.facebook.com *.kaporal.com *.kaporal.net *.payline.com *.payments-amazon.com *.truefitcorp.com https://photorankapi-a.akamaihd.net *.build.kaporal.net *.heyday.ai pay.google.com *.vimeo.com *.akamaized.net *.sc-static.net *.analytics.google.com blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.appsmiles.eu *.bing.com *.kaporal.com *.cdn.payline.com *.payments-amazon.com/ *.truefitcorp.com https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://photorankapi-a.akamaihd.net https://photorankstatics-a.akamaihd.net https://www.googletagmanager.com pixel.cdnwidget.com *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.criteo.com *.criteo.net *.heyday.ai docs.google.com *.googleadservices.com *.build.kaporal.net unpkg.com *.unpkg.com *.adobe.net *.adyen.com *.contentsquare.net www.google-analytics.com www.paypal.com *.googleapis.com https://commerce.adobedtm.com https://unpkg.com/@adobe/magento-storefront-event-collector@^1/dist/index https://unpkg.com/@adobe/magento-storefront-events-sdk@%5E1/dist/index.js https://magento-recs-sdk.adobe.net/v2/index.js www.paypalobjects.com *.paypal.com *.google.com *.shipup.co *.clarity.ms *.batch.com *.powerspace.com an.pwspace.com t.contentsquare.net contentsquare.com *.contentsquare.com *.pwspace.com *.social-media-system.com social-media-system.com *.sc-static.net sc-static.net api.social-media-system.com www.datadoghq-browser-agent.com https://analytics.tiktok.com *.vimeo.com *.avads.net *.snapchat.com *.affilae.com *.analytics.google.com *.raptorsmartadvisor.com *.raptorstatic.com az19942.vo.msecnd.net pay.google.com blob:;frame-src 'self' *;style-src 'self' 'unsafe-inline' *.amazonaws.com *.cdn.payline.com *.truefitcorp.com photorankstatics-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.googletagmanager.com *.build.kaporal.net *.b.kaporal.net *.googleapis.com *.paypal.com *.adyen.com *.google.com *.shipup.co *.kaporal.com *.heyday.ai *.sc-static.net *.avads.net *.analytics.google.com *.raptorstatic.com pay.google.com;img-src 'self' data: *.akamaihd.net *.amazonaws.com *.appsmiles.eu *.bing.com *.cdnwidget.com www.google.de www.google.pt adservice.google.com www.google.fr www.google.be *.cloudfront.net *.eu-west-3.amazonaws.com *.facebook.com *.kaporal.com *.doubleclick.net googleads.g.doubleclick.net *.kaporal.net *.cdn.payline.com *.pinterest.com *.truefitcorp.com data.photorank.me photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.google.com *.google.fr *.adnxs.com *.criteo.com *.criteo.net *.heyday.ai *.build.kaporal.net *.adyen.com *.pubmatic.com *.analytics.yahoo.com *.yahoo.com *.emxdgt.com *.ad.smaato.net *.mediavine.com *.stickyadstv.com *.ivitrack.com *.sharethrough.com *.omnitagjs.com *.adform.net *.media.net *.teads.tv *.360yield.com *.casalemedia.com *.3lift.com *.smartadserver.com *.taboola.com *.outbrain.com *.tremorhub.com *.ads.yieldmo.com *.rubiconproject.com *.liadm.com *.googleapis.com *.gstatic.com www.paypalobjects.com www.paypal.com *.paypal.com *.shipup.co *.onestock-retail.com *.bidswitch.net *.advertising.com *.rlcdn.com googletagmanager.com s.ad.smaato.net *.mgid.com tbs.tradedoubler.com *.clarity.ms *.batch.com *.powerspace.com public-prod-dspcookiematching.dmxleo.com i.liadm.com criteo-partners.tremorhub.com www.img-static.com r.phywi.org *.contentsquare.net *.contentsquare.com www.googletagmanager.com *.googletagmanager.com *.sc-static.net sync-criteo.ads.yieldmo.com *.vimeo.com *.google-analytics.com *.avads.net id5-sync.com *.yieldlab.net *.criteo.com *.demdex.net *.krxd.net *.thebrighttag.com *.affilae.com *.analytics.google.com pay.google.com *.yahoo.net *.postrelease.com *.raptorstatic.com www.googletagmanager.com;font-src 'self' data: *.kaporal.com *.cdn.payline.com *.truefitcorp.com maxcdn.bootstrapcdn.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com *.shipup.co *.heyday.ai *.sc-static.net *.amazonaws.com *.analytics.google.com pay.google.com;connect-src 'self' *.abtasty.com *.akamaihd.net *.appsmiles.eu *.facebook.com www.google.de www.google.pt adservice.google.com www.google.fr www.google.be *.google-analytics.com *.googleapis.com *.payline.com *.payments-amazon.com *.truefitcorp.com https://graph.facebook.com https://photorankmedia-a.akamaihd.net https://z1photorankmedia-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.doubleclick.net *.g.doubleclick.net *.heyday.ai *.bing.com *.cdnwidget.com *.cdnbasket.net *.kaporal.com *.onestock-retail.com notifpush.com *.clarity.ms www.clarity.ms *.criteo.com *.batch.com *.powerspace.com *.contentsquare.net *.contentsquare.com *.sc-static.net *.snapchat.com *.social-media-system *.pwspace.com api.social-media-system.com www.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.vimeo.com https://analytics.tiktok.com *.build.kaporal.net *.adyen.com *.adobedc.net www.sandbox.paypal.com sslwidget.criteo.com https://commerce.adobedc.net/collector/tp2 https://commerce.adobe.io www.paypalobjects.com www.paypal.com *.paypal.com *.avads.net *.analytics.google.com pay.google.com google.com *.raptorsmartadvisor.com *.raptorstatic.com *.google.com ;base-uri 'self';media-src 'self' data: *.build.kaporal.net *.b.kaporal.net *.p.kaporal.net *.kaporal.com;report-uri /csp/report 1 script-src blob: https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://d5.gs1.mwsrv.de https://consent.cookiefirst.com https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com https://static.virtualbadge.io; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://consent.cookiefirst.com https://d5.gs1.mwsrv.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' https://copilotstudio.microsoft.com https://td.doubleclick.net https://*.googletagmanager.com https://*.gs1-germany.de https://optimize.google.com https://*.walls.io https://consent.cookiefirst.com https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://easy-feedback.com https://*.easy-feedback.com https://ext.nonstoppartner.net https://*.gs1.org https://f5ba538cf0d6445983504cc2cd8ccb42.svc.dynamics.com https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net https://public.virtualbadge.io; frame-ancestors 'self' https://*.dev.mehrwert.de https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1 base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1 default-src 'unsafe-inline' 'unsafe-eval' https: blob:;img-src * data: blob:;font-src * data:; 1 default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1 frame-ancestors t.signalplus.com fi.signalplus.com t.signalplus.net fi.signalplus.net falconx.signalplus.com falconx.signalplus.net t-pre.signalplus.com; 1 default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com; 1 base-uri 'self'; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com https://www.google.com/ https://td.doubleclick.net/; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com https://www.google.com/ https://td.doubleclick.net/; connect-src fonts.googleapis.com fonts.gstatic.com global.sitesearch360.com ict.infinity-tracking.net insights.sitesearch360.com 'self' *.feefo.com *.google.com *.onetrust.com *.paragonbankinggroup.co.uk *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com https://*.google-analytics.com https://www.google.co.uk/ https://stats.g.doubleclick.net/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' cdn.sitesearch360.com cdn-ukwest.onetrust.com ict.infinity-tracking.net snap.licdn.com unpkg.com widget.trustpilot.com *.doubleclick.net *.feefo.com *.paragonbankinggroup.co.uk *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com fonts.googleapis.com register.feefo.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.surveymonkey.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=%2BJPsJtfhssasvvoJMhH59zu0Udy2kHs20opE8MEw1Pklktk8r0mBxYHErg5sApJnNQqh5PKOYE%2Fw%2BwxQuzvmnQ%3D%3D; 1 frame-ancestors 'self' assets.adobedtm.com fondi.widiba.it fondiwidiba.widitools.widiprod; 1 default-src 'self'; img-src 'self'; media-src 'self' data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1 frame-ancestors 'self' bewerbung.jobs 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineaccess1.com https: dc.services.visualstudio.com dl.episerver.net s.ytimg.com *.imi.chat js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net cds-sdkcfg.onlineaccess1.com d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com www.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net connect.facebook.net bat.bing.com cdn.cookielaw.org js.hsforms.net forms.hsforms.com js.hsleadflows.net js.hs-scripts.com js.hs-analytics.net *.onetrust.com cdn.cookielaw.org js.hs-banner.com *.hotjar.com *.hotjar.io www.gstatic.com lh3.googleusercontent.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 8316073.fls.doubleclick.net www.googleadservices.com *.google.com ssl.google-analytics.com www.youtube.com js.adsrvr.org *.umpquabank.com; style-src 'self' 'unsafe-inline' *.imi.chat https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com dl.episerver.net js.hs-scripts.com js.hs-analytics.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com *.ads.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net *.hotjar.com connect.facebook.net bat.bing.com cdn.cookielaw.org 8316073.fls.doubleclick.net js.hsforms.net forms.hsforms.com js.hs-banner.com fonts.googleapis.com tagmanager.google.com; img-src 'self' 'unsafe-inline' *.imi.chat https: lh3.googleusercontent.com dc.services.visualstudio.com *.hotjar.com *.hotjar.io *.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com stats.g.doubleclick.net bat.bing.com px.ads.linkedin.com *.hubspot.com p.adsymptotic.com gateway.zscalerthree.net cdn.cookielaw.org *.umpquabank.com www.googletagmanager.com insight.adsrvr.org www.linkedin.com pixel.advertising.com ib.adnxs.com pixel.rubiconproject.com *.adsrvr.org cm.g.doubleclick.net t.co x.bidswitch.net dsum-sec.casalemedia.com simage2.pubmatic.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' *.imi.chat wss://*.hotjar.com https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com *.hotjar.com:* *.hotjar.io www.google-analytics.com cdn.cookielaw.org *.hubspot.com forms.hsforms.com stats.g.doubleclick.net rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' *.imi.chat https: *.q4cdn.com *.adsrvr.org www.theroishop.com www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com forms.hsforms.com *.umpquabank.com *.hotjar.com *.hotjar.io bid.g.doubleclick.net player.megaphone.fm 9395210.fls.doubleclick.net platform.mi.spglobal.com *.youtube.com *.onetrust.com cdn.cookielaw.org player.ooyala.com *.q4web.com;font-src 'self' 'unsafe-inline' *.imi.chat https: *.umpquabank.com *.hotjar.com *.hotjar.io fonts.gstatic.com data:; 1 frame-ancestors 'self' finance.sponser.co.il 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.e2ma.net https://calendar.google.com https://www.tideschart.com/ https://www.blackbaudhosting.com https://bbox.blackbaudhosting.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.blackbaudhosting.com https://*.hdrelay.com https://hdrelay.com; img-src 'self' data: https://app.e2ma.net https://calendar.google.com https://www.blackbaudhosting.com https://bbox.blackbaudhosting.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.blackbaudhosting.com https://*.hdrelay.com https://hdrelay.com; object-src 'self' data: https://app.e2ma.net https://calendar.google.com https://www.tideschart.com/ https://www.blackbaudhosting.com https://maps.google.com/ https://bbox.blackbaudhosting.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.blackbaudhosting.com https://*.hdrelay.com https://hdrelay.com; frame-src 'self' data: https://app.e2ma.net https://calendar.google.com https://www.tideschart.com/ https://www.blackbaudhosting.com https://maps.google.com/ https://bbox.blackbaudhosting.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.blackbaudhosting.com https://*.hdrelay.com https://hdrelay.com; 1 default-src 'self'; connect-src 'self' *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de *.podigee.io *.podigee-cdn.net; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; report-uri /security/csp/report 1 default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1 font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' ; script-src 'self' *.b-ite.com https://stats.hnee.de 'unsafe-inline' https://cdn.ckeditor.com https://pm.web-vision.de ; connect-src 'self' *.b-ite.com https://stats.hnee.de; img-src * *.b-ite.com data:; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com *.b-ite.com; 1 default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://*.spotify.com https://archiv.yourvideo.tv https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at wss://*.onlim.com https://*.googleapis.com https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com https://*.onlim.com; media-src https://*; worker-src blob: 1 frame-ancestors 'self' www.skaki64.gr skaki64.gr 1 frame-ancestors 'self' aviloo--uat.sandbox.my.site.com site.com 1 frame-ancestors https://betway.be https://betway.com https://betway.de https://www.betway.dk https://betway.es https://www.betway.it https://betway.mx https://beyway.se https://betway.ca https://betway.nl https://betwaysatta.com https://betwaysatta1.com https://betwayarabia.com https://sports.betway.be https://sports.betway.com https://sports.betway.de https://sports.betway.dk https://sports.betway.es https://sports.betway.it https://sports.betway.mx https://sports.beyway.se https://sports.betway.ca https://sports.betway.nl https://sports.betwaysatta.com https://sports.betwaysatta1.com https://sports.betwayarabia.com https://staging.betway.be https://staging.betway.com https://staging.betway.de https://staging.betway.dk https://staging.betway.es https://staging.betway.it https://staging.betway.mx https://staging.beyway.se https://staging.betway.ca https://staging.betway.nl https://staging.betwaysatta.com https://staging.betwaysatta1.com https://staging.betwayarabia.com https://sportsbackend.net https://*.sportsbackend.net https://sportsbackend.dev https://*.sportsbackend.dev https://sportsuat.com https://*.sportsuat.com https://uat.betway.com https://*.uat.betway.com 1 default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl; frame-ancestors 'self' *.ufg.pl; 1 default-src 'self' https://piwik.bzga.de/ script-src 'unsafe-inline' 'unsafe-eval' img-src https://piwik.bzga.de/ 1 default-src 'self' blob: data: https://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net 'unsafe-eval' 'unsafe-inline'; font-src 'self' blob: data: https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us https://fonts.googleapis.com https://fonts.google.com https://fonts.gstatic.com; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com; 1 "default-src *" 1 frame-ancestors 'self' vidaworld.com *.vidaworld.com heromotocorp3--dev.sandbox.my.salesforce.com heromotocorp3--dev.sandbox.lightning.force.com vidaworld--sit.sandbox.lightning.force.com vidaworld.lightning.force.com 1 frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1 default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 1 frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1 frame-ancestors 'self' https://appwizzy.com 1 default-src 'self'; \ script-src 'self' https://ajax.googleapis.com; \ img-src 'self' https://ssl.google-analytics.com 1 default-src: none; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; img-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; object-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; frame-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; 1 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 1 nonsniff 1 default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1 default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 1 script-src 'self' 'unsafe-eval' 'nonce-c8fc65b7a728e2bae41277ffe470d3fe' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'nonce-c8fc65b7a728e2bae41277ffe470d3fe' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U=' 'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU=' 'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4=' 'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o=' 'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A=' 'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0=' 'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg=' 'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0=' 'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk=' 'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k=' 'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g=' 'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM=' 'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc=' 'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA=' 'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw=' 'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA=' 'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8=' 'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM=' 'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60=' 'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk=' 'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA=' 'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4=' 'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA=' 'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0=' 'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo=' 'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg=' 'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8=' 'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk=' 'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4=' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1 default-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://salesiq.zohopublic.com/ https://js.zohocdn.com/ https://static.zohocdn.com/; object-src 'self' style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/ https://css.zohocdn.com/ https://static.zohocdn.com/; img-src 'self' https://icon-library.com/ https://maps.gstatic.com/ https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ https://static.zohocdn.com/ https://us4-files.zohopublic.com/ https://css.zohocdn.com/ data:; media-src 'self' https://static.zdassets.com/ https://static.zohocdn.com/; frame-src 'self' https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/ https://salesiq.zohopublic.com/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/ https://css.zohocdn.com/; connect-src 'self' wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/ https://maps.googleapis.com/ https://salesiq.zohopublic.com https://in.hotjar.com/api/ wss://ws.hotjar.com/ https://content.hotjar.io/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1 default-src * 'self' *.lpsnmedia.net *.billtrust.com; style-src 'self' http://* 'unsafe-inline' *.lpsnmedia.net *.liveperson.net *.billtrust.com https://*.hotjar.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.liveperson.net https://*.hotjar.com assets.adobedtm.com; img-src * 'self' data: https: *.lpsnmedia.net https://*.hotjar.com; font-src 'self' data: https://smart-ip.net *.kaltura.com https://*.hotjar.com; connect-src 'self' wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.azurewebsites.net wss://*.signalr.net *.signalr.net *.kaltura.com *.walkme.com *.demdex.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.omtrdc.net; frame-src * 'self' *.lpsnmedia.net *.liveperson.net; media-src 'self' blob: *.lpsnmedia.net *.kaltura.com; 1 default-src 'self'; connect-src 'self' www.google-analytics.com *.analytics.google.com *.google-analytics.com wss://www.joa.fr stats.g.doubleclick.net via.batch.com ws.batch.com maps.googleapis.com www.novaresa.net www.joa.fr consentcdn.cookiebot.com www.facebook.com; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none' https://enplug.com https://*.enplug.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com module.lafourchette.com widget.thefork.com *.weezevent.com ubishaker.com t.regionsjob.com *.gaming1.com www.google.com widget.fanzo.com www.facebook.com consentcdn.cookiebot.com *.paperform.co; img-src 'self' www.googletagmanager.com media.joa.fr www.google-analytics.com ytimg.com i.ytimg.com img.youtube.com www.facebook.com www.google.com www.google.fr maps.googleapis.com *.gstatic.com data: blob: www.novaresa.net novaresa.net icons.batch.com www.google.ch www.google.hr www.google.lu www.joa.fr www.tripadvisor.fr via.batch.com apply.indeed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com via.batch.com www.youtube.com connect.facebook.net maps.googleapis.com www.novaresa.net www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.joa.fr www.weezevent.com t.regionsjob.com paperform.co; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.novaresa.net www.googletagmanager.com; upgrade-insecure-requests; report-uri /csp 1 base-uri 'none'; default-src 'none'; connect-src 'self' https:; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none' 1 frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com https://support.rockwellautomation.com https://rockwellautomation.custhelp.com 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com wireframe.cc cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-9b8dc06b494bbbc590e147c327cf95b3' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none' 1 allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1 default-src 'self'; \ script-src 'self' https://ajax.googleapis.com; \ img-src 'self' https://ssl.google-analytics.com 1 default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com sky.blackbaudcdn.net www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com connect.facebook.net *.facebook.com *.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs static.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com sky.blackbaudcdn.net widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com connect.facebook.net *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com feeds.trac.jobs static.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io connect.facebook.net *.facebook.com *.facebook.net; img-src 'self' data: blob: www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs static.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io connect.facebook.net *.facebook.com *.facebook.net; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com connect.facebook.net *.facebook.com *.facebook.net; connect-src 'self' *.browsealoud.com feeds.trac.jobs static.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com sky.blackbaudcdn.net payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io connect.facebook.net *.facebook.com *.facebook.net; worker-src 'self' blob:; 1 frame-ancestors khh.travel 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 1 default-src 'none'; base-uri www.hahn-airport.de www.hahn-airport-cargo.com; block-all-mixed-content; connect-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de; font-src www.hahn-airport.de www.hahn-airport-cargo.com; form-action www.hahn-airport.de www.hahn-airport-cargo.com parken.hahn-airport.de; frame-ancestors www.hahn-airport.de www.hahn-airport-cargo.com; frame-src www.hahn-airport.de www.hahn-airport-cargo.com; img-src www.hahn-airport.de www.hahn-airport-cargo.com data: *.openstreetmap.de; media-src www.hahn-airport.de www.hahn-airport-cargo.com; script-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de 'sha256-3gL0ESqaJki/Wh0f/lc2YDLEdxGa87F8Q5TXgPOCikM=' 'sha256-81MEiw1n03G/Umzr1t9TBswGsKYi01GH9Qu+KQu7dD4=' 'sha512-xbcqNOgP70FrlmytA93CaZ+Lh4zepgmKXpUeumuNwRa8sD7TlgTwTgSBKrbiP5/HcguwdErI+ExunDL8rxCrkg==' 'sha512-px1M+IgU2D7N1Ag8ujEEbrR/bWVa9WcgiPLZ6flkhCC+8XiyDRgirHntE0Un+lSGbp4p/VA403aBf4NWUPAD8A==' 'sha512-Tyxc4Zm8bJMo23iSuUGf1AwygBbaOSZEvgDkIoZNrH9oAdhVZp6ZgdFSeajkBFA/J7YY/rQXtXaTxUiZUU1S/w=='; style-src www.hahn-airport.de www.hahn-airport-cargo.com 'unsafe-hashes' fast.fonts.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0kneztpqrRRhpdMukBrBUYV4ZMDr+1A5B/zcgBxiCdQ='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1 default-src 'self'; img-src *; media-src * data:; object-src 'none'; base-uri 'self'; script-src 'self'; 1 default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1 default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-db3121b6c4155004fd19cad8ed40cc9b' 'nonce-171d3e82a70d47c4c116113e5046b51f' 'nonce-cb1f7d9ce7be3435fa89a4fd1b32d3d1' 'nonce-2cb3d6af97d2e0647b990737592ec580' 'nonce-541cdd52f8e30109207682ac298dd3f4' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-db3121b6c4155004fd19cad8ed40cc9b' 'nonce-171d3e82a70d47c4c116113e5046b51f' 'nonce-cb1f7d9ce7be3435fa89a4fd1b32d3d1' 'nonce-2cb3d6af97d2e0647b990737592ec580' 'nonce-541cdd52f8e30109207682ac298dd3f4' 'self' 'unsafe-inline' https: 'report-sample' 1 script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1 frame-ancestors http://*.viewlift.com 1 script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1 frame-ancestors https://*.cloudfront.net https://*.streavent.de https://*.dwa.de https://*.dwa-bayern.de https://*.dwa-bw.de https://*.dwa-hrps.de https://*.dwa-mitte.de https://*.dwa-nord.de https://*.dwa-no.de https://*.dwa-nrw.de https://*.dwa-st.de https://*.gfa-news.de 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoll-portal.de; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1 font-src 'self'; 1 default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-e5a1ce93c81470ea7f352d352d826206' 'nonce-2e3be05306c14d00f435c399b634d1b1' 'nonce-081516ae816179a16e05c95e2551da96' 'nonce-c6c1c4e3c5076341a39724a07ebd1e33' 'nonce-481808fe553b78cd143b4676d2fb2151' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e5a1ce93c81470ea7f352d352d826206' 'nonce-2e3be05306c14d00f435c399b634d1b1' 'nonce-081516ae816179a16e05c95e2551da96' 'nonce-c6c1c4e3c5076341a39724a07ebd1e33' 'nonce-481808fe553b78cd143b4676d2fb2151' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-61db723faa524a7c236555f50b2bb777' 'nonce-474caa55ca5b970d13645b9ab1a84c4f' 'nonce-1553b0de28593d9d5fcb4696ec1a9e55' 'nonce-3d529b70b927c0d6ef0debcb7309494b' 'nonce-fb0004702806ad57e55e6acdadd448f4' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-61db723faa524a7c236555f50b2bb777' 'nonce-474caa55ca5b970d13645b9ab1a84c4f' 'nonce-1553b0de28593d9d5fcb4696ec1a9e55' 'nonce-3d529b70b927c0d6ef0debcb7309494b' 'nonce-fb0004702806ad57e55e6acdadd448f4' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com;style-src 'self' 'unsafe-inline'; 1 default-src 'self' ; frame-src 'self' https://acs2.bgpb.by https://3ds.alfabank.by https://ipcacs.bps-sberbank.by https://3ds.priorbank.by https://emv3ds.npc.by https://emv3ds.npc.by:8443 https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi2.mtbank.by:8046/ https://ucas.npc.by:8443/ https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io https://app.blinger.io https://static.mybank.by data: blob: https://www.google-analytics.com https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1 frame-ancestors 'self' insights.hotjar.com 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 http://127.0.0.1:3000 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de https://staging.bptk.de https://staging-api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1 default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1 default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-knKkWW+2ktGs/Up7zrk/Hw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1 frame-ancestors 'none'; report-uri /report-csp-violation 1 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://translate-pa.googleapis.com/v1/translateHtml https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.aok.de https://mediathek.aok.de https://mediathek.aok.de:8443 https://anonym.aok.de https://vimeo.com https://*.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com https://hcaptcha.com https://newassets.hcaptcha.com; img-src 'self' https://mediathek.aok.de https://anonym.aok.de https://*.vimeocdn https://*.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com data:; object-src none 1 object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.polyfill.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://*.gstatic.com ; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://www.jobup.ch https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net/ https://10857799.fls.doubleclick.net/; 1 default-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com; img-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com data:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; 1 default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 1 frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1 default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com secure.payzen.eu maps.googleapis.com *.paypal.com *.algolia.net *.algolianet.com *.bing.com *.facebook.net *.facebook.com www.googletagmanager.com *.mgtmod01.com *.magnetis.io *.modulecall.fr www.gstatic.com googleads.g.doubleclick.net www.google.fr *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinterest.com *.pinimg.com *.googletagmanager.com *.googlesyndication.com;frame-src 'self' secure.payzen.eu www.youtube.com maps.googleapis.com *.paypal.com secure.ogone.com ogone.test.v-psp.com *.openstreetmap.org *.facebook.com *.youtube-nocookie.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr widget.eu.criteo.com *.pinterest.com *.doubleclick.net *.google.fr;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com *.gstatic.com placehold.it https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr stats.g.doubleclick.net *.youtube-nocookie.com *.ytimg.com googleads.g.doubleclick.net secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.criteo.com e1.emxdgt.com cm.g.doubleclick.net rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com www.googletagmanager.com *.yahoo.net *.postrelease.com *.pinterest.com *.pinimg.com *.adform.net *.facebook.net sync.1rx.io jadserve.postrelease.com *.unrulymedia.com bat.bing.net;font-src 'self' fonts.gstatic.com data: cdn.linearicons.com;connect-src 'self' *.paypal.com *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com *.magnetis.io *.modulecall.fr noembed.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net *.criteo.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.analytics.google.com *.google-analytics.com *.googlesyndication.com *.pinterest.com *.facebook.com *.outbrain.com bat.bing.com bat.bing.net;base-uri 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.gstatic.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://cdn.jsdelivr.net; img-src 'self' data: https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://www.google.com.br/*; object-src 'self' data: https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json; frame-src 'self' data: https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json; 1 frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1 img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de *.fundraisingbox.com; 1 frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1 upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1 frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1 default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-984d8b061587ef6a97ad1babfc86c421' 'nonce-6cf30cf047ede405c134f4ab68029d93' 'nonce-9f16a4f53cd2bc53df11a2708b84d615' 'nonce-9a7874df9883a8714a145ed2914f54ca' 'nonce-dbaf862c5642cd05b72328c5284173cd' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-984d8b061587ef6a97ad1babfc86c421' 'nonce-6cf30cf047ede405c134f4ab68029d93' 'nonce-9f16a4f53cd2bc53df11a2708b84d615' 'nonce-9a7874df9883a8714a145ed2914f54ca' 'nonce-dbaf862c5642cd05b72328c5284173cd' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; block-all-mixed-content; connect-src 'self' googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.at *.cookiebot.eu *.google-analytics.com connect.facebook.net px.ads.linkedin.com px4.ads.linkedin.com stats.g.doubleclick.net *.transgourmet.com *.transgourmet.at svrdntfctn.com analytics.tiktok.com *.googleadservices.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.at *.gstatic.com *.googletagmanager.com *.google-analytics.com api.mapbox.com *.mindspace.at *.vorauerfriends.com *.usercentrics.eu px.ads.linkedin.com px4.ads.linkedin.com *.transgourmet.com *.transgourmet.at *.facebook.com; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.cookiebot.eu *.googletagmanager.com *.google-analytics.com snap.licdn.com connect.facebook.net svrdntfctn.com analytics.tiktok.com *.googleadservices.com; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; report-uri /csp/report 1 frame-ancestors 'self' bam.harridev.com harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com pl.harridev.com ar.harridev.com tr.harridev.com dev.harridev.com fr.dev.harridev.com es.dev.harridev.com ru.dev.harridev.com de.dev.harridev.com pl.dev.harridev.com ar.dev.harridev.com tr.dev.harridev.com newdev.harridev.com stage.harridev.com hmap.harridev.com fr.hmap.harridev.com es.hmap.harridev.com ru.hmap.harridev.com de.hmap.harridev.com pl.hmap.harridev.com ar.hmap.harridev.com tr.hmap.harridev.com dv1.harridev.com dv2.harridev.com sandbox.harridev.com local.harridev.com:9001 fr.local.harridev.com:9001 es.local.harridev.com:9001 ru.local.harridev.com:9001 de.local.harridev.com:9001 pl.local.harridev.com:9001 ar.local.harridev.com:9001 tr.local.harridev.com:9001 local.harridev.com:9002 fr.local.harridev.com:9002 es.local.harridev.com:9002 ru.local.harridev.com:9002 de.local.harridev.com:9002 pl.local.harridev.com:9002 ar.local.harridev.com:9002 tr.local.harridev.com:9002 localhost.harridev.com:9001; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.adobedtm.com *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.facebook.net *.contextweb.com cdn.jsdelivr.net cdnjs.cloudflare.com google.com player.vimeo.com unpkg.com *.newrelic.com *.di-capt.com *.licdn.com *.pmsrv.co *.vimeocdn.com *.opendns.com *.rlcdn.com *.redditstatic.com; frame-src 'self' *.vimeo.com *.adsrvr.org *.doubleclick.net *.googletagmanager.com *.vimeocdn.com otsuka.demdex.net; child-src 'self' *.vimeo.com *.adsrvr.org *.doubleclick.net *.googletagmanager.com *.vimeocdn.com otsuka.demdex.net; report-uri /report-csp-violation 1 default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1 default-src 'self' unpkg.com *.gstatic.com *.clarity.ms maps.googleapis.com google-analytics.com *.google-analytics.com *.analytics.google.com *.doubleclick.net www.google.com google.com delivery.clickonometrics.pl www.awin1.com static.criteo.net welovedata.go2cloud.org *.bing.com *.cookiebot.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com *.stbuttons.click; font-src 'self' *.gstatic.com bat.bing.com *.sovendus.com; frame-src 'self' *.google.com google.com *.youtube.com *.cookiebot.com www.awin1.com bat.bing.com www.mainadv.com www.googletagmanager.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com data:; img-src 'self' data: *.google-analytics.com maps.gstatic.com maps.googleapis.com *.google.com *.clarity.ms www.google.pl www.awin1.com welovedata.go2cloud.org bat.bing.com www.facebook.com *.roeye.com *.cookiebot.com *.bing.com *.sovendus.com *.sharethis.com 'unsafe-inline'; media-src *; script-src 'self' www.google.com *.gstatic.com developers.google.com www.googletagmanager.com clarity.microsoft.com *.clarity.ms *.cookiebot.com delivery.clickonometrics.pl www.dwin1.com connect.facebook.net *.roeyecdn.com *.cloudflareinsights.com *.bing.com *.doubleclick.net *.sovendus.com *.sharethis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com *.clarity.ms *.cookiebot.com *.sovendus.com bat.bing.com 'unsafe-inline' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self'; frame-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://barebells.com/; img-src 'self' data: blob: https://barebells.com/; object-src 'self' data: blob: https://barebells.com/; frame-src 'self' data: blob: https://barebells.com/; 1 default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://*.slinger.to/ https://*.doubleclick.net/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-i6EVCC8b9W/2UZoSONXhqw=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/; upgrade-insecure-requests 1 default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: http://players.brightcove.net https://www.brighttalk.com https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://info.lazardassetmanagement.com https://info.lazardassetmanagement.com http://app-sj29.marketo.com/ https://app-sj29.marketo.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answerstemplates-iife.compiled.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answers.min.js https://answers-embed.lazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.aulazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.uklazardassetmanagement.com.pagescdn.com/iframe.js https://assets.sitescdn.net/answers/v1.6/answers.css https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com http://players.brightcove.net https://www.brighttalk.com http://vjs.zencdn.net/vttjs/ http://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ https://tagmanager.google.com/ https://code.createjs.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com; style-src * 'unsafe-inline'; frame-ancestors 'self' http://info.lazardassetmanagement.com https://info.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com https://players.brightcove.net https://www.brighttalk.com https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/; 1 frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1 frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1 frame-ancestors 'self' 'hackintosh-olarila.com'; 1 font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1 default-src 'self' challenges.cloudflare.com *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud; frame-src 'self' challenges.cloudflare.com *.microsoftonline.com *.powerbi.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' px.ads.linkedin.com challenges.cloudflare.com *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com js.hsforms.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' px.ads.linkedin.com challenges.cloudflare.com data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' snap.licdn.com challenges.cloudflare.com *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' challenges.cloudflare.com *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=CSrelvJVFKZtDoUcrgbyKhMKm4DBBPpJcdaR8h1wZP/5zjHodNdgeQ== 1 default-src *.archiefweb.eu *.wp.com; frame-src *.archiefweb.eu googleads.g.doubleclick.net *.wp.com; script-src 'unsafe-inline' 'unsafe-eval' *.archiefweb.eu *.googleapis.com *.googlesyndication.com adservice.google.nl adservice.google.com *.wp.com; style-src 'unsafe-inline' *.archiefweb.eu *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src data: *.archiefweb.eu fonts.googleapis.com fonts.gstatic.com *.wp.com *.fontawesome.com wordpress.com *.bootstrapcdn.com; media-src *.archiefweb.eu; img-src data: *.archiefweb.eu *.w.org *.wp.com *.wordpress.com *.gravatar.com 1 frame-ancestors *.carkeys.co.uk 1 default-src 'self' data: 'sha256-wJOL4ABbdtljPOwmtmY4U8xp5eI9bSAq+wVNc9yPitU='; 1 default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://embed.podcasts.apple.com https://w.soundcloud.com https://playlist.megaphone.fm; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com 'unsafe-inline' 'nonce-qbasDD8HR2QpjSV9HIgcUA=='; style-src 'self' 'unsafe-inline' 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com*; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com* 1 default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1 default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com usercentrics.eu data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1 object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.google-analytics.com *.msecnd.net *.visualstudio.com *.vimeo.com https://vimeo.com; frame-src 'self' *.vimeo.com https://vimeo.com; font-src 'self' data:; img-src 'self' *.google-analytics.com data:; 1 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; https://whitelabel.2u.com; 1 default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com https://www.google.com/ *.newrelic.com *.onetrust.com; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy https://www.google.com/ *.newrelic.com *.onetrust.com ; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; report-uri /report-csp-violation 1 base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.google-analytics.com *.msecnd.net *.brightcove.net *.twitter.com *.zencdn.net *.twimg.com *.issuu.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twitter.com *.twimg.com; font-src 'self' data:; connect-src 'self' manifest.prod.boltdns.net *.doubleclick.net *.visualstudio.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.google-analytics.com *.akamaihd.net; frame-src 'self' *.twitter.com *.issuu.com; media-src blob:; object-src 'self'; 1 default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com letsgoeasy-koop.de; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://cdn.cookielaw.org https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1 upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1 frame-ancestors 'self' http://pudtoday http://prointnet 1 default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.smart-cloud-intelligence.com/ https://secure.smart-cloud-intelligence.com/js/ https://secure.smart-cloud-intelligence.com/Track/ https://secure.smart-cloud-intelligence.com/js/269760.js https://secure.smart-cloud-intelligence.com/Track/Capture.aspx https://secure.365syndicate-smart.com/js/794216.js https://*.365syndicate-smart.com/ https://secure.365syndicate-smart.com/Track/ https://secure.365syndicate-smart.com/Track/Capture.aspx https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/ https://js.hscollectedforms.net/ https://js.usemessages.com/ https://js.hs-banner.com/ https://js.hubspot.com/ https://js.hs-scripts.com/ https://forms.hscollectedforms.net/; img-src 'self' data: blob: https://fia-tech.com https://www.paypalobjects.com/ https://www.greatplacetowork.com/images/profiles/7037816/ https://secure.gravatar.com/avatar/; object-src 'self' data: blob: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; frame-src 'self' data: blob: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com https://cdn.ckeditor.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1 default-src 'self'; script-src 'self'; includeSubDomains; preload 1 connect-src 'self' pagead2.googlesyndication.com idb.iubenda.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' 'unsafe-inline' data: *.gstatic.com *.bootstrapcdn.com fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; frame-src 'self' www.youtube.com player.vimeo.com *.doubleclick.net *.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' data: i.ytimg.com i.vimeocdn.com *.g.doubleclick.net *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org; script-src 'self' 'unsafe-inline' pagead2.googlesyndication.com *.hotjar.com *.iubenda.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' pagead2.googlesyndication.com *.hotjar.com *.iubenda.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'unsafe-inline' ; worker-src 'self' blob:; upgrade-insecure-requests; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trusted.cdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1 default-src 'self' https://*.clarity.ms https://c.bing.com https://www.google.com 'unsafe-inline';style-src 'self' 'nonce-2HyR9A0Z6L5zHHNXS7wQlouyWjkOEsIRdVdc0pQVgho=' https://www.gstatic.com;img-src * 'self' data: https: https://www.gstatic.com;object-src 'none';frame-ancestors 'none';sandbox allow-forms allow-same-origin allow-scripts allow-downloads allow-popups;base-uri 'self';script-src 'self' 'unsafe-inline' 'nonce-2HyR9A0Z6L5zHHNXS7wQlouyWjkOEsIRdVdc0pQVgho=' 'sha256-kHb9IgtqKl2dZLDx7+YeW7Se1+DGF3pFHdB6SMV3mEg=' https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/utils.js https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag https://www.google-analytics.com/ https://www.googletagmanager.com/gtag/js https://www.clarity.ms/ https://www.clarity.ms/tag/ ;frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.clarity.ms/tag/ ;connect-src 'self' https://www.google-analytics.com/ https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://clarity.ms/ https://*.clarity.ms/ ; 1 frame-ancestors 'self' https://*.lovevite.com 1 none 1 default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.bing.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net; connect-src * 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://trelleborg.se https://trelleborg.se http://*.rekai.se https://*.rekai.se https://analys.trelleborg.se https://translate.google.com/ https://translate.googleapis.com/ https://static.rekai.se/; img-src 'self' data: http://trelleborg.se https://trelleborg.se https://translate.googleapis.com/ https://*ytimg.com/ https://translate.googleapis.com/; object-src 'self' data: http://trelleborg.se https://trelleborg.se https://www.youtube.com https://youtube.com https://youtube.com/ https://*youtube.com/ https://youtube-nocookie.com/ https://*youtube-nocookie.com/ https://youtu.be/ https://translate.google.com https://translate.googleapis.com/ https://youtube.com https://rek.ai/ https://static.rekai.se; frame-src 'self' data: http://trelleborg.se https://trelleborg.se https://www.youtube.com https://youtube.com https://youtube.com/ https://*youtube.com/ https://youtube-nocookie.com/ https://*youtube-nocookie.com/ https://youtu.be/ https://translate.google.com https://translate.googleapis.com/ https://youtube.com https://rek.ai/ https://static.rekai.se; 1 base-uri 'none'; frame-ancestors 'none'; object-src 'none'; script-src https: http: 'unsafe-eval' 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src 'none' 1 worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1 font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.productreview.com.au https://fonts.yieldify-production.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com https://sdk.giftflick.com.au https://libraries.unbxdapi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://ib.adnxs.com https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.eventbrite.com.au https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://bat.bing.com https://sdk.giftflick.com.au https://www.clarity.ms https://googleads.g.doubleclick.net https://cdn.taboola.com https://trc.taboola.com https://wave.outbrain.com https://secure.quantserve.com https://rules.quantcount.com *.retargeted.co https://wisepops.net https://cdn.wisepops.com https://cdn.wisepops.net https://app.getwisp.co https://loader.wisepops.com https://script.crazyegg.com https://ct.pinterest.com https://libraries.unbxdapi.com https://search.unbxdapi.com *.amazonaws.com https://gateway.pmnts.io https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://static.elfsight.com https://cdn.pmnts.io https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com; default-src 'self' https://images.wineselectors.com.au https://vars.hotjar.com https://www.google.com https://www.facebook.com https://notifications.wisepops.com https://wisepops.net; connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://c.flx1.com wss://ws1.hotjar.com https://bacon.section.io https://in.hotjar.com https://www.facebook.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://tr.outbrain.com https://stats.g.doubleclick.net https://t.clarity.ms https://cds.taboola.com https://pips.taboola.com https://maps.googleapis.com *.retargeted.co https://cdn.giftflick.com.au/ https://wisepops.net https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://search.unbxd.io https://www.pinterest.com https://*.unbxd.io https://*.s3.amazonaws.com https://tracking.popsplot.com.au https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://www.google.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://centinelapistag.cardinalcommerce.com https://writer.cardinalcommerce.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://gateway.pmnts.io https://centinelapi.cardinalcommerce.com https://*.execute-api.us-east-1.amazonaws.com; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au https://phosphor.utils.elfsightcdn.com; object-src 'self' https://images.wineselectors.com.au; child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://www.instagram.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://www.google.com.au https://wineselectors.ipscape.com.au https://www.ojrq.net https://tracking.gopsjump.com.au https://*.yieldify.com https://ct.pinterest.com https://ct.pinterest.com https://td.doubleclick.net https://cdn.taboola.com https://wisepops.net https://tracking.popsplot.com.au https://www.googletagmanager.com https://geostag.cardinalcommerce.com https://*.elf.site/ https://geo.cardinalcommerce.com https://www.rsa3dsauth.co.uk https://centinelapi.cardinalcommerce.com https://mycardsecure.com; 1 frame-ancestors https://*.geotab.com https://*.actsoft.com 'self' 1 default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1 script-src 'nonce-abcdefg'; data: blob:; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self'; frame-ancestors 'self'; img-src 'self'; font-src 'self', script-src 'self'; frame-ancestors 'self'; img-src 'self'; font-src 'self' 1 frame-ancestors 'self' https://*.squaredup.com https://squaredup.com https://app.gather.town; 1 frame-ancestors https://*.estratraining.it 1 default-src 'self' www.affidea.com 'unsafe-inline'; script-src 'self' www.affidea.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net hello.myfonts.net www.youtube.com www.googletagmanager.com cdnjs.cloudflare.com snap.licdn.com az416426.vo.msecnd.net connect.facebook.net www.facebook.com www.google-analytics.com px.ads.linkedin.com dc.services.visualstudio.com region1.google-analytics.com; img-src 'self' www.affidea.com; style-src 'self' www.affidea.com; script-src-elem 'elem' www.affidea.com affidea.com; style-src-elem 'self' www.affidea.com; media-src: 'self'; 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com static.hotjar.com sc-static.net connect.facebook.net embed.tawk.to *.google-analytics.com *.paypal.com script.hotjar.com ajax.googleapis.com ws.colissimo.fr api.mapbox.com *.axept.io *.tawk.to cdn.jsdelivr.net *.matomo.cloud *.googleapis.com *.snapchat.com *.youtube.com landing.ls.skeepers.io googleads.g.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: www.googleadservices.com;frame-src 'self' *.snapchat.com vars.hotjar.com *.google.fr *.facebook.com *.tawk.to *.youtube.com *.calameo.com *.vimeo.com td.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' tagmanager.google.com api.mapbox.com ws.colissimo.fr embed.tawk.to cdn.jsdelivr.net fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com blob:;img-src 'self' data: tr.snapchat.com *.facebook.com *.google.fr *.google.com *.onyourmap.com ws.colissimo.fr *.mapbox.com axeptio.imgix.net *.tawk.to cdn.jsdelivr.net tawk.link script.hotjar.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.be favicons.axept.io spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.terreseteaux.fr *.mux.com;font-src 'self' data: ws.colissimo.fr *.tawk.to fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net github.com fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com *.mux.com;connect-src 'self' *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne in.hotjar.com stats.g.doubleclick.net ws.colissimo.fr *.hotjar.io *.axept.io tr.snapchat.com *.hotjar.com *.tawk.to wss://*.tawk.to wss://*.hotjar.com api.sandbox.getalma.eu api.getalma.eu maps.googleapis.com terreseteaux.matomo.cloud *.facebook.com *.analytics.google.com *.google.com *.snapchat.com *.googlesyndication.com spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.mux.com *.litix.io stream.mux.com *.skeepers.io googleads.g.doubleclick.net;base-uri 'self';media-src 'self' data: *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com stream-mux.com *.mux.com blob:;report-uri /csp/report;form-action secure.payzen.eu *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com 1 default-src 'self' https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://i.ytimg.com https://images-secure.pixibox.com https://cdn.couponai.fr https://brands.click2buy.com https://analytics.clic2buy.com https://widget.clic2buy.com https://www.instagram.com https://instagram.com https://capig.stape.cloud https://www.facebook.com; font-src 'self' data: https://cloud.typography.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://widget.clic2buy.com https://widget.clic2drive.com https://clients.clic2drive.com https://brands.click2buy.com https://analytics.clic2buy.com https://assets.clic2buy.com https://www.youtube.com https://www.instagram.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.elle-et-vire.com https://assets.clic2buy.com https://fonts.googleapis.com; report-uri /nelmio/csp/report 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1 base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-dfayDOTZL7zy0aQrHsEJIRSs' 'nonce-tYSQXJdZpnILJtx8TkgJWNOg' 'nonce-9rFXE1jQ1ehpXAOzy1BsFBIq' 'nonce-h61vmBHK7TtHaovnorNUcTLC' 'nonce-1ypAw4P427m2+jLUHX/CXcdn' 'nonce-MSdT+6R/5j8BxjLedRGXBoDM' 'nonce-UUI22uXV4wCuowvSjcWkrVG3' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1 frame-ancestors 'self' https://*.etracker.com 1 default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1 frame-ancestors http://programasgratis.searchmgr.com/ 1 frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; frame-ancestors 'self' 1 frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1 default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se *.bidtheatre.com chat.hotelchat.ai; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com *.cookiebot.com backend.chatbase.co; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com *.doubleclick.net chat.hotelchat.ai; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net *.chatbase.co; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; connect-src 'self' *.commerce-connector.com https://privacyportal-de.onetrust.com https://www.google.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/ https://to.go.saleswingsapp.com/ https://tr.snapchat.com https://tr6.snapchat.com/p; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ 'sha256-9MlVOFgVL3vdQAQf3KXlQN3k3Da5b6nXBLN7fBwtG0g=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-HafXvaQJap18P9Lg3EQgSuF7N0M0NF/Wda0deflYZTI=' 'sha256-xK2ILyn56eGOiSmkE5xNp8IyiLb82KhtFoksRMn+2+8=' 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' 'nonce-173767752596300' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1 default-src 'self' https://*.sendpulse.com https://*.doubleclick.net https://*.datatables.net; font-src 'self' data: https://yeni.iskultur.com.tr https://*.sendpulse.com https://fonts.gstatic.com *.bootstrapcdn.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://*.wp.com; object-src 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.firebasedatabase.app https://*.onesignal.com https://onesignal.com/ https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://unpkg.com https://*.alexametrics.com https://connect.facebook.net https://*.unpkg.com https://cdn.visitorlab.com https://rec.smartlook.com/ https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.sendpulse.com https://*.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://*.iskultur.com.tr https://*.ampproject.org https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.google-analytics.com https://*.addthis.com https://*.facebook.com https://*.twitter.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.bootstrapcdn.com https://*.wp.com https://*.gravatar.com; style-src 'self' https://*.onesignal.com https://onesignal.com https://*.iskultur.com.tr https://*.sendpulse.com https://secure.gravatar.com https://*.wp.com https://cdn.jsdelivr.net https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.google.com https://*.iskultur.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.gravatar.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.gaug.es/ https://c.clarity.ms/c.gif https://*.googleadservices.com https://*.iskultur.com.tr https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png https://*.alexametrics.com https://*.googletagmanager.com https://*.facebook.com https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.iskultur.com.tr https://*.sendpulse.com https://*.placeholder.com https://*.doubleclick.net https://secure.gravatar.com https://www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.wp.com https://pixel.wp.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com *.firebasedatabase.app https://td.doubleclick.net/ https://online.flippingbook.com/ https://www.facebook.com https://tpc.googlesyndication.com/ https://tpc.googlesyndication.com https://www.youtube.com https://bid.g.doubleclick.net/ https://www.youtube.com https://sanalpos.isbank.com.tr/ https://*.yandex.ru https://www.facebook.com https://*.yandex.com.tr https://*.yandex.com https://yandex.com.tr https://*.yandex.ru https://www.google-analytics.com https://*.sendpulse.com https://*.iskultur.com.tr https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://secure.gravatar.com https://*.wp.com; connect-src 'self' https://*.google.com https://onesignal.com wss://*.firebasedatabase.app https://*.yandex.com https://analytics.google.com https://*.doubleclick.net https://*.facebook.com https://ymetrica1.com https://*.googleapis.com https://www.google-analytics.com https://*.yandex.ru https://pushdata.sendpulse.com:4434/ https://manager.smartlook.com/ https://manager.eu.smartlook.com/ https://collect.visitorlab.com/142134579 https://cdn.ampproject.org 1 *.cookieyes.com cdn-cookieyes.com 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.doubleclick.net; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch *.cablex-germany.de; frame-ancestors *.cablex.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.cablex-germany.de *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com *.google.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.youtube.com *.doubleclick.net; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch *.cablex-germany.de; upgrade-insecure-requests 1 font-src 'self' data: fonts.gstatic.com;img-src * data: ; 1 default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval' ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1 default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.openstreetmap.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1 default-src https://*.google-analytics.com https://*.googletagmanager.com; block-all-mixed-content; connect-src 'self' https://*.google.com https://*.google-analytics.com https://*.facebook.com; font-src 'self'; frame-src https://www.youtube.com https://calendly.com https://www.montareturns.com https://www.googletagmanager.com https://td.doubleclick.net https://*.facebook.com; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://www.mollie.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.facebook.com; manifest-src 'self'; object-src https://www.youtube.com; script-src 'self' https://www.youtube.com https://*.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.net https://*.facebook.com 'nonce-uF9cgTtrK2YGxx8S3Sf7+w=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.soundcloud.com https://forms.office.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.tiktok.com https://*.doubleclick.net https://widget.tablefever.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com https://*.google.be https://*.google.nl; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-HQgktLe+a+uEvSwkcNgdfg=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.google.com fonts.googleapis.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tag.demandbase.com script.hotjar.com kit.fontawesome.com *.googletagmanager.com *.google.com *.google.co.uk www.gstatic.com cdn-apac.onetrust.com player.vimeo.com pi.pardot.com *.onetrust.com *.hsadspixel.net *.google-analytics.com googleads.g.doubleclick.net static.hotjar.com snap.licdn.com ws.zoominfo.com *.hs-scripts.com *.txone.com *.hs-banner.com *.hs-analytics.net js-eu1.usemessages.com *.googleadservices.com www.youtube.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com txone.localdev; img-src 'self' data: *.linkedin.com segments.company-target.com id.rlcdn.com track-eu1.hubspot.com *.onetrust.com dnbe7xanmz9uh.cloudfront.net *.gravatar.com media.txone.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google.com.tw googleads.g.doubleclick.net fonts.gstatic.com; media-src 'self' media.txone.com dnbe7xanmz9uh.cloudfront.net youtu.be; connect-src 'self' segments.company-target.com tag-logger.demandbase.com api.company-target.com stats.g.doubleclick.net ws.zoominfo.com *.fontawesome.com yoast.com *.linkedin.oribi.io *.onetrust.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com api-eu1.hubapi.com pagead2.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io api-eu1.hubspot.com googleads.g.doubleclick.net google.com px.ads.linkedin.com; frame-src 'self' s.company-target.com tag.demandbase.com www.google.com youtube.com www.youtube.com youtu.be player.vimeo.com *.youtube-nocookie.com td.doubleclick.net app-eu1.hubspot.com; frame-ancestors 'self'; object-src 'none' 1 default-src 'self' data:; block-all-mixed-content; connect-src http: https: ws: blob: 'self' *.tinymce.com *.tiny.cloud blob:; font-src 'self' data: fonts.gstatic.com *.tinymce.com *.tiny.cloud *.fontawesome.com; img-src 'self' data: http: https: *.tinymce.com *.tiny.cloud data: blob:; script-src 'self' 'unsafe-inline' js-agent.newrelic.com static.zdassets.com *.zendesk.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com *.posthog.com *.tinymce.com *.tiny.cloud 'nonce-F87tndP8LbtfGZg75cwnCQ=='; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com *.tinymce.com *.tiny.cloud; upgrade-insecure-requests 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1 frame-ancestors 'self' decisely.com *.decisely.com 1 default-src 'self' data: wss://b24.sosedi.by google.com b24.sosedi.by https://www.google-analytics.com https://analytics.google.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://core-renderer-tiles.maps.yandex.net https://td.doubleclick.net https://api.mindbox.ru https://www.google.com https://www.google.by http://mc.yandex.ru https://bitrix.info; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru:* https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru/services/coverage/v2/* https://yastatic.net https://connect.facebook.net livechatv2.chat2desk.com https://b24.sosedi.by:* https://vk.com https://analytics.tiktok.com https://top-fwz1.mail.ru http://www.google-analytics.com http://maps.google.com https://bitrix.info https://api.mindbox.ru https://www.googletagmanager.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com https://*.mail.ru http://googleads.g.doubleclick.net http://cdn.voximplant.com; style-src 'self' 'unsafe-inline' b24.sosedi.by http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:*; img-src 'self' data: https:; font-src 'self' data: http://*.gstatic.com:*; 1 default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com apps.mypurecloud.com.au player.vimeo.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com www.google-analytics.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com staticcdn.co.nz apps.mypurecloud.com.au; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1 default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https: rldb:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1 default-src 'self' blob:; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self' https://md-scp.kampyle.com;upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://*.worldpay.com https://*.lowell.co.uk https://lowell.co.uk https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://optimize.google.com https://*.decibelinsight.net https://*.decibelinsight.com https://pay.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://bat.bing.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://widget.trustpilot.com https://www.youtube.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.lowell.co.uk https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://stats.g.doubleclick.net https://google.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com wss://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://ubt-lb.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://ubt-lb.digital-cloud.medallia.com https://uk.cc.avayacloud.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://noembed.com https://cdn.plyr.io;frame-ancestors https://*.cardinalcommerce.com https://applepay.cdn-apple.com https://*.lowell.co.uk https://lowell.co.uk https://www.fisglobal.com https://pay.google.com https://*.lowellgroup.co.uk;style-src 'self' 'unsafe-inline' https://*.lowell.co.uk https://lowell.co.uk https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://resources.digital-cloud-uk.medallia.eu https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://googletagmanager.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://*.lowell.co.uk https://lowell.co.uk https://*.google-analytics.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://www.facebook.com https://connect.facebook.net data: https://bat.bing.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://i.ytimg.com https://tools.applemediaservices.com https://toolbox.marketingtools.apple.com;object-src data: 'unsafe-eval' https://*.lowell.co.uk;frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://*.doubleclick.net https://optimize.google.com https://www.googletagmanager.com https://*.lowell.co.uk/ https://*.lowellgroup.co.uk https://pay.google.com app.vwo.com *.visualwebsiteoptimizer.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://www.youtube.com https://widget.trustpilot.com;font-src 'self' https://*.lowell.co.uk https://lowell.co.uk https://fonts.gstatic.com https://fonts.googleapis.com https://applepay.cdn-apple.com data: https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://td.doubleclick.net;worker-src 'self' https://*.decibelinsight.net wss://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.com blob:;media-src https://mpsnare.iesnare.com data:; 1 default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1 default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gtranslate.net connect.facebook.net/en_US/sdk.js stats.st-denis.cloud-ed.fr translate.google.com *.googleapis.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com; img-src 'self' data: blob: apicivique.s3.eu-west-3.amazonaws.com cdn.gtranslate.net plainecommune.fr fonts.gstatic.com www.gstatic.com www.google.fr translate.googleapis.com *.google.com; frame-src *; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' apicivique.s3.eu-west-3.amazonaws.com/jvalogo.svg cdn.gtranslate.net stats.st-denis.cloud-ed.fr connect.facebook.net *.googleapis.com; upgrade-insecure-requests 1 default-src 'self'; img-src 'self' cdnmedia.endeavorsuite.com cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com cdnmedia.endeavorsuite.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1 default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-702a4c6dbb74b859d47192bdafcd4431' 'nonce-4bacd186b6bc35df38cf6c4eee097570' 'nonce-c24b1675bbb53a4adcfda8df94f7d801' 'nonce-070cac758058b6439f30f6e6f097f2de' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-702a4c6dbb74b859d47192bdafcd4431' 'nonce-4bacd186b6bc35df38cf6c4eee097570' 'nonce-c24b1675bbb53a4adcfda8df94f7d801' 'nonce-070cac758058b6439f30f6e6f097f2de' 'self' 'unsafe-inline' https: 'report-sample' 1 script-src 'nonce-O3R2jh+XdRCsd6fSY/zqDKWJ+OA=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.googleapis.com youtube.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com *.doubleclick.net *.youtube.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.siteimprove.net *.curator.io *.google.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com curator-assets.b-cdn.net *.googletagmanager.com *.google.com.au *.google.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com *.google.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.siteimprove.com *.facebook.com td.doubleclick.net player.vimeo.com *.googletagmanager.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net *.siteimprove.com api.curator.io *.addthis.com *.pingdom.net maps.googleapis.com *.google.com *.googlesyndication.com *.googleadservices.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-eval' https://*.app.cookieinformation.com https://siteimproveanalytics.com https://*.mouseflow.com https://www.youtube.com 'nonce-a046fbcd2d8748f5b2f539bf5bfa6be7097291bacad246088e9572f718bf851155f415d31a9543c184e42a6a5b535a6a'; frame-ancestors *.commentor.dk https://pensure.dk https://drb.bankdata.dk https://*.bankdata.dk https://*.jyskebank.dk https://*.pension.dk *.bec.dk http://pbuapp.ngrok.io https://portal.pfa.dk https://mit.pfa.dk https://mitpfa.dk https://www.industrienspension.dk https://Pka.dk https://Pbu.dk https://Lppension.dk *.danicapension.dk *.appension.dk *.pensure.dk https://mppension.dk *.pka.dk *.pbu.dk *.lppension.dk drb://drb.jyskebank.dk https://drb.jyskebank.dk https://localhost:44337/* https://akademikerpension.dk https://*.sydbank.dk https://*.almbrand.dk drb://drb.sydbank.dk drb://drb.almbrand.dk https://staging.pengeprofilen.dk https://min.pengeprofilen.dk https://app.kreditdata.dk *.mitotium.dk *.pensure.dk https://drb.nordfynsbank.dk drb://drb.nordfynsbank.dk https://drb.skjernbank.dk drb://drb.skjernbank.dk https://drb.djurslandsbank.dk drb://drb.djurslandsbank.dk https://drb.kreditbanken.dk drb://drb.kreditbanken.dk https://drb.landbobanken.dk drb://drb.landbobanken.dk https://drb.spks.dk drb://drb.spks.dk https://netpension.velliv.dk 1 report-uri //report-csp-violation 1 default-src 'self' https://*.dev-constructor.dev https://*.test-constructor.dev https://*.stage-constructor.dev https://*.constructor.app https://academy.datarockstars.ai https://learn.constructor.university https://learn.acronis.com https://dummy-tenant-for-prod.alemira.dev https://lms.constructor.school https://learn.bpsme.com https://training.acronis.com; object-src 'none'; frame-ancestors https://*.dev-constructor.dev https://*.test-constructor.dev https://*.stage-constructor.dev https://*.constructor.app https://academy.datarockstars.ai https://learn.constructor.university https://learn.acronis.com https://dummy-tenant-for-prod.alemira.dev https://lms.constructor.school https://learn.bpsme.com https://training.acronis.com; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline' https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://service.force.com; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://static.lightning.force.com https://*.salesforceliveagent.com 'self' 'unsafe-eval' 'nonce-cd8959cfc41044cba9f4a86b967667b3'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.newforma.com/ https://bimtrack.co https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://service.force.com/ 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://konekt.help.newforma.com https://storbtqa.blob.core.windows.net/staticcontentcontainer/ https://www.newforma.com data: https://bt03storage.blob.core.windows.net/; 1 frame-ancestors https://www.facebook.com https://www.venetacucine.com 1 block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com https://scontent.cdninstagram.com https://*.cdninstagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tag.aticdn.net 1 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://dev.visualwebsiteoptimizer.com https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://app.vwo.com https://cdn.harvest.graindata.com https://a.omappapi.com;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com https://a.omappapi.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://a.omappapi.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com https://static.cloud.coveo.com https://staticdev.cloud.coveo.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;manifest-src 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;upgrade-insecure-requests;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/enforce; 1 default-src data: https: http:;script-src 'self' resource://pdf.js/ 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'unsafe-inline' https: http: blob:;object-src 'self' blob:;img-src 'self' https://*.everesttech.net https://dhlcom.d3.sc.omtrdc.net/ data: blob:;connect-src blob: 'self' https://*.demdex.net https://*.dhl.com https://*.video-cdn.net https://*.hereapi.com https://*.usetiful.com https://*.dpdhl.com;worker-src blob: 1 upgrade-insecure-requests; block-all-mixed-content 1 report-uri https://abgtr7ca.uriports.com/reports/enforce 1 base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-MDcyMTk4M2Y2Y2NkMDE2MDZjMzdkZWQ2ZjZiZTIzYmUyNzkzMWJjYjhkZDQxZTRjMzBkNThlZDQwZDYzZDM4ZTRiZmU3ZGY0MWYzNGYwYzg1NWI4MzAxNDEzNWU3YTIxZDFhMmEyZWY2MjhiMTdlMzJkNDZhOTAyZTRhNmUwZDM=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1 default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self' 1 frame-ancestors rextheme.com; 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube-nocookie.com https://*.monday.com https://*.doubleclick.net https://*.slinger.to/ https://fonts.bunny.net/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.google.nl; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-PIyZi3GDCm2Q4TiJAPRWTQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/ https://fonts.bunny.net/; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1 script-src 'self'; object-src 'self' 1 default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net *.youtube.com view.genial.ly view.genially.com *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1 frame-ancestors 'self' http://localhost:* https://localhost:* https://*.lexjet.com 1 default-src 'self' *.google-analytics.com *.c-budejovice.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wbtrk.net cdnjs.cloudflare.com *.gstatic.com *.google-analytics.com player.wowza.com www.googletagmanager.com *.hotjar.com *.x.com *.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.cloudflare.com; img-src 'self' cbudejovice01.webtrekk.net fbc.wcfbc.net *.googletagmanager.com; frame-src 'self' *.hotjar.com *.pesweb.cz *.c-budejovice.cz *.facebook.com *.twitter.com *.x.com *.jwplayer.com *.youtube.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; connect-src 'self' in.hotjar.com *.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self'; frame-ancestors 'self'; img-src 'self'; font-src 'self'; object-src 'none'; require-trusted-types-for 'script' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com code.jquery.com:* static.addtoany.com:* cdn.jsdelivr.net:* googleads.g.doubleclick.net:* connect.facebook.net:* cdnjs.cloudflare.com:* cdn.cookielaw.org:* *.gigya.com:* accounts.us1.gigya.com:* zn2wommevxgdjsbls-nestleglobalmktg.siteintercept.qualtrics.com:* siteintercept.qualtrics.com:* cdn.adimo.co:* app.tintup.com:* tintup.com:* www.tintup.com campaigns-api.adimo.co:* campaigns.adimo.co:* www.google.com www.recaptcha.net www.gstatic.com preprod-api.nestlegoodnes.com:* js-agent.newrelic.com:* api.nestlegoodnes.com:* assets.pinterest.com:* nestle.atlassian.net:* nestlephilippines.qualifioapp.com:*; object-src 'none'; frame-src 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com cdns.us1.gigya.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com campaigns-api.adimo.co campaigns.adimo.co assets.pinterest.com nestle.atlassian.net nestlephilippines.qualifioapp.com; frame-ancestors 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com cdns.us1.gigya.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com campaigns-api.adimo.co campaigns.adimo.co assets.pinterest.com nestle.atlassian.net nestlephilippines.qualifioapp.com 1 default-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud 'unsafe-inline' 1 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com *.wonderlandmovies.de *.stage.sto.adacor.net ar.merci.at ar.merci.pl *.amazonaws.com assets.mikmak.workers.dev; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.googleadservices.com *.googleapis.com *.pricespider.com *.mapbox.com *.mikmak.tv *.amplitude.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.pricespider.com *.wonderlandmovies.de *.stage.sto.adacor.net staebchen-designer.merci.de *.mikmak.tv *.amazonaws.com *.googleapis.com *.gstatic.com attach-videos.s3.amazonaws.com *.cloudfront.net *.albertsons-media.com *.media-amazon.com *.walmartimages.com assets.mikmak.workers.dev; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.pricespider.com *.mapbox.com *.mikmak.tv *.googleapis.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mapbox.com *.iriworldwide.com *.mikmak.tv *.amplitude.com *.cloudfunctions.net *.browser-intake-datadoghq.com *.googleapis.com; font-src 'self' data: *.storck.com *.gstatic.com; frame-src 'self' data: ar.merci.at ar.merci.pl *.stage.sto.adacor.net staebchen-designer.merci.de blob: di.rlcdn.com; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.vimeo.com *.google-analytics.com ajax.googleapis.com maps.gstatic.com consentcdn.cookiebot.com secure.gravatar.com www.googletagmanager.com maps.googleapis.com fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com consent.cookiebot.com stats.docu.info; 1 connect-src 'self' 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://log.cookieyes.com/ https://cdn-cookieyes.com/; font-src 'self' 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://td.doubleclick.net https://player.vimeo.com; img-src 'self' 'self' data: https://i.ytimg.com https://secure.gravatar.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://cdn-cookieyes.com/ ; script-src 'self' 'unsafe-eval' 'self' https://player.vimeo.com/ https://code.jquery.com https://koi-3qmu8xz7u2.marketingautomation.services https://static.addtoany.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com/ https://code.jquery.com https://www.googletagmanager.com https://koi-3qmu8xz7u2.marketingautomation.services https://player.vimeo.com https://www.google-analytics.com; script-src-attr 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net; style-src-attr 'unsafe-inline' ; upgrade-insecure-requests; 1 default-src 'self'; object-src 'self' https://pts.blacksim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.blacksim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.blacksim.de https://umfrage.blacksim.de https://pts.blacksim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.blacksim.de https://stats.blacksim.de https://imagepool.blacksim.de https://pts.blacksim.de https://analytics.tiktok.com https://umfrage.blacksim.de; script-src 'strict-dynamic' 'nonce-9b66f503351da4bb4b61c36237b6beaf' 'nonce-7e5109073e9e5f5bf4be6f69f2a07385' 'nonce-0ec2d45ed4df6cc2c8fc139012d73a29' 'nonce-d9c16c63c7144f0375ae18b48d061c73' 'nonce-bb398fe65c747c8489593a6aaa4542ee' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.blacksim.de https://umfrage.blacksim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9b66f503351da4bb4b61c36237b6beaf' 'nonce-7e5109073e9e5f5bf4be6f69f2a07385' 'nonce-0ec2d45ed4df6cc2c8fc139012d73a29' 'nonce-d9c16c63c7144f0375ae18b48d061c73' 'nonce-bb398fe65c747c8489593a6aaa4542ee' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net unpkg.com player.vimeo.com www.vimeo.com f.vimeocdn.com static.userback.io www.google.com www.gstatic.com https://www.chipta.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com fonts.googleapis.com static.userback.io; img-src data: 'self' *.vimeocdn.com *.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.vimeo.com vimeo.com www.google.com https://iframeshop.chipta.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com https://static.userback.io; connect-src 'self' api.userback.io https://*.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 1 default-src 'none'; script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1 default-src 'self'; font-src *;img-src * data:; script-src *; style-src * https:; 1 report-to 'self' ; child-src 'self' 'unsafe-inline' self; connect-src 'self' 'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self' 'unsafe-inline' self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' 'unsafe-inline' self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' 'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' s.w.org; object-src 'self' ; script-src 'self' 'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self' 'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' ; worker-src 'self' 'unsafe-inline' blob:; 1 default-src 'self' 'unsafe-inline' https://www.googleadservices.com/ https://cdn.jsdelivr.net https://*.pype.tech/ https://bam.nr-data.net/ https://*.linkedin.com/ https://measurement-api.criteo.com https://google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.launchdarkly.com/ https://*.onetrust.com https://cdn.cookielaw.org/ https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://google.com https://www.facebook.com https://my.matterport.com https://*.clarity.ms https://*.googlesyndication.com 'self' https://maps.googleapis.com/ https://business-api.tiktok.com/ https://analytics.tiktok.com/ https://*.clarity.ms/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pype.tech https://business-api.tiktok.com/ https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://*.criteo.net https://*.vimeocdn.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://*.facebook.net https://www.googleadservices.com https://*.clarity.ms/ https://*.googlesyndication.com https://analytics.tiktok.com/ https://*.vimeo.com https://rules.quantcount.com https://secure.quantserve.com https://snap.licdn.com https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.net https://use.fontawesome.com https://*.pypest; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://related.my.salesforce-sites.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com https://www.googletagmanager.com; upgrade-insecure-requests 1 urbanohio.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 1 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' c.bing.com snap.licdn.com *.analytics.google.com *.hotjar.com *.doubleclick.net www.gstatic.com www.google.com apis.google.com maps.googleapis.com googleadservices.com www.xart.cz fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.ccvision.de www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.cz connect.facebook.net giphy.com *.facebook.com akamaihd.net fbcdn.net fb.me fbsbx.com api.mapy.cz mapserver.mapy.cz tagmanager.google.com ssl.gstatic.com fe.marketingovalista.cz sc.lfeeder.com tr.lfeeder.com static.userback.io api.userback.io www.googleadservices.com app.marketingovalista.cz accounts.google.com *.clarity.ms *.google-analytics.com *.googlesyndication.com 1 img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cmmdhoksda.cloudimg.io/ https://cdnjs.cloudflare.com https://cmmdhoksda.cloudimg.io/ https://uploads-ssl.webflow.com/ https://cdn.jsdelivr.net https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://svc.webspellchecker.net/ https://postcodes.io; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com https://13646485.fls.doubleclick.net/ https://td.doubleclick.net/ https://www.googletagmanager.com/; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/ https://svc.webspellchecker.net/ https://postcodes.io https://pagead2.googlesyndication.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.google-analytics.com https://www.google.com/ https://www.thedesignfactory.co.uk; font-src data: 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self' https://uploads-ssl.webflow.com; object-src 'self'; frame-ancestors none 1 default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com *.criteo.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com *.criteo.com/* pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com *.cloudflareinsights.com unpkg.com *.greenhouse.io *.resonate.com *.reson8.com *.criteo.com; report-uri /report-csp-violation 1 default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net *.videodelivery.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net medien.bka.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.videodelivery.net; img-src 'self' data: *.bka.de *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de *.facebook.com; 1 default-src 'self' *.relay42.com *.doubleclick.net googletagmanager.com *.googlesyndication.com *.googleadservices.com *.in.applicationinsights.azure.com westeurope.livediagnostics.monitor.azure.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com *.in.applicationinsights.azure.com westeurope.livediagnostics.monitor.azure.com *.svtrd.com https://tagmanager.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com optimize.google.com gstatic.com https://googletagmanager.com https://tagmanager.google.com;img-src data: 'self' *.achmea.nl *.contentsquare.net *.googlesyndication.com *.r42tag.com *.relay42.com https://www.googletagmanager.com maps.googleapis.com maps.gstatic.com optimize.google.com region1.analytics.google.com region1.google-analytics.com www.advieskeuze.nl www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com https://i.ytimg.com *.w3.org *.vimeocdn.com px.ads.linkedin.com px4.ads.linkedin.com google.be translate.google.com fonts.gstatic.com googleads.g.doubleclick.net rekentools.webbridge.nl zilverenkruis.nl *.svtrd.com https://googletagmanager.com;font-src data: 'self' fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.facebook.net *.googlesyndication.com api.advieskeuze.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com www.google-analytics.com *.google.com *.doubleclick.net translate.googleapis.com *.in.applicationinsights.azure.com westeurope.livediagnostics.monitor.azure.com www.google.com;media-src 'self' *.youtube-nocookie.com player.vimeo.com www.youtube.com;object-src 'self' https://td.doubleclick.net/;child-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com optimize.google.com www.google.com player.vimeo.com t.svtrd.com td.doubleclick.net rekentools.webbridge.nl www.youtube.com https://td.doubleclick.net/ https://tpc.googlesyndication.com/;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://achmea.ams.report-uri.com/r/t/csp/enforce; 1 frame-ancestors kinmen.travel www.kinmen.travel pwa.kinmen.travel 'self' 1 script-src http: https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors *; form-action *;media-src *; default-src 'self' www.optimizecdn.com; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; frame-src *; connect-src *; 1 frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1 script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com blob: https://*.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.surveymonkey.com https://js.stripe.com/v3/; img-src 'self' https://nzmca.s3.ap-southeast-2.amazonaws.com https://d1o3mhf2l0m2f4.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.surveymonkey.com; frame-src *.google.com https://*.doubleclick.net youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.stripe.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.surveymonkey.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com; worker-src blob: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gumlet.com/; img-src 'self' data: https://www.gumlet.com/; object-src 'self' data: https://www.gumlet.com/ https://video.gumlet.io https://play.gumlet.io; frame-src 'self' data: https://www.gumlet.com/ https://video.gumlet.io https://play.gumlet.io; 1 default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com www.googleadservices.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com 'self' https: *.vulcano.pt; media-src 'self' https: mycliplister.com; font-src 'self' *.hotjar.com wss://*.hotjar.com *.vulcano.pt; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.vulcano.pt; script-src dock.ui.bosch.tech https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1 default-src 'none'; block-all-mixed-content; connect-src 'self' https://api.getaddress.io https://*.google-analytics.com https://*.googletagmanager.com; font-src https://assets.nurserymilk.co.uk; frame-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; img-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/ data:; object-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; script-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' 'sha256-//t8DN+5PHt8HhW5JH2ig7gM5SCiAAJ19Gba5fqlebw='; style-src https://assets.nurserymilk.co.uk; report-uri /_csp/report 1 base-uri 'none';child-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com;connect-src 'self' ws: wss: https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://assets.zuko.io https://api.zuko.io https://b9r8u7pkx0.execute-api.eu-west-1.amazonaws.com/v1/domains/homegroup.org.uk/forms/ https://zuko-session-replay-recordings-prod.s3.amazonaws.com/ webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com https://*.ttwstatic.com https://*.consultationonline.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://www.googletagmanager.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://*.ceros.com https://assets.zuko.io https://api.zuko.io https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://www.googletagmanager.com; 1 default-src 'self' *.timeavenue.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://mc.yandex.com https://yastatic.net *.bitrix24.ru *.bitrix24.com *.jivosite.com https://googletagmanager.com *.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://connect.facebook.net *.roistat.com https://api-maps.yandex.ru https://*.maps.yandex.net *.maps.yandex.net https://ajax.googleapis.com https://web.redhelper.ru *.google-analytics.com https://ipinfo.io https://geocode-maps.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.bitrix24.ru https://web.redhelper.ru *.roistat.com data: blob:; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https: data: https://mc.yandex.ru; frame-src 'self' blob: *.web-creator.com https://securepay.rsb.ru https://www.facebook.com https://www.youtube.com *.bitrix24.ru *.bitrix24.com https://web.redhelper.ru https://docs.google.com https://yandex.ru https://mc.yandex.com https://api-maps.yandex.ru; connect-src 'self' *.web-creator.com https://mc.yandex.ru https://bitrix.info *.bitrix24.ru *.bitrix24.com *.jivosite.com https://*.jivo.ru wss: https://www.facebook.com *.timeavenue.ru *.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.com https://api-maps.yandex.ru https://*.maps.yandex.net; object-src 'self' *.web-creator.com https://docs.google.com; frame-ancestors 'self' *.web-creator.com http://webvisor.com; 1 default-src 'self';block-all-mixed-content ;connect-src 'self' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.zopim.com *.zdassets.com wss://* 'self' *.google-analytics.com goedapotheek.zendesk.com *.doubleclick.net *.zendesk.com *.hotjar.io *.hotjar.com *.googleapis.com *.cookiehub.net zendesk-eu.my.sentry.io www.google.be maps.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com https://analytics.goed.be pagead2.googlesyndication.com goed.containers.piwik.pro goed.piwik.pro tr.outbrain.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.zopim.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.zopim.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.be *.facebook.com secure.adnxs.com *.zendesk.com *.goed.be *.hotjar.com *.outbrain.com www.surplusgezondheid.be tr.outbrain.com www.blabla.be i.ytimg.com www.thuiszorgwinkel.be www.google.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.zopim.com *.google-analytics.com *.google.com *.cookiehub.net static.zdassets.com cookiehub.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.cookiehub.net cookiehub.net;report-uri /csp/violation/report;frame-src www.youtube.com *.vimeo.com www.google.com clementineweb.azurewebsites.net *.jotform.com *.jotformeu.com optimize.google.com *.facebook.com *.actito.com *.hotjar.com *.testyourhearing.com www.goed.be www.yumpu.com form.jotformeu.com form.jotform.com submit.jotformeu.com mozbar.moz.com www3.actito.com loremipsum.io www.google.be www.hln.be eur03.safelinks.protection.outlook.com www.testyourhearing.com https://bid.g.doubleclick.net td.doubleclick.net https://my.3-dee.be/tour/goed;media-src static.zdassets.com *.goed.be www.goed.be;script-src-elem *.googleapis.com *.zopim.com *.zdassets.com data connect.facebook.net trk.adbutter.net *.hotjar.com *.googleoptimize.com *.cookiehub.net cookiehub.net www.googleoptimize.com players.yumpu.com static.hotjar.com amplify.outbrain.com www.youtube.com tr.outbrain.com 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.google.com static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src-elem fonts.googleapis.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline' *.google.com 1 default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com https://instapi.s3.rbx.io.cloud.ovh.net *.imagino.com https://metrics.fabriquedestyles.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals ; base-uri 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.duosecurity.com *.cookielaw.org *.onetrust.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com *.cookielaw.org data:; 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1 default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1 frame-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://11639395.fls.doubleclick.net *.doubleclick.net https://promotion.mars.de/PAF/wp/2024-q3-PEDIGREE-DE/ https://promotion.mars.de/wp/2024-q3-PAWPARADE-DE https://promotion.mars.de/wp/2024-q3-PED-TDZ-DE *mars.acsitefactory.com https://marspulse.my.salesforce-sites.com https://survey.mars.com https://marspulse.my.salesforce.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.cookielaw.org; child-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://11639395.fls.doubleclick.net *.doubleclick.net https://promotion.mars.de/PAF/wp/2024-q3-PEDIGREE-DE/ https://promotion.mars.de/wp/2024-q3-PAWPARADE-DE https://promotion.mars.de/wp/2024-q3-PED-TDZ-DE *mars.acsitefactory.com https://marspulse.my.salesforce-sites.com https://survey.mars.com https://marspulse.my.salesforce.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.cookielaw.org 1 default-src 'self' https://*.facebook.net https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.gstatic.com https://*.youtube-nocookie.com https://*.youtube.com https://*.matterport.com https://snazzymaps.com https://*.snazzymaps.com; block-all-mixed-content; img-src 'self' data: https://placeholder.inventis.be https://*.ytimg.com https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.google.fr https://*.google.de https://*.vimeocdn.com https://*.facebook.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.vimeo.com 'nonce-PBC5+EnO5iJHsQzAPVvjQw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1 frame-ancestors https://*.fsfx.com.br 1 default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data: http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1 default-src 'self';script-src 'self'; 1 default-src 'none'; connect-src 'self' *.google-analytics.com *.googlesyndication.com *.google.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.typekit.net; frame-src *.google.com *.googletagmanager.com https://www.youtube-nocookie.com/; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net unpkg.com *.google.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.seznam.cz *.facebook.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net unpkg.com *.cloudflare.com *.googleapis.com *.typekit.net *.seznam.cz *.facebook.net 1 default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1 default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; object-src *; media-src *; frame-src *; worker-src *; child-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; block-all-mixed-content; 1 frame-ancestors https://*.innovatrics.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net dc.services.visualstudio.com oss.maxcdn.com *.fastway.org *.fastway.co.nz *.fastwayenquiries.com www.fastwayfms.com *.api.fastway.org *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.googleusercontent.com *.googleusercontent.com *.google.com googleadservices.com youtube.com *.fastway.com.au https://*.messagebird.com localhost:44399 wss://localhost:44399; 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/; img-src *; font-src https://use.fontawesome.com/; report-uri https://login.libraryconnect.com/csp/report 1 default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg www.google.mu www.google.com.tj www.google.com.kw ajax.cloudflare.com www.google.com.pe www.google.li www.google.com.gh www.google.sn www.google.bj www.google.dz www.google.com.jm www.google.com.cu; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1 frame-ancestors 'self' https://shopproxy.p-s-s.de ; style-src 'self' localhost:* https://fonts.googleapis.com https://test.vr-pay-ecommerce.de http://oxomi.com 'unsafe-inline' 1 default-src 'self' 'unsafe-inline' wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;style-src * 'unsafe-inline' https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*; 1 frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com https://www.google-analytics.com/analytics.js https://play.pod.co; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net; img-src 'self' data: shielded.co.nz i.ytimg.com staticcdn.co.nz; style-src 'self' 'unsafe-inline'; font-src 'self' data: staticcdn.co.nz; frame-src 'self' www.youtube.com www.google.com staticcdn.co.nz https://play.pod.co https://open.spotify.com https://omny.fm https://www.rnz.co.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 frame-ancestors https://*.communaute-paysbasque.fr 1 report-uri https://www.physiocheck.us/shared/actions/content-security-policy-report.php; script-src-elem 'inline' 'unsafe-inline' 'unsafe-eval' 'self' bat.bing.com googletagmanager.com www.google.com www.google.nl https://www.googletagmanager.com googleads.g.doubleclick.net googleadservices.com https://www.googleadservices.com tpc.googlesyndication.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com maps.google.com maps.googleapis.com play.google.com geo.cookie-script.com cdn.cookie-script.com www.sjwoe.com code.jquery.com connect.facebook.net www.facebook.com www.clarity.ms *.hotjar.com; script-src 'inline' 'unsafe-inline' 'unsafe-eval' 'self' bat.bing.com googletagmanager.com googleads.g.doubleclick.net tpc.googlesyndication.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com https://www.googleadservices.com www.googleoptimize.com maps.google.com maps.googleapis.com play.google.com www.sjwoe.com code.jquery.com connect.facebook.net www.facebook.com; img-src: 'self' bat.bing.com www.googletagmanager.com; frame-src 'self' *.googletagmanager.com www.trustpilot.com tpc.googlesyndication.com td.doubleclick.net www.youtube-nocookie.com www.youtube.com player.vimeo.com maps.google.com maps.googleapis.com www.google.com www.google.nl connect.facebook.net www.facebook.com *.chargebee.com 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-Zpy9h+qyWckgYV69' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.*;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self'; connect-src 'self' https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com https://archive.cloudpense.com https://hwarchive.cloudpense.com https://cloudpense.s3.cn-north-1.amazonaws.com.cn https://*.id.opendns.com https://cptmp.s3.cn-north-1.amazonaws.com.cn https://cpuae.s3.cn-north-1.amazonaws.com.cn https://cprmy.s3.cn-north-1.amazonaws.com.cn https://cpadx.s3.cn-north-1.amazonaws.com.cn https://cloudpenseforremy.s3.cn-north-1.amazonaws.com.cn https://cpdcj.s3.cn-north-1.amazonaws.com.cn https://cpnlt.s3.cn-north-1.amazonaws.com.cn https://cpkgf.s3.cn-north-1.amazonaws.com.cn https://cppxc.s3.cn-north-1.amazonaws.com.cn https://cphsf.s3.cn-north-1.amazonaws.com.cn https://cpjrc.s3.cn-north-1.amazonaws.com.cn https://cpnpp.s3.cn-north-1.amazonaws.com.cn https://cpwhx.s3.cn-north-1.amazonaws.com.cn https://cpssf.s3.cn-north-1.amazonaws.com.cn https://cpcfg.s3.cn-north-1.amazonaws.com.cn https://cpevc.s3.cn-north-1.amazonaws.com.cn https://cplgg.s3.cn-north-1.amazonaws.com.cn https://cpshw.s3.cn-north-1.amazonaws.com.cn https://cpjsb.s3.cn-north-1.amazonaws.com.cn https://cpdfc.s3.cn-north-1.amazonaws.com.cn https://cpzzz.s3.cn-north-1.amazonaws.com.cn https://cpcea.s3.cn-north-1.amazonaws.com.cn https://cpfsn.s3.cn-north-1.amazonaws.com.cn https://cphxw.s3.cn-north-1.amazonaws.com.cn https://cpzto.s3.cn-north-1.amazonaws.com.cn https://s3ssf.cloudpense.com https://oss-sh.innoventbio.com https://budget-control-oss-sh.innoventbio.com https://cpdfc.obs.cn-east-3.myhuaweicloud.com https://hwobs-prd.obs.cn-east-3.myhuaweicloud.com https://cpdfc01.obs.cn-east-3.myhuaweicloud.com https://*.cloudpense.com https://cloudpense-simcere.isimcere.com https://expense.3sbio.com https://jianyuefeikong.obs.cn-east-3.myhuaweicloud.com https://exp.mabwell.com https://3s-feikong-gj.oss-cn-shanghai-internal.aliyuncs.com https://expensegj.3sbio.com https://cp-sanhome.s3.cn-north-1.amazonaws.com.cn https://ossfeikongprd.fosunpharmasales.com https://invpool.junshipharma.com https://cloudpense.natonmed.cn https://cphrstw.s3.ap-southeast-1.amazonaws.com https://hsk-pense.s3.cn-north-1.amazonaws.com.cn https://pay-oss.fosunpharma.com https://feikong-health.oss-cn-shanghai.aliyuncs.com https://pay-oss.fosunhealth.com https://ossa.superamoytop.com https://cloudpense.ferring.cn https://shuyi-feikong-prod.shuyi.org.cn https://cwfk-oss.cosmo-lady.com https://pay-oss.fosunapexvac.com https://fdccs.akesobio.com https://cloudpensezhongshan.ferring.cn https://yjfk-oss.proya.com https://*.nanke.cloudpense.com; font-src 'self' data:; form-action 'self' https://www.corporatetravel.ctrip.com/corpservice/authorize/login https://www.cwt-online.com.cn/TicketClient/User/SSOLogin.aspx https://ct.ctrip.com/corpservice/authorize/login https://vsp.jd.com/strust/login https://user-vsp.jd.com/ https://trip-hisv.taobao.com/ding/trustLogin.htm https://admin.alibtrip.com https://travel.alibtrip.com https://market.m.taobao.com https://market.m.alibtrip.com https://ai.alimebot.taobao.com https://login.m.taobao.com https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com https://archive.cloudpense.com https://hwarchive.cloudpense.com; frame-ancestors 'self'; frame-src https: blob: 'self' https://route.cloudpense.com https://avision.cloudpense.com https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com https://archive.cloudpense.com https://hwarchive.cloudpense.com; worker-src 'self'; img-src https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com https://archive.cloudpense.com https://hwarchive.cloudpense.com 'self' data: blob: https://cloudpense.s3.cn-north-1.amazonaws.com.cn https://*.id.opendns.com https://cptmp.s3.cn-north-1.amazonaws.com.cn https://cpuae.s3.cn-north-1.amazonaws.com.cn https://cprmy.s3.cn-north-1.amazonaws.com.cn https://cpadx.s3.cn-north-1.amazonaws.com.cn https://cloudpenseforremy.s3.cn-north-1.amazonaws.com.cn https://cpdcj.s3.cn-north-1.amazonaws.com.cn https://cpnlt.s3.cn-north-1.amazonaws.com.cn https://cpkgf.s3.cn-north-1.amazonaws.com.cn https://cppxc.s3.cn-north-1.amazonaws.com.cn https://cphsf.s3.cn-north-1.amazonaws.com.cn https://cpjrc.s3.cn-north-1.amazonaws.com.cn https://cpnpp.s3.cn-north-1.amazonaws.com.cn https://cpwhx.s3.cn-north-1.amazonaws.com.cn https://cpssf.s3.cn-north-1.amazonaws.com.cn https://cpcfg.s3.cn-north-1.amazonaws.com.cn https://cpevc.s3.cn-north-1.amazonaws.com.cn https://cplgg.s3.cn-north-1.amazonaws.com.cn https://cpshw.s3.cn-north-1.amazonaws.com.cn https://cpjsb.s3.cn-north-1.amazonaws.com.cn https://cpdfc.s3.cn-north-1.amazonaws.com.cn https://cpzzz.s3.cn-north-1.amazonaws.com.cn https://cpcea.s3.cn-north-1.amazonaws.com.cn https://cpfsn.s3.cn-north-1.amazonaws.com.cn https://cphxw.s3.cn-north-1.amazonaws.com.cn https://cpzto.s3.cn-north-1.amazonaws.com.cn https://s3ssf.cloudpense.com https://oss-sh.innoventbio.com https://budget-control-oss-sh.innoventbio.com https://cpdfc.obs.cn-east-3.myhuaweicloud.com https://hwobs-prd.obs.cn-east-3.myhuaweicloud.com https://cpdfc01.obs.cn-east-3.myhuaweicloud.com https://*.cloudpense.com https://cloudpense-simcere.isimcere.com https://expense.3sbio.com https://jianyuefeikong.obs.cn-east-3.myhuaweicloud.com https://exp.mabwell.com https://3s-feikong-gj.oss-cn-shanghai-internal.aliyuncs.com https://expensegj.3sbio.com https://cp-sanhome.s3.cn-north-1.amazonaws.com.cn https://ossfeikongprd.fosunpharmasales.com https://invpool.junshipharma.com https://cloudpense.natonmed.cn https://cphrstw.s3.ap-southeast-1.amazonaws.com https://hsk-pense.s3.cn-north-1.amazonaws.com.cn https://pay-oss.fosunpharma.com https://feikong-health.oss-cn-shanghai.aliyuncs.com https://pay-oss.fosunhealth.com https://ossa.superamoytop.com https://cloudpense.ferring.cn https://shuyi-feikong-prod.shuyi.org.cn https://cwfk-oss.cosmo-lady.com https://pay-oss.fosunapexvac.com https://fdccs.akesobio.com https://cloudpensezhongshan.ferring.cn https://yjfk-oss.proya.com https://*.nanke.cloudpense.com https://images.bthhotels.com https://foto.hrsstatic.com https://dimg04.c-ctrip.com https://pavo.elongstatic.com https://atour-east.qiniu.yaduo.com; media-src 'self' https://video-public.s3.cn-north-1.amazonaws.com.cn; object-src blob:; script-src 'self' 'unsafe-inline' https://cloudpense.s3.cn-north-1.amazonaws.com.cn https://*.id.opendns.com https://cptmp.s3.cn-north-1.amazonaws.com.cn https://cpuae.s3.cn-north-1.amazonaws.com.cn https://cprmy.s3.cn-north-1.amazonaws.com.cn https://cpadx.s3.cn-north-1.amazonaws.com.cn https://cloudpenseforremy.s3.cn-north-1.amazonaws.com.cn https://cpdcj.s3.cn-north-1.amazonaws.com.cn https://cpnlt.s3.cn-north-1.amazonaws.com.cn https://cpkgf.s3.cn-north-1.amazonaws.com.cn https://cppxc.s3.cn-north-1.amazonaws.com.cn https://cphsf.s3.cn-north-1.amazonaws.com.cn https://cpjrc.s3.cn-north-1.amazonaws.com.cn https://cpnpp.s3.cn-north-1.amazonaws.com.cn https://cpwhx.s3.cn-north-1.amazonaws.com.cn https://cpssf.s3.cn-north-1.amazonaws.com.cn https://cpcfg.s3.cn-north-1.amazonaws.com.cn https://cpevc.s3.cn-north-1.amazonaws.com.cn https://cplgg.s3.cn-north-1.amazonaws.com.cn https://cpshw.s3.cn-north-1.amazonaws.com.cn https://cpjsb.s3.cn-north-1.amazonaws.com.cn https://cpdfc.s3.cn-north-1.amazonaws.com.cn https://cpzzz.s3.cn-north-1.amazonaws.com.cn https://cpcea.s3.cn-north-1.amazonaws.com.cn https://cpfsn.s3.cn-north-1.amazonaws.com.cn https://cphxw.s3.cn-north-1.amazonaws.com.cn https://cpzto.s3.cn-north-1.amazonaws.com.cn https://s3ssf.cloudpense.com https://oss-sh.innoventbio.com https://budget-control-oss-sh.innoventbio.com https://cpdfc.obs.cn-east-3.myhuaweicloud.com https://hwobs-prd.obs.cn-east-3.myhuaweicloud.com https://cpdfc01.obs.cn-east-3.myhuaweicloud.com https://*.cloudpense.com https://cloudpense-simcere.isimcere.com https://expense.3sbio.com https://jianyuefeikong.obs.cn-east-3.myhuaweicloud.com https://exp.mabwell.com https://3s-feikong-gj.oss-cn-shanghai-internal.aliyuncs.com https://expensegj.3sbio.com https://cp-sanhome.s3.cn-north-1.amazonaws.com.cn https://ossfeikongprd.fosunpharmasales.com https://invpool.junshipharma.com https://cloudpense.natonmed.cn https://cphrstw.s3.ap-southeast-1.amazonaws.com https://hsk-pense.s3.cn-north-1.amazonaws.com.cn https://pay-oss.fosunpharma.com https://feikong-health.oss-cn-shanghai.aliyuncs.com https://pay-oss.fosunhealth.com https://ossa.superamoytop.com https://cloudpense.ferring.cn https://shuyi-feikong-prod.shuyi.org.cn https://cwfk-oss.cosmo-lady.com https://pay-oss.fosunapexvac.com https://fdccs.akesobio.com https://cloudpensezhongshan.ferring.cn https://yjfk-oss.proya.com https://*.nanke.cloudpense.com; style-src 'self' 'unsafe-inline'; 1 default-src 'self'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com; font-src 'self' http://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://atal.pl/ https://*.atal.pl/ https://googletagmanager.com https://*.googletagmanager.com; img-src 'self' data: https://atal.pl/ https://*.atal.pl/; object-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; frame-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://gssapps.ebscohost.com/ https://forms.office.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 allow 'self' *.ceca.es; 1 frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1 frame-ancestors 'self' https://app.blacksidersociety.pro; 1 default-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://stats.g.doubleclick.net https://snap.licdn.com https://*.linkedin.com https://*.clarity.ms; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com; font-src 'self' https://pro.fontawesome.com; frame-src https://www.facebook.com https://www.google.com https://www.youtube.com; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://www.google-analytics.com/ https://*.google.com/ https://www.google.co.za https://www.facebook.com https://snap.licdn.com https://*.linkedin.com https://www.google.es; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1 default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-7b4001d1b7f249376b5dba9c9a251aec' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.clarity.ms *.abtasty.com *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com https://image.comunicacionesdk.doctoraki.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com https://image.comunicacionesdk.doctoraki.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-GiI3hvmi1SzJdBq4' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.*;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'self' *.instagram.com *.cookiebot.com *.facebook.net *.googleadservices.com *.google.com *.youtube.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net; img-src * data:; script-src 'unsafe-inline' 'self' *.instagram.com *.cookiebot.com *.facebook.net *.googleadservices.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com; style-src 'unsafe-inline' *; font-src 'self' fonts.gstatic.com; frame-src 'self' *.google.com *.cookiebot.com *.facebook.net *.googleadservices.com *.google.com *.youtube.com 1 default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com *.redditstatic.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com *.reddit.com ; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com *.googletagmanager.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com *.reddit.com *.redditstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1 frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1 frame-src https://www.olisnet.com/ https://olisnet.com/ https://www.fa.olisnet.com/ https://www.tableau.olisnet.com/ https://www.edr.olisnet.com/ https://ebanking-auth.edmond-de-rothschild.eu/ 1 base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com *.olark.com trafmag.utarget.ru *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com; object-src 'none'; img-src 'self' *.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; frame-src 'self' https://www.careopinion.org.uk/ https://www.patientopinion.org.uk/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://graph.facebook.com/ https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' https://video.cdninstagram.com/ 1 allow 'self' data: blob; 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com www.creativecomputerconsulting.ca *.tiktok.com *.ttwstatic.com; 1 base-uri 'self';child-src 'none';connect-src 'self' *.amplitude.com *.analytics.google.com *.cloud.gist.build *.cloudinary.com *.cookieyes.com/ *.customer.io *.daily.co *.datocms-assets.com *.doubleclick.net *.featuregates.org/ *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io *.ingest.de.sentry.io *.ingest.sentry.io *.intercom.io *.linkedin.com/ *.mux.com *.productfruits.com *.pusher.com *.refersion.com *.segment.com *.segment.io *.sendbird.com *.statsigapi.net/ *.trustpilot.com *.vercel-analytics.com *.vercel-insights.com *.youtube.com adservice.google.com analytics.google.com browser-intake-datadoghq.eu cdn-cookieyes.com cdn.linkedin data: embed.acuityscheduling.com featuregates.org/ onesignal.com open.spotify.com statsigapi.net/ vercel.live/ wss://*.daily.co wss://*.intercom.io wss://*.productfruits.com wss://*.pusher.com wss://*.sendbird.com wss://ws.hotjar.com;default-src 'self';font-src 'self' *.hotjar.com *.intercomcdn.com *.typekit.net data: fonts.gstatic.com vercel.live;form-action 'self' *.facebook.com;frame-ancestors 'none';frame-src *.acuityscheduling.com *.daily.co *.facebook.com *.gist.build *.googletagmanager.com *.gotolstoy.com *.hotjar.com *.refersion.com *.spotify.com *.stripe.com *.trustpilot.com *.trustpilot.io *.typeform.com *.vercel *.vercel.app *.youtube.com copilot.as.me daily.flown.com intercom-sheets.com preview.daily.flown.com vercel.live;img-src 'self' *.ap-south-1.amazonaws.com *.cloudinary.com *.customer.io *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.linkedin.com *.onesignal.com *.productfruits.com *.sendbird.com *.tenor.com *.twitter.com *.vercel.com *.ytimg.com data: t.co vercel.com www.datocms-assets.com;manifest-src 'self';media-src 'self' *.mux.com blob://* www.datocms-assets.com;object-src 'none';script-src 'self' 'nonce-b6d0a69ac04a2fddffac5d304744059d8898' 'sha256-+SoN4AYEO7MIojy8t+pMAZVDX7KhQzTQI+8i7LAo6HM=' 'sha256-111DY6ucUS2euDqh93ylFTnnaf+9aYuD3PJWCgYTn+w=' 'sha256-1QiKvWvaeuGeYkEbME0QclU2tCRDQDKlL0+XrFuFVmE=' 'sha256-4OZKYuOHAce0LSFazkaayEWT6JLiXt0Lgcre3+Sjuis' 'sha256-5hBVOyELPCqO/N8CikapnRXXhZz/HRHfgNRUZjqshG4=' 'sha256-BzHBoZ8xtfQm3LNTbReiluIPQRcxisgx2mdRNwpNHcU=' 'sha256-HNMk6SVD8tUFzYDasCBApUarqEuczJ8aXgX1n5N0p7Q=' 'sha256-I0qRwJzAAHaN1/K5UoQ0GuHLe7PtFhYYrrarj8PErRw=' 'sha256-IPgMRJYZUz8lznT1nRXD6HDFgXoVQQVY/3wT108wLLc=' 'sha256-L7S+VtFKJtIFUp0HP9li29GjkFAcQontRK8dW5uQsA8=' 'sha256-Y/Nm6FoRDI7eFQwN1V+6XqC4IbTg8tzyEPJSfNZBxME=' 'sha256-ccEm0GiYLjsbXK3KbKT4QFcC00OAoxtFYKLZSuMuo8k=' 'sha256-eJYOFA2XbEBxR3DHqvNKwdAh8lugXzY/fgrkbF2gzMo=' 'sha256-fApKFPeDHEwP3jIdVMBOuJMYDSkTooaFkD59Sp8RN0M=' 'sha256-grdef4AlM85kk/jkVX+XN4vPTxKfb/Kx7cURs8XZBDE=' 'sha256-l6DO/mJ8d7LuRBtvgk+eUTzCnCcJ6jXkDQ7iMTcjmmo=' 'sha256-tUnHUS+zXnbf2U7tp5cxVGi7KZn4YeMzH5kcUUtxnHc=' *.acuityscheduling.com/ *.ads-twitter.com *.amplitude.com *.cookieyes.com *.customer.io *.daily.co *.facebook.net *.gist.build/ *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.intercom.io *.intercomcdn.com *.licdn.com/ *.onesignal.com *.productfruits.com *.refersion.com *.segment.com *.stripe.com *.trustpilot.com *.youtube.com accounts.google.com blob://* cdn-cookieyes.com embed.typeform.com onesignal.com vercel.live/ vitals.vercel-analytics.com vitals.vercel-insights.com;style-src 'self' 'unsafe-inline' *.cookieyes.com *.intercom.io *.intercomcdn.com *.productfruits.com *.typeform.com cdn-cookieyes.com fonts.googleapis.com onesignal.com vercel.live;worker-src 'self' blob:;report-to default;report-uri https://flown-reports.uriports.com/reports/report; 1 frame-src 'self' https://calendly.com https://cdn.affinipay.com https://ep2.adtrafficquality.google https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src * 'self' blob: data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.userway.org *.gstatic.com *.contextweb.com *.doubleclick.net *.googleadservices.com *.calendly.com calendly.com *.akamaihd.net *.cmsuapps.com *.typekit.net *.googletagmanager.com stats.sa-as.com *.brightcove.com *.brightcove.net *.google-analytics.com *.pardot.com stats.g.doubleclick.net go.us.medical.canon www.google.com vjs.zencdn.net *.boltdns.net *.brightcovecdn.com *.googleapis.com *.youtube.com *.twimg.com *.ytimg.com www.gstatic.com *.gravatar.com *.twitter.com *.seismic.com; frame-ancestors 'self' *.pardot.com *.salesforce.com *.seismic.com 1 default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://se.sms-service.dk/ https://cdn1.readspeaker.com/ https://skattekollen.se/ https://connect.facebook.net/ https://app.intric.ai/ https://www.monsteras.se/ https://prod.e-srv.se/ https://unpkg.com/; img-src 'self' data: https://2.aerial.maps.ls.hereapi.com/ https://skattekollen.se/ https://objektvision.se/ https://media.readspeaker.com/ https://connect.facebook.net/ https://secure.gravatar.com/ https://www.monsteras.se/ https://a.basemaps.cartocdn.com/ https://b.basemaps.cartocdn.com/ https://c.basemaps.cartocdn.com/ https://d.basemaps.cartocdn.com/ https://server.arcgisonline.com/ https://i.ytimg.com/; object-src 'self' data: https://se.sms-service.dk/ https://objektvision.se/ https://recruit.visma.com/ https://export.objektvision.se/ https://connect.facebook.net/ https://connect.facebook.net/ https://www.facebook.com/ https://www.monsteras.se/ https://www.youtube.com/; frame-src 'self' data: https://se.sms-service.dk/ https://objektvision.se/ https://recruit.visma.com/ https://export.objektvision.se/ https://connect.facebook.net/ https://connect.facebook.net/ https://www.facebook.com/ https://www.monsteras.se/ https://www.youtube.com/; 1 default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://maps.googleapis.com https://maps.gstatic.com data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://www.googletagmanager.com https://imgsct.cookiebot.com https://forms.hsforms.com https://perf-eu1.hsforms.com https://26706590.fs1.hubspotusercontent-eu1.net https://www.google.de https://www.google.com; object-src data:; frame-src 'self' mailto: tel: *.krone-dev.cybob-one.com *.krone-agriculture.com https://*.mykrone.green https://mykrone.green https://*.krone.de *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com https://my.matterport.com https://forms-eu1.hsforms.com https://td.doubleclick.net https://www.googletagmanager.com ; script-src 'self' 'unsafe-inline' https://www.google.com https://forms-eu1.hubspot.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hsforms.net/forms/embed/v2.js https://js-eu1.hsforms.net https://js-eu1.hubspot.com *.clarity.ms https://www.youtube.com; connect-src 'self' https://pagead2.googlesyndication.com https://www.googleadservices.com *.clarity.ms https://www.googletagmanager.com https://region1.analytics.google.com https://www.google.de https://www.google.com https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hubspot.com https://cta-eu1.hubspot.com https://f.clarity.ms https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1 default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src *.sibelga.be *.youtube.com *.youtube-nocookie.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net prod.sibelga2.marlon.be *.google.com https://playplay.com www.google.com www.gstatic.com; img-src * 'self' data: cdn-cookieyes.com; manifest-src prod.sibelga2.marlon.be 'self'; script-src *.sibelga.be 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com *.youtube.com *.youtube-nocookie.com tagmanager.google.com snap.licdn.com cookie-cdn.cookiepro.com cdn.matomo.cloud *.matomo.cloud www.google.com www.gstatic.com corsproxy.io *.cookieyes.com cdn-cookieyes.com; style-src prod.sibelga2.marlon.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1 default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1 img-src 'self' *.norma.fr https://piwik.norma-online.de https://captcha.liveidentity.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma.fr https://piwik.norma-online.de www.youtube.com blob:; object-src 'none'; font-src 'self' *.norma.fr; 1 default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de https://analytics.tiktok.com https://umfrage.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-9bdafd73b1e11bb7b9b2df1112046ce7' 'nonce-f4f972ee06d22e782cb1188c47165d80' 'nonce-127bb05999e091adbd2c3f72967c2314' 'nonce-a059dbb4cf18c5535509ea04e1a13ee6' 'nonce-7cf3f8d978d25b3c8b3ce122edc643fd' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.deutschlandsim.de https://umfrage.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9bdafd73b1e11bb7b9b2df1112046ce7' 'nonce-f4f972ee06d22e782cb1188c47165d80' 'nonce-127bb05999e091adbd2c3f72967c2314' 'nonce-a059dbb4cf18c5535509ea04e1a13ee6' 'nonce-7cf3f8d978d25b3c8b3ce122edc643fd' 'self' 'unsafe-inline' https: 'report-sample' 1 connect-src 'self' 'unsafe-inline' *.unpkg.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.mouseflow.com *.linkedin.com *.hsforms.com *.hubspot.com *.hubapi.com *.hs-analytics.net *.hscollectedforms.net *.calconic.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com ; frame-src 'self' 'unsafe-inline' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.vimeo.com td.doubleclick.net *.stripe.com *.hs-sites.com *.gartner.com *.termly.io facebook.com https://datainsights-cdn.dm.aws.gartner.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.irssolutions.com irssolutions.com *.linkedin.com www.facebook.com *.reddit.com *.hsforms.com *.hubspot.com *.hsappstatic.net *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unpkg.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net https://cdn.mouseflow.com https://ipinfo.io *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' unpkg.com cdn.jsdelivr.net cdn.mouseflow.com *.licdn.com *.hs-scripts.com *.facebook.net *.redditstatic.com *.hsforms.net *.hscollectedforms.net *.hubspot.com *.hs-analytics.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.stripe.com https://cdnjs.cloudflare.com *.calconic.com *.googleadservices.com *.vimeo.com *.termly.io https://ipinfo.io *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self' 'unsafe-inline' *.unpkg.com *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'unsafe-inline' ; worker-src 'self' blob:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://xscore.cc https://cdn.jsdelivr.net https://lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.googletagmanager.com; img-src 'self' data: https://xscore.cc https://img.youtube.com https://secure.gravatar.com https://lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://s.w.org; object-src 'self' data: https://xscore.cc https://lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' data: https://xscore.cc https://lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; 1 default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-ed2a5a23732f4dd8e77432993673e452' 'nonce-263751aef1daa5c187c88b17c49c687d' 'nonce-cc4b3b9fb2fb16ea5ff13eccb25b61b1' 'nonce-4fffb194ecd1d818addf27ec1caa6b1d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ed2a5a23732f4dd8e77432993673e452' 'nonce-263751aef1daa5c187c88b17c49c687d' 'nonce-cc4b3b9fb2fb16ea5ff13eccb25b61b1' 'nonce-4fffb194ecd1d818addf27ec1caa6b1d' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1 allow 'self' www.google-analytics.com ajax.googleapis.com; 1 frame-ancestors 'self' https://*.papajohns.com.sv ; object-src 'self' *.papajohns.com.sv ; img-src 'self' *.papajohns.com.sv data: *.twimg.com *.twitter.com *.facebook.com *.gstatic.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.sv *.statcounter.com *.facebook.net *.doubleclick.net *.google.com sailplays3.cdnvideo.ru res.cloudinary.com *.digitaloceanspaces.com *.bitworks.com.sv; script-src 'self' *.papajohns.com.sv 'unsafe-inline' 'unsafe-eval' data: *.twimg.com *.googletagmanager.com *.facebook.com *.google.com *.google.com.sv *.google-analytics.com maps.googleapis.com ajax.googleapis.com *.gstatic.com *.twitter.com *.statcounter.com *.facebook.net *.hotjar.io *.hotjar.com static.hotjar.com *.googleadservices.com cdnjs.cloudflare.com sailplay.ru sailplay.net *.sailplay.net sailplays3.cdnvideo.ru cdn.jsdelivr.net cdn.pushalert.co code.jquery.com *.bitworks.com.sv l.getsitecontrol.com static.cloudflareinsights.com ; 1 block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com; report-uri /csp/report 1 default-src 'self' 'unsafe-eval' data: 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amazonaws.com *.google-analytics.com *.googleapis.com *.googleservice.com *.doubleclick.net *.google.com *.google.com.tr *.googleadservices.com *.facebook.com *.facebook.net v.calameo.com *.youtube.com *.twitter.com *.hotjar.com; frame-ancestors 'self'; frame-src 'self' data: * 1 default-src 'self' www.fotoprofi.de img.fotoprofi.de https://pc-cdn.fra1.cdn.digitaloceanspaces.com/ rmail.fotoprofi.de c.emailsys2a.net cdn.pay1.de d.ratepay.com d.ratepay.de secure.pay1.de https://www.youtube-nocookie.com img.youtube.com i.ytimg.com analytics.google.com *.analytics.google.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com tagmanager.google.com *.tagmanager.google.com apis.google.com *.apis.google.com www.gstatic.com bat.bing.com connect.facebook.net facebook.com *.facebook.com facebook.net *.facebook.net *.etrusted.com *.trustedshops.com *.saal-digital.net *.fotodiensteservice.de https://s3.eu-central-1.amazonaws.com/fra-webresources/ https://s3.eu-central-1.amazonaws.com/fra-webpages.shop.saal-digital.net/ fra-webresources.s3.eu-central-1.amazonaws.com photoservice.cloud https://*.loadbee.com/ availability.loadbee.com/v3/EAN/ https://cdn.loadbee.com https://content.syndigo.com/asset/ https://content.syndigo.com/page/ https://content.syndigo.com/site/ https://scontent.webcollage.net https://syndi.webcollage.net/site/xenudo-de-de/tag.js https://*.joomag.com/res_mag/ https://www.gravatar.com media.flixcar.com media.flixfacts.com *.flix360.com media.flixsyndication.net *.flix360.io syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com analytics.webgains.io api.webgains.io 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report.php; upgrade-insecure-requests 1 frame-ancestors 'self' www.abaxis.com; report-uri /report-csp-violation 1 default-src 'self'; font-src *; img-src * data:; script-src *; style-src *; 1 base-uri 'none'; default-src 'self'; child-src https://www.youtube.com https://skk.erecruiter.pl https://heyzine.com https://*.heyzine.com https://*.google.com https://www.googletagmanager.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src 'self' https://skk.erecruiter.pl https://*.seznam.cz https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com https://*.gstatic.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com https://*.gstatic.com https://skk.erecruiter.pl https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com ttps://skk.erecruiter.pl 'unsafe-inline' 'unsafe-eval'; 1 default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-JglQj6PX/c3n1AtXwhS4fkUY+TTFNX3M/x4JjovL2tY=' 'sha256-gRjb7Pg9ekg78sSAQ935jMPX8YulX2dOQYx79CdC2uE=' 'nonce-QzYCLyhkNxt+m2kFkFWSIA=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1 X-Content-Security-Policy script-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://www.general-security.gov.lb 'unsafe-inline'; connect-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 1 default-src 'self' *.typekit.net *.doubleclick.net *.google.com.tr *.google.com google.com *.googletagmanager.com blob: data: tacirlerprotfoy.com.tr fxtcr.com 'unsafe-inline' 'unsafe-eval' *.tacirlermenkul.com.tr tacirlermenkul.com.tr tacirlermenkul.com.tr:8080 31.145.122.66 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com/ https://v1.addthisedge.com/ https://s3.amazonaws.com/ https://*.bazaarvoice.com/ http://nexus.ensighten.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://mpsnare.iesnare.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://*.list-manage.com/ https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.paypalobjects.com/ https://s.pinimg.com/ https://assets.pinterest.com/ https://ct.pinterest.com/ https://log.pinterest.com/ https://*.stripe.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://*.pinterest.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.darigold.com/ https://*.bazaarvoice.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://*.choozle.com/ https://tags.bluekai.com/ https://match.adsrvr.org/track/ https://idsync.rlcdn.com/ https://cm.g.doubleclick.net/ https://segments.company-target.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://where-to-buy.co/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://where-to-buy.co/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; form-action 'self' data: blob: https://www.facebook.com/tr/ https://*.bazaarvoice.com/ https://darigold.us6.list-manage.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com www.youtube.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; media-src www.youtube-nocookie.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-tHCqU+V0Y4HbN5bN' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.*;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1 default-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; script-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; style-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; font-src 'self' https: http://www.portaleamministrazionetrasparente.it/ 1 default-src 'unsafe-inline' 'self' data: *.eru.cz *.eru.gov.cz *.googleapis.com nia.identitaobcana.cz app.powerbi.com fonts.gstatic.com cdn.jsdelivr.net *.youtube.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz unpkg.com datawrapper.dwcdn.net; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/; img-src 'self' data: http://*; object-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/; frame-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/; 1 default-src 'none'; block-all-mixed-content; connect-src 'self' google.com www.google.com *.analytics.google.com nr-data.net *.nr-data.net *.smartsuppchat.com *.clarity.ms *.smartsuppcdn.com bat.bing.com consentcdn.cookiebot.com wss://websocket-visitors.smartsupp.com cdn.jsdelivr.net googlesyndication.com *.googlesyndication.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net manager.eu.smartlook.cloud google.cz www.google.cz; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net; img-src 'self' w3.org data: xdigr.cz facebook.com *.facebook.com bat.bing.com *.seznam.cz *.cookiebot.com www.google.com www.google.cz files.smartsuppcdn.com c.clarity.ms *.bing.com; media-src 'self' *.smartsuppcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google.com www.gstatic.com js-agent.newrelic.com consent.cookiebot.com consentcdn.cookiebot.com smartsuppchat.com *.smartsuppchat.com clarity.ms www.clarity.ms smartlook.com *.smartlook.com seznam.cz *.seznam.cz bing.com *.bing.com www.smartsuppchat.com facebook.net *.facebook.net *.smartsuppcdn.com googleads.g.doubleclick.net www.googleadservices.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.smartsuppcdn.com 1 default-src 'self' www.google.com www.gstatic.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src 'self' *.fg.cz localhost localhost-promo;font-src 'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src 'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz *.clarity.ms;form-action 'self' *.fg.cz *.facebook.com;frame-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;worker-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;frame-ancestors 'self' *.fg.cz;img-src 'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz *.clarity.ms *.bing.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src 'self' *.fg.cz 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://github.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://cosmetics.lk https://www.googletagmanager.com https://stats.wp.com https://www.paypalobjects.com https://s3.amazonaws.com https://*.stripe.com https://*.list-manage.com https://*.ggpht.com https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; img-src 'self' data: https://sw-themes.com https://www.paypalobjects.com https://cosmetics.lk https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; 1 default-src 'self' https://dev.shop.bzga.de https://shop.bzga.de; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://dev.shop.bzga.de https://shop.bzga.de data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self'; 1 default-src https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com res.cloudinary.com code.jquery.com cdnjs.cloudflare.com 1 frame-ancestors 'self' https://neocon.com 1 default-src 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com info.autobooks.co; script-src info.autobooks.co; object-src info.autobooks.co; style-src 'unsafe-inline' 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; img-src data: 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; frame-src info.autobooks.co; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.deutsche-rentenversicherung.de; frame-ancestors 'self'; 1 default-src *; connect-src *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'nonce-fXpIqWcLDrkKAa4rY5hsnbQz' 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1 default-src 'self'; frame-src 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://widgets.ebscohost.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolbar.speechstream.net/ *.cloudfront.net/ https://www.googletagmanager.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ http://cdnjs.cloudflare.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://plus.browsealoud.com/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cloudfront.net/ http://cdnjs.cloudflare.com/ https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.google-analytics.com/ https://speech.speechstream.net/ https://pronunciation.speechstream.net/ *.doubleclick.net/ https://www.google-analytics.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ https://translate.googleapis.com https://feeds.trac.jobs/ 1 form-action 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src 'self';iframe-src 'self';child-src 'self';report-uri /Error/ContentSecurity 1 allow 'self'; frame-ancestors dev.togostanza.org 1 frame-ancestors https://*.buxfer.com https://*.flagstoneinitiative.org https://*.duda.co https://*.responsivewebsitebuilder.io 1 connect-src 'self' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net use.typekit.net *.gstatic.com *.bootstrapcdn.com ; frame-src 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com player.vimeo.com owp.com www.youtube.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org player.vimeo.com; script-src 'self' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net code.jquery.com owp.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net code.jquery.com player.vimeo.com owp.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' 'unsafe-inline' owp.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net owp.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net p.typekit.net owp.com *.googleapis.com *.gstatic.com ; style-src-attr 'unsafe-inline' ; worker-src 'self' blob:; upgrade-insecure-requests; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1 frame-ancestors https://webvisor.com/; 1 allow 'self'; gtp.com.au 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api-adresse.data.gouv.fr https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.google.com https://google.com https://*.google.fr https://google.fr https://pagead2.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' blob: https://td.doubleclick.net https://*.g.doubleclick.net https://*.googletagmanager.com; img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://google.com https://*.google.fr https://google.fr https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net 'sha512-3byXuhEpT+UFwoQQk+q8s3DdO6fj+dE9PK6iws88Yn3kkIlfzXVHDQpoD6Y/od7PMe7W/8/YeYxuUhnOQj7qOg=='; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 1 frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1 default-src 'self' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.fonts.gstatic.com *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b2clogin.com *.cookiescanportal.b2clogin.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.clickdimensions.com *.analytics-eu.clickdimensions.com *.gstatic.com *.fonts.gstatic.com *.google.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.cookiescan.azureedge.net *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net https://px.ads.linkedin.com *.ads.linkedin.com *.typekit.net googlesyndication.com data:;style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.clickdimensions.com *.fonts.gstatic.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.typekit.net *.cookiescan.azureedge.net *.azureedge.net https://px.ads.linkedin.com data:;connect-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net *.linkedin.com *.typekit.net googlesyndication.com data:;font-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.typekit.net data:;img-src 'self' 'unsafe-inline' https://c5alliance.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net data:;frame-src 'self' 'unsafe-inline' *.gstatic.com *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.b2clogin.com *.cookiescanportal.b2clogin.com ; 1 default-src 'self' data: *.confort-sauter.com *.algolianet.com *.algolia.net *.google-analytics.com *.google.com *.google.fr *.kameleoon.io *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.plyr.io *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.bazaarvoice.com *.outbrain.com *.contentsquare.net *.api.bazaarvoice.com *.q-aeu1.contentsquare.net *.k-aeu1.contentsquare.net *.hyperchat-eu.inbenta.chat:8000 *.tr.outbrain.com *.c.contentsquare.net *.hyperchat-eu.inbenta.chat *.inbenta.chat:8000 *.inbenta.chat wss://hyperchat-eu.inbenta.chat:8000 *.inbenta.io *.inbenta.services *.googleapis.com *.gstatic.com *.raptorsmartadvisor.com *.maps.gstatic.com; base-uri 'self' *.confort-sauter.com *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com; block-all-mixed-content; font-src 'self' data: *.confort-sauter.com *.inbenta.io *.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.confort-sauter.com *.youtube.com *.vimeo.com *.atlantic.fr *.cookiebot.com *.doubleclick.net *.plyr.io *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.adsrvr.org *.insight.adsrvr.org *.typhon.net *.google.com/recaptcha/ *.surveymonkey.com *.eu.surveymonkey.com *.prod.smassets.net data: *.inbenta.com *.surveys-app01.inbenta.com *.bazaarvoice.com youtu.be *.cloudfront.net; img-src 'self' data: *.confort-sauter.com *.youtube.com *.ephoto.fr *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.plyr.io picsum.photos placekitten.com *.picsum.photos *.placeholder.com sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.bazaarvoice.com *.contentsquare.net *.outbrain.com *.facebook.net *.facebook.com *.network-eu-a.bazaarvoice.com *.c.contentsquare.net *.static-or00.inbenta.com *.inbenta.com docga.plateforme-services.com *.cookiebot.com *.googleapis.com *.gstatic.com *.maps.gstatic.com *.prod.smassets.net *.cloudfront.net; media-src 'self' *.confort-sauter.com *.vimeo.com *.youtube.com *.plyr.io sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com; object-src 'none'; script-src 'self' blob: *.confort-sauter.com *.msecnd.net *.youtube.com *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.groupe-atlantic.com *.cookiebot.com *.google-analytics.com *.kameleoon.eu googleads.g.doubleclick.net *.plyr.io *.jquery.com *.formulaires-de-contact.fr formulaires-de-contact.fr sketchfab.com *.sketchfab.com *.youtube-nocookie.com noembed.com *.bazaarvoice.com *.contentsquare.net *.outbrain.com *.facebook.net *.inbenta.io *.adnxs.com *.adsrvr.org *.inbenta.chat *.sdk.inbenta.chat *.cdnjs.cloudflare.com *.cloudflare.com *.googleadservices.com kx1.co *.googleapis.com *.inbenta.services *.google.com *.gstatic.com *.surveymonkey.com *.widget.eu.surveymonkey.com *.iesnare.com *.uaje44z8ne.kameleoon.eu/kameleoon.js *.raptorstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.confort-sauter.com *.plyr.io *.sketchfab.com *.youtube-nocookie.com *.noembed.com *.inbenta.io *.inbenta.io *.sdk.inbenta.io *.display.ugc.bazaarvoice.com *.bazaarvoice.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js; img-src 'self' data: http://fasadeu.public80.prekdemo.se/ https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' data: ; frame-src 'self' data: ; 1 frame-ancestors 'self' https://librairie-bayard.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com; 1 connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://*.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://*.dengagecdn.com/ https://www.googletagmanager.com/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/ https://www.google.com.tr https://*.googlesyndication.com https://*.doubleclick.net https://cv.gcp.techcareer.net;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://bundles.efilli.com/ https://*.doubleclick.net https://*.googlesyndication.com https://*.dengage.com https://ep2.adtrafficquality.google/sodar/sodar2.js;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.cloudflare.com unpkg.com google.com mdbootstrap.com google-analytics.com *.googletagmanager.com tagmanager.google.com *.google.com static.ads-twitter.com *.hs-scripts.com *.facebook.net *.clarity.ms googleads.g.doubleclick.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.fw-cdn.com fw-cdn.com *.gstatic.com *.licdn.com *.freshchat.com *.newrelic.com *.youtube.com nonce-{SERVER-GENERATED-NONCE}; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.googleapis.com unpkg.com *.fontawesome.com mdbootstrap.com *.freshchat.com *.youtube.com; img-src 'self' data: https: googletagmanager.com; frame-src 'self' *.doubleclick.net *.freshchat.com *.flowpaper.com *.youtube.com *.google.com *.facebook.com; font-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com *.doubleclick.net; connect-src 'self' 'unsafe-inline' *.hscollectedforms.net *.google.com *.hubapi.com *.ads.linkedin.com *.doubleclick.net *.fwusercontent.com *.clarity.ms *.nr-data.net *.facebook.com googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; 1 frame-ancestors 'self' *.business.qld.gov.au 1 default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1 default-src 'self' https://www.advanzia.com https://app.usercentrics.eu https://api.usercentrics.eu https://uct.service.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://fonts.googleapis.com https://fonts.gstatic.com https://www.universign.eu https://app.universign.com https://www.google-analytics.com https://*.yieldify.com https://d33wq5gej88ld6.cloudfront.net https://dwmvwp56lzq5t.cloudfront.net https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.de/ https://www.google.com 'unsafe-inline' 'unsafe-eval' 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://o419240.ingest.sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com/ https://maps.googleapis.com https://maps.googleapis.com https://www.facebook.com/ cdn.datatables.net https://analytics.google.com/; font-src 'self' fonts.gstatic.com; frame-src https://www.youtube.com https://www.facebook.com https://web.facebook.com/ https://www.google.com/ https://youtube.com/ https://td.doubleclick.net/; img-src 'self' facebook.com flickr.com https://maps.gstatic.com/ https://maps.googleapis.com/ data: https://www.google.com https://www.google.rs https://i.ytimg.com https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' connect.facebook.net https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com 'nonce-zEM0Eb8dSvqCpeRuj9Vcsw=='; style-src 'self' fonts.googleapis.com/css 'unsafe-inline' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ep2.adtrafficquality.google/; img-src 'self' data: blob: https://scontent.fbma5-1.fna.fbcdn.net/ https://ep1.adtrafficquality.google/; object-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/; frame-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://maps.googleapis.com/ https://maps.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://google.com/ https://*.google.com/ https://googleadservices.com/ https://*.googleadservices.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://*.cloudflare.com/ https://cloudflare.com/ https://google.pl/ https://*.google.pl/ https://scena.galeriakatowicka.eu/ https://galeriakatowicka.eu/ https://*.galeriakatowicka.eu/; img-src 'self' data: https://google-analytics.com/ https://*.google-analytics.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://translate.googleapis.com/ https://*.ytimg.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://googleads.g.doubleclick.net/ https://google.com/ https://*.google.com/ https://img.youtube.com/ https://google.pl/ https://*.google.pl/ https://scena.galeriakatowicka.eu/ https://galeriakatowicka.eu/ https://*.galeriakatowicka.eu/; object-src 'self' data: https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/. https://google.pl/ https://*.google.pl/ https://scena.galeriakatowicka.eu/ https://galeriakatowicka.eu/ https://*.galeriakatowicka.eu/; frame-src 'self' data: https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/. https://google.pl/ https://*.google.pl/ https://scena.galeriakatowicka.eu/ https://galeriakatowicka.eu/ https://*.galeriakatowicka.eu/; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com; img-src 'self' data: https://*.wp.com; object-src 'self' data: https://*.wp.com; frame-src 'self' data: https://*.wp.com; 1 default-src https://*.isidata.net; script-src 'unsafe-eval' 'unsafe-inline' https://onesignal.com https://*.onesignal.com https://cdn.onesignal.com https://*.isidata.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://code.jquery.com https://*.google-analytics.com https://*.fontawesome.com https://assets.cdn.io.pagopa.it https://stlucadev.z6.web.core.windows.net mailto:; base-uri https://*.isidata.net; object-src 'none'; style-src 'unsafe-inline' https://onesignal.com https://*.onesignal.com https://*.isidata.net https://fonts.googleapis.com https://*.fontawesome.com https://stlucadev.z6.web.core.windows.net https://assets.cdn.io.pagopa.it; img-src data: https://onesignal.com https://*.onesignal.com https://imgsct.cookiebot.com https://*.isidata.net data: https://*.google-analytics.com https://stlucadev.z6.web.core.windows.net https://continua.io.pagopa.it https://play.google.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com; media-src https://*.isidata.net; frame-src https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.amazonaws.com https://*.isidata.net mailto:; frame-ancestors https://*.isidata.net; font-src https://onesignal.com https://*.onesignal.com https://*.isidata.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.fontawesome.com https://stlucadev.z6.web.core.windows.net https://assets.cdn.io.pagopa.it; connect-src 'self' https://onesignal.com https://*.onesignal.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.fontawesome.com; form-action https://*.amazonaws.com https://*.isidata.net 1 default-src 'self'; img-src 'self' https: data:; script-src 'self' https://inaadress.maaamet.ee https://www.google.com https://www.gstatic.com https://www.haudi.ee; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.haudi.ee; media-src https://www.haudi.ee; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://tiles.maaamet.ee/; frame-src 'self' https://www.google.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.stripe.com/ https://stats.wp.com/ https://*.typekit.net/ https://*.testfreaks.com/ https://sibautomation.com/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.google.com/ https://*.hcaptcha.com/; img-src 'self' data: https://pixel.wp.com/ https://*.typekit.net/ https://*.google.se/ https://*.google.com/; object-src 'self' data: https://*.stripe.com/ https://*.billmate.se/ https://*.facebook.com/ https://*.google.com/ https://*.hcaptcha.com/; frame-src 'self' data: https://*.stripe.com/ https://*.billmate.se/ https://*.facebook.com/ https://*.google.com/ https://*.hcaptcha.com/; 1 script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1 default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1 default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-Nw5lOCulYUCmP-QOufq3GA'; style-src 'self' https://apis.google.com/* 'nonce-Nw5lOCulYUCmP-QOufq3GA'; img-src * data: 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; img-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; object-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; frame-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.s3.eu-west-1.amazonaws.com/ https://sleeknotestaticcontent.sleeknote.com/ http://*.sleeknote.com https://api.getdrip.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/; img-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com* https://onsite-subscribe.getdrip.com/; object-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/; frame-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/; 1 default-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.datatables.net https://analytics.pcagrade.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com wss://localhost:8181 wss://localhost:8282 wss://localhost:8383 wss://localhost:8484 wss://localhost.qz.io:8181 wss://localhost.qz.io:8282 wss://localhost.qz.io:8383 wss://localhost.qz.io:8484 https://www.sandbox.paypal.com https://www.paypal.com https://graph.facebook.com https://in.hotjar.com https://cdn360.orbitvu.cloud; block-all-mixed-content; connect-src 'self' wss://localhost:8181 wss://localhost:8282 wss://localhost:8383 wss://localhost:8484 wss://localhost.qz.io:8181 wss://localhost.qz.io:8282 wss://localhost.qz.io:8383 wss://localhost.qz.io:8484 https://graph.facebook.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src https://www.youtube-nocookie.com https://www.youtube.com https://vars.hotjar.com https://www.google.com https://js.stripe.com https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com/ https://calendly.com https://platform.twitter.com https://connect.facebook.net https://accounts.google.com https://www.facebook.com; img-src * data: blob:; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.hotjar.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://static.doubleclick.net https://cdn.datatables.net https://unpkg.com https://graph.facebook.com https://polyfill.io https://analytics.pcagrade.com https://script.hotjar.com https://www.paypal.com https://www.paypalobjects.com https://assets.calendly.com https://platform.twitter.com https://ipinfo.io https://cdn.orbitvu.co 'nonce-P6PwhogWBqFd2vT+0Ooz8Q=='; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.datatables.net https://unpkg.com https://assets.calendly.com https://cdn.orbitvu.co; report-uri /csp/report 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1 allow 'self'; font-src 'self'; media-src *; img-src * 'self'; script-src 'self' https://*.gravatar.com https://ajax.googleapis.com; https://*.google.com; style-src 'self'; 1 default-src pagead2.googlesyndication.com *.google.com *.googleapis.com; base-uri 'self' local.pokevalue.fr; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.nr-data.net bam.eu01.nr-data.net pagead2.googlesyndication.com fundingchoicesmessages.google.com; font-src 'self' local.pokevalue.fr pagead2.googlesyndication.com fonts.gstatic.com fundingchoicesmessages.google.com; frame-src googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com; img-src 'self' local.pokevalue.fr data: cnyskjyfya.cloudimg.io pokevalue.fr www.pokevalue.fr pokevalue.be www.pokevalue.be pokevalue.ch www.pokevalue.ch m.media-amazon.com pagead2.googlesyndication.com *.googleusercontent.com; script-src 'self' local.pokevalue.fr pagead2.googlesyndication.com 'nonce-3YcGznckIwPA0uPBbbR7NA=='; style-src 'self' local.pokevalue.fr pagead2.googlesyndication.com fonts.googleapis.com fundingchoicesmessages.google.com; report-uri /csp/report 1 connect-src 'self' 'unsafe-inline' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net eu-ss.click2cart.com/assets/css/smartcart.css eu-sc-api.click2cart.com/api/v1/smartbutton/98ab0453-b2d4-4b44-a2ab-f7365a33a470 eu-ss.click2cart.com/assets/css/smartcart_client.css *.click2cart.com https://consentcdn.cookiebot.com/ *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' *.gstatic.com *.bootstrapcdn.com polentavalsugana.i1000.it data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; frame-src 'self' 'unsafe-inline' *.g.doubleclick.net *.google.com *.fls.doubleclick.net www.youtube.com https://consentcdn.cookiebot.com/ blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' click2cart.com/img/supers/ss/it/ *.click2cart.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.amazonaws.com facebook.com ts.w.org s.w.org ps.w.org imgsct.cookiebot.com www.facebook.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org; script-src 'self' 'unsafe-inline' polentavalsugana.it/* *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com polentavalsugana.it/wp-includes/js/jquery/jquery.min.js https://eu.click2cart.co/assets/js/smartcart_min.js s3-us-west-2.amazonaws.com/ cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' eu-ss.click2cart.com/assets/js/smartcart_min.js connect.facebook.net/en_US/fbevents.js polentavalsugana.it polentavalsugana.it/wp-includes/js/jquery/jquery.min.js eu.click2cart.co/assets/js/smartcart_min.js s3-us-west-2.amazonaws.com/ static.smartcommerce.co/ https://eu.click2cart.co/assets/js/smartcart.js https://www.googletagmanager.com/ https://www.google-analytics.com/analytics.js https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/* https://consent.cookiebot.com/11e96b09-2dd3-4fa5-bbc3-bf175973310a/cd.js https://consent.cookiebot.com/11e96b09-2dd3-4fa5-bbc3-bf175973310a/cdreport.js https://consent.cookiebot.com/11e96b09-2dd3-4fa5-bbc3-bf175973310a/cc.js https://consentcdn.cookiebot.com/consentconfig/11e96b09-2dd3-4fa5-bbc3-bf175973310a/state.js https://consent.cookiebot.com/logconsent.ashx https://consentcdn.cookiebot.com/consentconfig/11e96b09-2dd3-4fa5-bbc3-bf175973310a/polentavalsugana.it/ https://consentcdn.cookiebot.com/consentconfig/11e96b09-2dd3-4fa5-bbc3-bf175973310a/polentavalsugana.inet2.it/configuration.js connect.facebook.net cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' 'unsafe-inline' polentavalsugana.it polentavalsugana.it/wp-includes/js/jquery/jquery.min.js s3-us-west-2.amazonaws.com/static.smartcommerce.co/assets/client/BOGXAY/css/; style-src 'self' 'unsafe-inline' polentavalsugana.it *.googleapis.com *.gstatic.com s3-us-west-2.amazonaws.com/static.smartcommerce.co/assets/client/BOGXAY/css/smartcart_cannamela_it_prod.css maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://s3-us-west-2.amazonaws.com/static.smartcommerce.co/assets/client/BOGXAY/css/smartcart_polenta_valsugana_it_prod.css fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'unsafe-inline' ; worker-src 'self' blob:; 1 default-src 'self' https://cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 base-uri 'self'; child-src 'self' gap:; frame-src 'self' gap:; connect-src 'self'; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Q3SJUIbsC%2BRWbSEglRSAFJwvZdqcSNDeLGbCPCuzvlYHTpAa%2Bzlyi3fc7rv9f8l1XqmNiKZH1h6iFtBC4eM90Q%3D%3D; 1 form-action 'self' payment.ecpay.com.tw *.facebook.com *.ctbcbank.com *.line.me, base-uri 'self'; child-src 'self' *.youtube.com; connect-src 'self' cdn.penglue.jp asia-northeast1-penglue-266110.cloudfunctions.net point-ads.line-apps.com *.google.com.tw maps.googleapis.com *.google-analytics.com *.yimg.com *.g.doubleclick.net analytics.google.com bat.bing.com *.facebook.com *.facebook.net *.typekit.net *.clarity.ms asia-east1-chichat-cat.cloudfunctions.net *.chichat.tw; object-src 'self'; default-src 'self' *.gstatic.com *.yimg.com *.google-analytics.com stats.g.doubleclick.net; script-src 'self' *.popin.cc *.chichat.tw static.cloudflareinsights.com maps.googleapis.com *.yimg.com *.bid.g.doubleclick.net *.facebook.net *.facebook *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.adsrvr.org *.yimg.com d.line-scdn.net *.googlesyndication.com bat.bing.com use.typekit.net www.clarity.ms cdn.penglue.jp point-ads.line-apps.com 'unsafe-inline' ; style-src 'self' *.googleapis.com www.googletagmanager.com 'unsafe-inline'; img-src 'self' c.bing.com cdn.penglue.jp *.clarity.ms data: maps.googleapis.com *.gstatic.com *.analytics.yahoo.com *.g.doubleclick.net *.doubleclick.net *.google.com.tw *.google.com *.google-analytics.com *.facebook.com r.turn.com tr.line.me *.googleadservices.com *.googletagmanager.com *.facebook.net bat.bing.com *.chichat.tw; frame-src 'self' cdn.penglue.jp *.google.com insight.adsrvr.org *.doubleclick.net *.facebook.com *.youtube.com *.chichat.tw; media-src 'self' *.youtube.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ http://www.njuskalo.hr/ https://www.njuskalo.hr/; 1 default-src 'self' *.vapeshed.co.nz *; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.tillpayments.com gateway.tillpayments.com *.cloudfront.net *.trustedsite.com cdn.ywxi.net *.inspectlet.com zip.co *.paymark.co.nz cdn-vapeshed.co.nz *.vapeshed.co.nz *.googleapis.com *.facebook.net *.gstatic.com *.google.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.vapeshed.co.nz *.googleapis.com *.facebook.net *.jsdelivr.net; img-src * 'self' data: https:; media-src 'self'; frame-src 'self' secure.tillpayments.com *.youtube.com *.trustedsite.com *.paymark.co.nz *.google.com *.vapeshed.co.nz *.facebook.net *.facebook.com; font-src 'self' data: *.tawk.to *.gstatic.com; connect-src 'self' ws: gateway.tillpayments.com *.bugsnag.com *.amazonaws.com *.inspectlet.com *.paymark.co.nz *.vapeshed.co.nz *.paypal.com *.paywithpoli.com *.tawk.to *.google-analytics.com *.doubleclick.net 1 default-src 'self'; script-src 'self'; connect-src 'self' 1 frame-ancestors 'self'; script-src 'nonce-c5596f0a7df5eb0da61a8a49bcf9a423' https://www.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.google-analytics.com/ profile.line-scdn.net data: https://cdnjs.cloudflare.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://cbks0.googleapis.com/ https://geo0.ggpht.com/; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; form-action 'self'; manifest-src 'self'; object-src 'self'; media-src 'self'; 1 font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1 allow *; options inline-script eval-script; 1 child-src https://return.flexmail.eu https://www.flexmail.eu; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.googleadservices.com *.usercentrics.eu connect.facebook.net snap.licdn.com *.google.com *.linkedin.com *.doubleclick.net cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.docksal.site:* *.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com *.usercentrics.eu cdn.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' data: *.google.com *.google.be *.facebook.com *.linkedin.com *.typekit.net *.icons8.com *.usercentrics.eu www.googletagmanager.com *.doubleclick.net; media-src 'self'; frame-src 'self' *.usercentrics.eu app.powerbi.com *.youtube.com *.google.com www.googletagmanager.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com; connect-src 'self' *.google-analytics.com *.usercentrics.eu *.linkedin.com *.facebook.com; report-uri /report-csp-violation 1 default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.kemenpora.go.id *.responsivevoice.org *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.jquery.com *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com; style-src 'self' 'unsafe-inline' *.kemenpora.go.id *.googleapis.com *.responsivevoice.org *.google.com *.gstatic.com *.amazonaws.com *.bootstrapcdn.com *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com; img-src 'self' data: *.kemenpora.go.id *.responsivevoice.org *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.gravatar.com *.w.org *.creativecommons.org *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; font-src 'self' data: *.kemenpora.go.id *.gstatic.com *.bootstrapcdn.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; connect-src 'self' *.kemenpora.go.id *.googletagmanager.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; media-src 'self' *.kemenpora.go.id *.w.org *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; object-src 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.responsivevoice.org; child-src 'self' *.googletagmanager.com *.google.com pastebin.com *.videopress.com akismet.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; form-action 'self'; frame-ancestors 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; upgrade-insecure-requests; 1 img-src *; default-src 'self' blob: wss://*.transport.connect.eu-west-2.amazonaws.com *.cloudfront.net https://*.amazonaws.com *.one.network https://ukwest-0.in.applicationinsights.azure.com/v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.paypal.com *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com *.google-analytics.com *.analytics.google.com https://cdn-ukwest.onetrust.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://*.justgiving.com/ https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.justgiving.com/ https://analytics.silktide.com/ https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://www.sabp.nhs.uk; font-src 'self' 'unsafe-inline' https://online.flippingbook.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net https://www.sabp.nhs.uk; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://www.justgiving.com/ https://widgets.justgiving.com/ https://a.eu.silktide.com/ https://fbo-b.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 default-src 'none'; frame-ancestors 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://webassistant.onconnect.app; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net https://webassistant.onconnect.app; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net https://webassist.onconnect.app https://webassistant.onconnect.app https://produkswebassistsignalr18.service.signalr.net wss://produkswebassistsignalr18.service.signalr.net; manifest-src 'self'; base-uri 'none'; form-action 'self'; 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: www.googletagmanager.com https://*.nhs.uk; connect-src 'self' www.googletagmanager.com https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 default-src 'self' ; media-src 'self' *.mycliplister.com mycliplister.com ; font-src 'self' https: ; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 default-src https: data:; frame-src https: data:; base-uri 'self'; font-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; connect-src https: blob:; media-src 'self' blob:; child-src 'self' blob:; form-action 'self'; object-src 'self' 1 default-src 'self';script-src 'self' 'nonce-lTBbj34WwbHX6FcVSMbmwhAi7cmYdvlnyZhHMtOdn+Q=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com data: ;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; 1 default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:* *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com *.google.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1 default-src data: 'self' https://*.hsforms.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.hsadspixel.net https://wisembly-content.s3.amazonaws.com/ https://js-eu1.hsforms.net/ https://appvizer.one/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://*.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.usemessages.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://region1.analytics.google.com https://forms.hscollectedforms.net https://www.google.fr https://api.hubspot.com https://appvizer.one https://ariadne.appvizer.one https://bat.bing.com https://forms.hsforms.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://fg.cdn.mediactive-network.net; font-src data: 'self' https://fonts.gstatic.com; img-src data: 'self' https://wisembly-content.s3.amazonaws.com/ https://avada.studio https://s.w.org https://ps.w.org https://*.linkedin.com https://bat.bing.com https://blog.wisembly.com https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://fg.cdn.mediactive-network.net; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-src 'self' https://td.doubleclick.net/ https://*.liveboutique.io https://avada.studio https://static.hsappstatic.net https://app.hubspot.com https://forms.hsforms.com https://vars.hotjar.com https://www.youtube.com; 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de *.readspeaker.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bsgweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de *.facebook.com 1 frame-ancestors 'self' *.giornaledellalibreria.it ; 1 default-src https: https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io; frame-src https://bid.g.doubleclick.net https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/ https://bettercollect.elucidity.com.au https://tiktok.com https://gstatic https://googletagmanager; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://cdn.curator.io/; font-src 'self' data: https://cdn.curator.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.googletagmanager.com https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js https://player.vimeo.com https://bettercollect.elucidity.com.au; connect-src 'self' https://www.google-analytics.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://prod-apim-auseast-001.azure-api.net https://api.compassion.com.au https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com/g/ https://*.googletagmanager.com https://api.quickstream.westpac.com.au https://compassionau.force.com https://compassionau.my.site.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.hotjar.io https://*.doubleclick.net/ https://api.curator.io/ https://vimeo.com https://bettercollect.elucidity.com.au https://www.googleadservices.com; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ https://*.google-analytics.com https://*.googletagmanager.com https://bettercollect.elucidity.com.au 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouser.com *.google-analytics.com *.google.com *.hubapi.com *.youtube.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.crazyegg.com *.jquery.com https://js.hs-scripts.com https://api.ipify.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://googleads.g.doubleclick.net https://snap.licdn.com https://ajax.googleapis.com https://js.hsforms.net/ https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com https://js.zi-scripts.com https://*.zoominfo.com blob: https://js.adsrvr.org https://tags.clickagy.com https://marketing.lord.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://px.ads.linkedin.com https://track.hubspot.com data: https://marketing.lord.com; img-src 'self' https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://track.hubspot.com data: https://microstrainstg.prod.acquia-sites.com https://www.microstrain.com *.ads.linkedin.com https://js.hsforms.net https://forms-na1.hsforms.com https://forms.hsforms.com/ https://*.ads.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.ca https://perf-na1.hsforms.com https://*.clickagy.com https://pixel-sync.sitescout.com https://*.doubleclick.net https://*.agkn.com https://us-u.openx.net https://idsync.rlcdn.com https://dpm.demdex.net https://marketing.lord.com; frame-src https://www.youtube.com https://www.googletagmanager.com https://forms.hsforms.com/ https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com https://static.addtoany.com https://insight.adsrvr.org https://*.clickagy.com https://match.adsrvr.org; frame-ancestors self https://www.google.com; font-src *.gstatic.com 'self' https://themes.googleusercontent.com; connect-src 'self' https://www.youtube.com https://ipapi.co https://microstrainstg.prod.acquia-sites.com https://api.mouser.com https://api.hubapi.com https://px.ads.linkedin.com https://forms.hubspot.com https://analytics.google.com https://code.jquery.com *.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://maps.googleapis.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://google.com https://adservice.google.com https://cta-service-cms2.hubspot.com https://js.zi-scripts.com https://*.zoominfo.com https://*.clickagy.com http://*.hubspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com *.facebook.net snap.licdn.com *.tiktok.com *.linkedin.com *.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.linkedin.com *.facebook.com *.usercentrics.eu api.mapbox.com; manifest-src 'self'; media-src *; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com *.facebook.net snap.licdn.com *.tiktok.com *.youtube.com; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://mailworx.marketingsuite.info/Scripts/Captcha https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu https://code.jquery.com https://cdnjs.cloudflare.com https://mailworx.marketingsuite.info/Scripts/Captcha https://bot.insertchatgpt.com/widgets/ https://bot.insertchat.com/; object-src 'self'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha https://bot.insertchat.com; child-src 'self' https://www.youtube.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';form-action 'self';report-uri /WebResource.axd?cspReport=true 1 base-uri 'none';child-src 'none';connect-src 'self' https://storage.googleapis.com/ https://sgvsbws.mycontent.ch https://maps.googleapis.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api-produkte.www.sabag.ch https://cmsv2-admin.sabag.ch.ufirst.io https://api-ecommerce.sabag.ch.ufirst.io;default-src 'self';font-src 'self' https://fonts.gstatic.com/;form-action 'self';frame-ancestors 'none';frame-src 'self' https://www.youtube.com;img-src 'self' https://static.produkte.sabag.ch https://sgvsbws.mycontent.ch https://storage.googleapis.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://*.google-analytics.com https://*.googletagmanager.com data: maps.gstatic.com *.googleapis.com *.ggpht.com https://cmsv2-admin.sabag.ch.ufirst.io;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://*.googletagmanager.com/ 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;worker-src 'self'; 1 frame-ancestors 'self' piwik.betaalvereniging.nl; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fcmanrique.org https://*.fcmanrique.org https://maps.googleapis.co https://*.fontawesome.com https://*.google.com https://code.jquery.com https://*.gstatic.com/ https://pagead2.googlesyndication.com/ blob:; img-src 'self' data: blob: https://fcmanrique.org https://*.fcmanrique.org blob: https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.comlh6.ggpht.com https://cbk0.googleapis.com https://cbks0.googleapis.com https://khm0.googleapis.com https://khm1.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com; object-src 'self' data: blob: https://www.google.com; frame-src 'self' data: blob: https://www.google.com; 1 allow *; options inline-script eval-script; frame-ancestors 'self' 1 script-src 'none'; frame-ancestors 'self'; img-src 'self'; font-src 'self'; object-src 'none'; require-trusted-types-for 'script' 1 default-src 'none'; block-all-mixed-content; connect-src 'self' https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://login.microsoftonline.com https://*.google-analytics.com https://*.analytics.google.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.venturonet.com; font-src 'self' cdnjs.cloudflare.com https://fonts.gstatic.com data: https://*.venturonet.com; frame-src 'self' https://*.google.com/recaptcha https://*.google.com https://google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.venturonet.com; img-src 'self' data: https://*.disabledholidays.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.venturonet.com; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.google.com https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://*.venturonet.com 'nonce-avndjekTGcle3Ndb+jbuKA=='; style-src 'self' unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://*.venturonet.com 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ 1 default-src 'self' *.optimizely.com https:; media-src 'self'*.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https:; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 default-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be *.cookiebot.com *.hotjar.com; connect-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.g.doubleclick.net *.google.com *.google.be https://cognito-identity.eu-central-1.amazonaws.com *.amazonaws.com wss://a3a87qpyvgayr4-ats.iot.eu-central-1.amazonaws.com *.cookiebot.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io; frame-src td.doubleclick.net; img-src 'self' data: www.trappistwestvleteren.be checkout.trappistwestvleteren.be *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.cookiebot.com *.g.doubleclick.net *.google.com *.google.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.trappistwestvleteren.be checkout.trappistwestvleteren.be *.googletagmanager.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net https://cognito-identity.eu-central-1.amazonaws.com *.amazonaws.com *.cookiebot.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' www.trappistwestvleteren.be checkout.trappistwestvleteren.be 1 default-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.postman-beta.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman-beta.com *.postman-beta.co *.cdn.postman-beta.com fonts.gstatic.com www.postman-beta.com *.postman-alpha.co fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman-beta.co desktop.postman-beta.com desktop-ent.postman-beta.com *.eu.postman-alpha.co; frame-src looker.postman-beta.co dl-preview-container.pstmn.io skills-assets.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://application.security/ https://accounts.google.com/ https://runtime-assets.pstmn-beta.io/ https://challenges.cloudflare.com/; child-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.postman-beta.com blob:; worker-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.cdn.postman-beta.com blob:; object-src 'self'; img-src https: data:; media-src 'self' * data: https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman-beta.com *.postman-beta.co *.eu.postman-alpha.co *.cdn.postman-beta.com *.pstmn.io code.jquery.com www.postman-beta.com postman-beta.com googletagmanager.com ssl.google-analytics.com google-analytics.com https://bi-beta.pst.tech https://bi.pst.tech cdnjs.cloudflare.com js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://challenges.cloudflare.com/ 'nonce-RUUPx8GRe+kp5u5Dq3v5eE6SYdPFMUdPjRxCtDWOR2uAgMr2'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman-beta.co *.cdn.postman-beta.com *.pstmn.io www.postman-beta.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman-beta.com *.eu.postman-alpha.co accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10505 https: wss://*.postman-beta.co wss://*.gw.postman-beta.co wss://*.gw.postman-beta.com wss://*.gw.eu.postman-alpha.co wss://iris-backend.sivcan.workers.dev https://iris-backend.sivcan.workers.dev wss://0.peerjs.com https://0.peerjs.com wss://matrix.postman-beta.co:4000 wss://*.gw.eu.postman-alpha.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=beta 1 frame-ancestors 'self' p.isdgroup.com 1 default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee arensburg.ee www.iaa.ie kliimaministeerium.ee konkurents.ee laaneharju.ee images.marinetraffic.com www.konkurents.ee www.google.com.af www.lngconference.eu www.upf-group.dk; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1 allow 'self'; x-xss-protection: 1; mode=block 1 base-uri 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;child-src 'none';connect-src 'self' 'unsafe-inline' *.backblazeb2.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com search.redballoon.work analytics.redballoon.work api.honeybadger.io secure.safewebservices.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa api.hubapi.com forms.hscollectedforms.net tags.srv.stackadapt.com cdn.getkoala.com api.getkoala.com;default-src 'self';font-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com fonts.gstatic.com;form-action 'self';frame-ancestors www.youtube.com;frame-src 'unsafe-inline' hemsync.clickagy.com www.youtube.com player.vimeo.com www.youtube-nocookie.com calendly.com iframe.cloudflarestream.com secure.safewebservices.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;img-src 'self' blob: assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: https://px.ads.linkedin.com https://t.co/1/i/adsct https://analytics.twitter.com/1/i/adsct track.hubspot.com forms.hsforms.com tags.srv.stackadapt.com;manifest-src 'self';media-src 'self';object-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;script-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com www.youtube.com f.vimeocdn.com embed.cloudflarestream.com analytics.redballoon.work secure.safewebservices.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com snap.licdn.com static.ads-twitter.com px4.ads.linkedin.com js.hs-scripts.com js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.hs-analytics.net tags.srv.stackadapt.com cdn.getkoala.com api.getkoala.com;style-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: fonts.googleapis.com secure.safewebservices.com tags.srv.stackadapt.com 'unsafe-inline';worker-src 'self'; 1 frame-ancestors https://*.incart.co https://*.one-viz.com 1 default-src 'self'; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' blob: data:; 1 default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.sgwidget.com/; img-src 'self' data: https://secure.gravatar.com/; object-src 'self' data: ; frame-src 'self' data: ; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1 default-src 'self' 'unsafe-inline' data: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.example.com test.example.com *.amap.com blob: 'unsafe-eval' 1 frame-ancestors https://pannonkincstar.hu 1 default-src 'self' *.europa.eu europa.eu; script-src 'self' *.europa.eu 'unsafe-inline' 'unsafe-eval' https://webtools.europa.eu https://use.fontawesome.com https://app.powerbi.com; style-src 'self' *.europa.eu 'unsafe-inline'; img-src 'self' *.europa.eu data: blob:; frame-src 'self' app.powerbi.com webtools.europa.eu; child-src 'self' app.powerbi.com; connect-src 'self' *.europa.eu europa.eu; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' https://app.signageful.com 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cdn.prismic.io prismic.io use.typekit.net https://html2canvas.hertzen.com/dist/html2canvas.min.js *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com *.paypal.com www.paypalobjects.com;frame-src 'self' https://edenbotanicals.prismic.io/ *.google.fr *.doubleclick.net www.paypalobjects.com *.paypal.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net tagmanager.google.com;img-src 'self' data: https://images.prismic.io/edenbotanicals/ https://edenbotanicals.prismic.io/ p.typekit.net www.googletagmanager.com *.google.fr *.google.fr *.google.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com www.paypalobjects.com *.paypal.com;font-src 'self' data: fonts.gstatic.com https://use.typekit.net;connect-src 'self' https://docs.edenbotanicals.com/ *.google.com *.doubleclick.net *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne *.googleadservices.com www.paypalobjects.com;base-uri 'self';media-src 'self' data:;report-uri /csp/report 1 default-src 'none'; frame-src 'self' bankid: https://app.bankid.com skolid:; script-src 'self' https://browser.sentry-cdn.com https://az416426.vo.msecnd.net 'nonce-Par6vuti1ED6oCPd4MzXF/EzBrrORwAb2iU2EQMTjAI='; connect-src 'self' https://sentry.ist.com https://dc.services.visualstudio.com https://skolid-mtls.azurewebsites.net; img-src 'self' 'unsafe-inline' www.google-analytics.com data: https://skolidblob.blob.core.windows.net https://skolidlocaldev.blob.core.windows.net https://isthome.blob.core.windows.net https://*.ist.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data: 1 default-src 'self'; block-all-mixed-content; child-src https://www.google.com https://pay.google.com/ https://www.facebook.com https://gateway.sumup.com https://assets.pinterest.com/ https://ltxup.sumup.com *.online-metrix.net; connect-src 'self' https://checkout.sumupstore.com https://api.notolytix.com https://o196784.ingest.sentry.io *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://cdn.optimizely.com https://google.com https://www.google.com https://pay.google.com https://ltxup.sumup.com https://static.sumup.com cdn.sumup.store https://gateway.sumup.com https://api.sumup.com https://js.sumup.com https://api.sumup.net/; font-src 'self' use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://checkout.sumupstore.com https://cdnjs.cloudflare.com https://static.sumup.com cdn.sumup.store; frame-ancestors https://me.sumup.com https://dashboard.sumup.com; frame-src 'self' google.com *.google.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com https://www.google.com https://pay.google.com/ https://www.facebook.com https://gateway.sumup.com https://assets.pinterest.com/ https://ltxup.sumup.com *.online-metrix.net; img-src 'self' https://cdn.shoplo.com cdn.sumup.store https://my-images.sumup.com https://catalog-images-live.s3.amazonaws.com https://catalog-images-dev.s3.amazonaws.com/ https://catalog-images-stage.s3.amazonaws.com https://cdn.sumup.store/ https://www.shopos.local.shoplonet.com https://www.sumupstorecom.icu cdn.sumup.store static.sumup.com *.google-analytics.com *.analytics.google.com https://www.gstatic.com https://api.sumup.com https://circuit.sumup.com https://www.facebook.com https://log.pinterest.com https://ltxup.sumup.com *.online-metrix.net ; script-src 'self' ajax.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://gateway.sumup.com https://net-tracker.notolytix.com/main.js 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://pay.google.com/gp/p/js/pay.js cdn.sumup.store https://api.sumup.com https://js.sumup.com https://connect.facebook.net https://assets.pinterest.com https://ltxup.sumup.com *.online-metrix.net 'nonce-PEV8XIEKVYaATBa6Ic/vGg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com cdn.sumup.store; upgrade-insecure-requests 1 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.com *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1 default-src dock.ui.bosch.tech 'self' *.elmleblanc.fr s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src dock.ui.bosch.tech https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com; frame-ancestors 'self' https: bosch.mi4biz.net http://fs52-buderus-dev.kittelberger.net 1 default-src 'self' data:;font-src 'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src 'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com;form-action 'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com;worker-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk *.leady.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz www.googletagmanager.com;object-src 'self' 1 default-src 'self' https://equatio.texthelp.com/client/ wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ wss://cloud.myscript.com/api/v4.0/iink/document https://*.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com https://equatio-search-proxy-eu.texthelp.com https://script.google.com/ https://idp.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/client/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/client/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://*.europe-west1.firebasedatabase.app/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/client/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/client/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1 default-src 'self'; script-src 'self' 'unsafe-inline' ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com embed.tawk.to platform.twitter.com connect.facebook.net cdn.jsdelivr.net https://www.clarity.ms https://www.findeter.gov.co/modules/contrib/ckeditor/vendor/ckeditor.js *.findeter.gov.co https://www.google-analytics.com https://use.fontawesome.com/releases/v5.13.1/js/all.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.3/jquery-ui.min.js https://static.addtoany.com https://snap.licdn.com https://www.google.com/pagead/ googleads.g.doubleclick.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.findeter.gov.co https://ajax.googleapis.com https://embed.tawk.to https://fonts.googleapis.com https://use.fontawesome.com https://ajax.googleapis.com https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.3/jquery-ui.min.js; img-src 'self' https://c.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://c.bing.com https://www.google.com.co data: https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.facebook.com https://px.ads.linkedin.com; media-src 'self'; frame-src 'self' https://static.addtoany.com https://td.doubleclick.net https://www.youtube.com embed.tawk.to https://www.datos.gov.co https://normograma.info https://www.googletagmanager.com https://2ca8668f816c437da20dc49f7a1f6bf5.svc.dynamics.com/; frame-ancestors *; child-src *; font-src 'self' https://embed.tawk.to https://fonts.gstatic.com https://themes.googleusercontent.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://r.clarity.m https://r.clarity.ms/collect https://va.tawk.to wss://*.tawk.to https://embed.tawk.to https://stats.g.doubleclick.net https://i.clarity.ms/collect https://www.google.com https://px.ads.linkedin.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://*.calendly.com/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.list-manage.com/ https://calendly.com/ https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG https://google-analytics.com/ https://googletagmanager.com/ https://maps.google.com/ https://maps.googleapis.com/ https://platform.twitter.com/widgets.js https://s3.amazonaws.com/ https://stats.wp.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; img-src 'self' data: https://*.google-analytics.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.ytimg.com/ https://google-analytics.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://googletagmanager.com/ https://gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://pixel.wp.com/ https://translate.googleapis.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; object-src 'self' data: https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; frame-src 'self' data: https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; 1 base-uri 'none';child-src 'none';connect-src 'self' statistiek.rijksoverheid.nl maps.googleapis.com inferred.litix.io/ staging-zetookdeknopom.stream.prepr.io staging-zetookdeknopom.files.prepr.io 75kyevibb46g.b-cdn.net 2fax6nf9ccjn.b-cdn.net 4mv9c5bma2yn.b-cdn.net 3hbwmh9pl2hv.b-cdn.net *.youtube.com *.mux.com *.vimeo.com nkw2022-acc-minez.stream.prepr.io;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src 'self' youtube.com *.vimeo.com;img-src 'self' statistiek.rijksoverheid.nl maps.googleapis.com maps.gstatic.com data: blob: staging-zetookdeknopom.stream.prepr.io staging-zetookdeknopom.files.prepr.io 75kyevibb46g.b-cdn.net 2fax6nf9ccjn.b-cdn.net 4mv9c5bma2yn.b-cdn.net 3hbwmh9pl2hv.b-cdn.net *.youtube.com *.mux.com *.vimeo.com nkw2022-acc-minez.stream.prepr.io;manifest-src 'self';media-src 'self' statistiek.rijksoverheid.nl maps.googleapis.com maps.gstatic.com data: blob: staging-zetookdeknopom.stream.prepr.io staging-zetookdeknopom.files.prepr.io 75kyevibb46g.b-cdn.net 2fax6nf9ccjn.b-cdn.net 4mv9c5bma2yn.b-cdn.net 3hbwmh9pl2hv.b-cdn.net *.youtube.com *.mux.com *.vimeo.com nkw2022-acc-minez.stream.prepr.io;object-src 'self' data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl maps.googleapis.com youtube.com vimeo.com www.gstatic.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self' blob:;report-uri https://greenberry.report-uri.com/r/d/csp/enforce;report-to https://greenberry.report-uri.com/r/d/csp/enforce; 1 * 1 default-src data: blob: 'self' 'unsafe-inline' https://app.tintup.com/ https://events.mapbox.com https://api.mapbox.com https://unpkg.com/js-datepicker https://unpkg.com/js-datepicker/dist/datepicker.min.css https://*.crwdcntrl.net https://www.youtube-nocookie.com https://*.amazonaws.com https://api.tintup.com https://cdn.hypemarks.com https://*.nr-data.net https://*.newrelic.com https://www.tintup.com https://*.facebook.net https://analytics.google.com https://*.analytics.google.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://*.onetrust.com https://*.sharethis.com https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.bootstrapcdn.com https://*.crowdriff.com https://*.addtoany.com https://*.fontawesome.com https://*.resy.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://*.clarity.ms https://c.bing.com; upgrade-insecure-requests 1 default-src 'self'; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://optimize.google.com https://*.decibelinsight.net https://*.decibelinsight.com; connect-src 'self' https://www.google-analytics.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://*.egain.cloud https://optimize.google.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.co.uk https://www.facebook.com https://connect.facebook.net https://optimize.google.com data:; object-src data: 'unsafe-eval'; frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://bid.g.doubleclick.net https://optimize.google.com https://cdn.yoshki.com; font-src 'self' https://cdn.yoshki.com/ https://fonts.gstatic.com https://fonts.googleapis.com data:; 1 connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.vimeocdn.com; frame-src 'self' view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; script-src 'self' 'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.googleapis.com *.gstatic.com ; style-src-attr 'unsafe-inline' ; upgrade-insecure-requests; 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://maps.google.com https://maps.googleapis.com https://cdn1.readspeaker.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com; 1 default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://consentcdn.cookiebot.com https://open.spotify.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.weezevent.com https://docs.google.com https://cdn.jsdelivr.net https://licensing.bitmovin.com https://analytics-ingress-global.bitmovin.com https://d12sgur2q2of22.cloudfront.net/ blob:; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' https://consent.cookiebot.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-/9M+ogscxKmmTNdwFSDfdA=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://cdn.jsdelivr.net; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://code.jquery.com/ https://www.praha14.cz:3000/ https://www.praha14.cz/bud/hot https://npmcdn.com https://*.praha14.cz/ https://maps.google.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://schema.org https://*.hcaptcha.com/ https://hcaptcha.com/ https://*.mapy.cz/; img-src 'self' data: blob: https://secure.gravatar.com/ https://www.praha14.cz:3000/ https://thebridge.telenorsat.com/ https://npmcdn.com/ https://*.praha14.cz/ https://maps.google.com/ https://maps.googleapis.com/ https://server.arcgisonline.com/ https://cdnjs.cloudflare.com/ https://*.mapy.cz/; object-src 'self' data: blob: https://*.praha14.cz/ https://docs.google.com/ https://*.mapy.cz/ https://npmcdn.com/ https://maps.google.com/ https://maps.googleapis.com/ https://*.hcaptcha.com/ https://www.youtube.com/ https://youtu.be/; frame-src 'self' data: blob: https://*.praha14.cz/ https://docs.google.com/ https://*.mapy.cz/ https://npmcdn.com/ https://maps.google.com/ https://maps.googleapis.com/ https://*.hcaptcha.com/ https://www.youtube.com/ https://youtu.be/; 1 default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1 default-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://static.digitalchargingsolutions.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; frame-src 'self' https://pay.sandbox.datatrans.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; img-src 'self' https: data: https://cpo-logo.digitalchargingsolutions.com https://static.digitalchargingsolutions.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com ; style-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; font-src 'self' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; 1 script-src https://counter.simplybook.me https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-2a53ad06a96da67626c638d80704791d'; child-src blob: ; frame-src * 1 default-src 'self'; object-src 'none'; script-src 'self'; 1 img-src * data:; 1 default-src *; connect-src *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1 default-src 'self'; img-src 'self'; 1 object-src none; frame-src *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com; frame-ancestors *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.termly.io static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1 script-src 'self' 'unsafe-inline' https://kariera.pregis.cz https://cdn.jsdelivr.net https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://t.leady.com https://connect.facebook.net https://www.linkedin.com https://sjs.bizographics.com https://px.ads.linkedin.com; object-src 'none'; font-src * data:; frame-ancestors 'none'; 1 frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1 default-src 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://www.clarity.ms/ https://*.clarity.ms/; img-src 'self' data: blob: https://*.tile.openstreetmap.org/ https://*.clarity.ms/ https://*.clarity.ms/ https://secure.gravatar.com/ https://*.bing.com/ https://*.google.se/ https://s.w.org/; object-src 'self' data: blob: https://www.googletagmanager.com; frame-src 'self' data: blob: https://www.googletagmanager.com; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://connect.facebook.net https://connect.facebook.net; 1 base-uri 'self'; child-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com https://api.sibspayments.com/; frame-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com https://api.sibspayments.com/; connect-src 'self' https://www.google-analytics.com/g/ https://oppwa.com/ https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://lusiadas-staging.agentifai.com/ wss://lusiadas-staging.agentifai.com/ https://exames.maislusiadas.pt/ https://maps.googleapis.com/ https://region1.google-analytics.com/ https://region1.google-analytics.com/g/ https://www.google-analytics.com/ https://*.google-analytics.com https://*.google-analytics.com/g/ https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.; default-src 'self' data: gap: https://googletagmanager.com/gtag/js https://maislusiadas.pt https://maps.googleapis.com/maps/api/js https://maislusiadas.pt/favicon.ico https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://storage.googleapis.com/ https://fonts.gstatic.com/ https://exames.maislusiadas.pt/; img-src 'self' data: https://maps.gstatic.com https://maislusiadas.pt/Portal https://oppwa.com/ https://www.facebook.com https://*.googleapis.com https://*.ggpht https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.lusiadas.pt/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google. blob:; script-src 'self' data: https://www.apple.com https://appleid.cdn-apple.com https://idmsa.apple.com https://gsa.apple.com https://idmsa.apple.com.cn https://signin.apple.com https://appleid.cdn-apple.com https://maps.googleapis.com https://oppwa.com/ https://onlinepayments.pt/ https://connect.facebook.net https://maps.gstatic.com https://www.googletagmanager.com/ https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://exames.maislusiadas.pt/ https://www.googleadservices.com/ https://ads.google.com/ https://www.google-analytics.com/ https://*.googletagmanager.com https://*.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: https://oppwa.com/ https://www.google.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://fonts.googleapis.com/ https://exames.maislusiadas.pt/ 'unsafe-inline'; frame-ancestors 'self' data: gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://drwells-umbraco-app-prd-01.azurewebsites.net/ https://heydoc.pt/ https://www.drwells-umbraco-app-prd-01.azurewebsites.net/ https://www.heydoc.pt/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=WDjN2nztS5qGWmWVhgH%2FSq6EWJbRd5fMzrpxbQqSpze%2F5eni0KvIHCtlDC2MmUWQcfyEyMCkBxqZ2GlRmu9gNA%3D%3D; frame-src 'self' gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 1 frame-ancestors 'self' *.myhotelschool.nl ; 1 default-src 'self' *.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.google-analytics.com *.googleapis.com www.google.com data: *.gstatic.com *.googleapis.com *.ggpht.com; img-src 'self' www.googletagmanager.com www.google-analytics.com *.googleapis.com data: *.gstatic.com *.googleapis.com *.ggpht.com; connect-src 'self' www.google-analytics.com *.googleapis.com; frame-src 'self' www.google.com; 1 connect-src 'self' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; frame-src 'self' player.vimeo.com www.youtube.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org; script-src 'self' 'unsafe-inline' www.youtube.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' www.youtube.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'unsafe-inline' ; worker-src 'self' 'unsafe-inline' blob:; upgrade-insecure-requests; 1 frame-ancestors http://clients.pensoagency.com; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' assets.ubembed.com go.wastequip.com *.salesforceliveagent.com f4362c3f5e8c411ab3ae398736a68fcc.js.ubembed.com *.simpli.fi googleads.g.doubleclick.net service.force.com *.googletagmanager.com pi.pardot.com *.licdn.com connect.facebook.net bat.bing.com *.google-analytics.com pixel.visitiq.io *.userway.org *.olark.com *.quantcount.com *.quantserve.com; object-src 'self'; img-src 'self' *.quantcount.com *.quantserve.com cdn.userway.org; frame-ancestors 'self'; report-uri /report-csp-violation 1 frame-ancestors https://www.twoa.ac.nz 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.aspnetcdn.com https://ealing.quitmanager.co.uk https://ealingacc.quitmanager.co.uk https://ajax.googleapis.com https://*.googletagmanager.com https://*.googletagmanager.com https://translate-pa.googleapis.com/ https://www.google.com https://apis.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://feeds.trac.jobs https://www.cqc.org.uk https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://unpkg.com/@googlemaps/markerclustererplus/dist/index.min.js https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://fonts.googleapis.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://feeds.trac.jobs https://www.cqc.org.uk https://translate.googleapis.com https://fonts.googleapis.com https://www.gstatic.com https://plus.browsealoud.com https://fonts.googleapis.com; img-src * data:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com *.googleapis.com/ https://feeds.trac.jobs https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://www.browsealoud.com https://plus.browsealoud.com https://browsealoud-webservices-8.texthelp.com https://babm.texthelp.com https://*.speechstream.net; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' https://www.linkedin.com/ https://westlondonnhs-wrc.mindrecoverynet.org.uk/ https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://www.patientopinion.org.uk https://www.careopinion.org.uk; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; media-src 'self' blob: https://*.speechstream.net 1 default-src 'self' data: api.mapbox.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' listerhill.ddev.site js.hs-scripts.com js.hsforms.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com a.opmnstr.com *.hotjar.com *.salemove.com *.glia.com redbook.listerhill.com connect.facebook.net *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google.com seal.digicert.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.stripe.com ssl.gstatic.com *.omappapi.com snap.licdn.com *.buzzsprout.com *.banzai.org banzai.org cdn.tailwindcss.com unpkg.com polyfill.io; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' listerhill.ddev.site a.omappapi.com www.gstatic.com *.google-analytics.com *.analytics.google.com *.google.com *.groovecar.com *.salemove.com *.glia.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.banzai.org banzai.org; img-src 'self' data: forms.hsforms.com forms-na1.hsforms.com *.craft-cdn.com www.facebook.com *.googletagmanager.com maps.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.analytics.google.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com px.ads.linkedin.com www.linkedin.com p.adsymptotic.com track.hubspot.com libs.salemove.com *.gstatic.com *.salemove.com *.glia.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com libs.salemove.com *.gstatic.com *.salemove.com *.glia.com *.listerhill.com; frame-src data: *.hotjar.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com listerhill.com *.google-analytics.com *.analytics.google.com *.google.com *.stripe.com ssl.gstatic.com *.omappapi.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.buzzsprout.com *.typeform.com *.salemove.com zlcuma.secure.fundsxpress.com banking.apiture.com zlcuma.banking.apiture.com; font-src 'self' data: *.salemove.com *.glia.com *.google-analytics.com *.analytics.google.com *.google.com fonts.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com learnbanzai.com *.banzai.org banzai.org *.googleapis.com; connect-src 'self' wss: listerhill.ddev.site analytics.google.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.craftcms.com *.salemove.com *.glia.com *.twilio.com vc.hotjar.io api.opmnstr.com ssl.gstatic.com *.omappapi.com *.hotjar.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net api.hubapi.com api.craftcms.com translate.googleapis.com maps.googleapis.com 1 frame-ancestors 'self' eventmobi.com experience.eventmobi.com *.eventmobi.com * 1 default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com piwik.itzbund.de matomo03.itzbund.de; img-src 'self' data: demografie-portal.de *.demografie-portal.de 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de matomo03.itzbund.de; frame-ancestors 'self'; 1 default-src 'self'; style-src 'unsafe-inline' 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src 'self'; script-src 'self' 'self' https://unpkg.com https://cdn.wolterskluwer.io https://aaadevnewglobalstorage.blob.core.windows.net 'nonce-qwertyuiop'; style-src 'self' 'unsafe-inline' 'self' https://cdn.wolterskluwer.io https://aaadevnewglobalstorage.blob.core.windows.net; img-src 'self' https://cdn.wolterskluwer.io https://aaadevnewglobalstorage.blob.core.windows.net; font-src 'self' https://cdn.wolterskluwer.io https://aaadevnewglobalstorage.blob.core.windows.net;connect-src 'self' ;frame-src 'self' 'self' ; report-uri https://login.wolterskluwer.eu/auth/core/csp/report 1 base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-k2jqhbmno-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1 default-src 'self' www.googletagmanager.com fonts.gstatic.com www.google-analytics.com *.microad.jp *.twitter.com www.facebook.com dmp.im-apps.net www.googleadservices.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net audiencedata.im-apps.net; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.microad.jp www.google-analytics.com *.twitter.com dmp.im-apps.net www.googleadservices.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net audiencedata.im-apps.net; img-src 'self' data: acerjapan.com *.microad.jp www.google-analytics.com *.twitter.com *.google.co.jp *.google.com; 1 base-uri 'none';child-src 'none';connect-src 'self' region1.google-analytics.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src 'self' www.google.com;img-src 'self' storage.googleapis.com;manifest-src 'self';media-src 'self' storage.googleapis.com;object-src 'none';script-src 'self' www.googletagmanager.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://* https://www.cpp.ca/; img-src 'self' data: blob: https://*; object-src 'self' data: blob: https://*; frame-src 'self' data: blob: https://*; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 base-uri 'self'; form-action 'self' data: *.mucf.se trk.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com *.mucf.se *.cloudnet.cloud *.vimeo.com *.webserviceaward.com *.clarity.ms; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.mucf.se unpkg.com *.webserviceaward.com; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net *.ytimg.com *.webserviceaward.com; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.mediaflowpro.com blob: stats.mucf.se stats.c4223.cloudnet.cloud *.ungidag.se ungidag.se *.mucf.se mucf.varbi.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.ungidag.se ungidag.se *.mucf.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob: *.mucf.se *.ungidag.se ungidag.se; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com *.ungidag.se *.webserviceaward.com *.clarity.ms; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://walkinto.in/ https://*.twitter.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com/ https://cdn.askem.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdn.askem.com https://*.typekit.net https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feedback.askem.com https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://heyzine.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 default-src 'self'; connect-src 'self' https://webgate.ec.europa.eu https://intracomm.ec.europa.eu https://intragate.ec.europa.eu https://webgate.ec.testa.eu https://ecas.ec.europa.eu https://ecas.cc.cec.eu.int:7002 https://www.cc.cec https://ecas.ec.testa.eu; font-src 'self'; frame-ancestors 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; img-src https:; manifest-src 'none'; media-src 'self'; object-src 'self'; script-src 'self'; style-src 'self'; block-all-mixed-content; 1 default-src 'self'; block-all-mixed-content; child-src https://*.youtube.com https://youtube.com https://youtu.be https://*.vimeo.com; connect-src 'self' https://*.youtube.com https://*.vimeo.com https://noembed.com/embed https://cdn.plyr.io https://apps.ticketmatic.com https://*.google-analytics.com https://*.facebook.com; frame-src https://*.youtube.com https://vimeo.com https://*.vimeo.com https://*.youtube-nocookie.com https://*.facebook.com; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://sparklink-dama.s3.eu-north-1.amazonaws.com https://*.google-analytics.com https://*.facebook.com; media-src https://p.scdn.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://cdn.plyr.io https://*.facebook.com 'nonce-f0c5td7oe8KRElqoet4rzg=='; style-src 'self' 'unsafe-inline' https://cdn.plyr.io/; upgrade-insecure-requests 1 default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' *.webspellchecker.net/ https://fnk-main-prd-zsa-uploads.s3.eu-west-1.amazonaws.com/ https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.webspellchecker.net/ https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/ *.hotj blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.webspellchecker.net/ *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.fortinet.com/ https://www.wroclaw.pl/topbar/ https://hydropolis.pl/ https://maps.googleapis.com/ https://maps.gstatic.com/; img-src 'self' data: https://www.wroclaw.pl/topbar/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/; object-src 'self' data: https://www.wroclaw.pl/topbar/ https://maps.google.com/; frame-src 'self' data: https://www.wroclaw.pl/topbar/ https://maps.google.com/; 1