Values for x-content-security-policy: default-src 'self'; img-src *; media-src * data:; 1,376 frame-ancestors 'self' 410 allow 'self'; 93 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 61 default-src 'self'; script-src 'self'; 54 report-uri /report-csp-violation 52 img-src *; media-src * data:; 52 report-uri /report-csp-violation; upgrade-insecure-requests 44 upgrade-insecure-requests; 37 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 36 default-src 'self' 'unsafe-inline' 34 default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 28 default-src 'self' 24 upgrade-insecure-requests 23 default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 21 default-src 'self'; 19 frame-ancestors 'none' 17 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; worker-src 'self' blob:; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; report-to https://glsgroup.report-uri.io/r/default/csp/enforce; 15 allow 'self'; media-src *; img-src *; script-src *; style-src *; 15 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 11 sandbox allow-scripts allow-popups allow-same-origin; 11 frame-ancestors 'self'; 11 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 10 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com 9 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 9 frame-ancestors 'self' weleda.sabio.de 9 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 9 frame-ancestors https://*.marketo.com 8 block-all-mixed-content 8 default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 8 allow-scripts allow-popups allow-same-origin; 7 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 7 7 frame-src * 7 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 6 script-src 'self' 6 nosniff 6 default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 6 frame-ancestors https://app.storyblok.com/ 6 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 6 frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 6 frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 6 base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors files.prismic.io;frame-src vercel.live prismic.io *.prismic.io *.oncehub.com *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src *.prismic.io;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io *.mida.so www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' https://*.mida.so;worker-src 'self'; 5 frame-ancestors * 5 frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com https://eu-dg.knowmax.ai; 5 default-src https: data: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com 'unsafe-inline' 'unsafe-eval' data: 5 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 5 frame-ancestors 'self' *.volusion.com 5 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 4 frame-ancestors www.red-gate.com; 4 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 4 self 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com *.visualwebsiteoptimizer.com; worker-src blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 4 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 4 img-src ; media-src data:; 4 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 4 default-src 'self'; img-src *; media-src * data: 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 4 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 4 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 4 default-src "self"; img-src *; media-src * data:; 4 default-src 'self' https://www.chatbase.co/ https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://www.chatbase.co/ https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self'; frame-src 'self' https://www.chatbase.co/ *.stage.ueberbit.de *.prev.ueberbit.de https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/ https://lv.dialoglabor.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 4 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 3 style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://app.guestoo.de https://my.visme.co 3 frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 3 default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com wss://widget-mediator.zopim.com ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com pod-28.zendesk.com https://widget-mediator.zopim.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com 3 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 3 frame-ancestors https://*.randstad.es; 3 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self' 'sha256-UQBytKn0DQWyDg5/YC+FaQxonSsbQk4k0ErDHqBuhfw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self' 3 base-uri 'self' https://*.vbrick.com;child-src 'self' https://*.vbrick.com;connect-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba *.bigbang.hr bigbang.hr; 3 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob: 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 3 frame-ancestors 'self' localhost:* *.tason.com 3 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 3 worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3 frame-ancestors *; report-uri /report-csp-violation 3 default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at https://*.google-analytics.com https://*.google.com https://*.google.at https://*.doubleclick.net https://*.youtube.com https://youtu.be https://*.ytimg.com https://*.facebook.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.g.doubleclick.net https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/; report-uri /report-csp-violation 3 block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 3 frame-ancestors https://teams.microsoft.com *.microsoft.com *.live.com *.outlook.com *.office365.com *.office.com *.cloud.microsoft 3 default-src 'self' ws: wss: blob: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com; font-src 'self' 'unsafe-inline' data: http://cdn.storelocatorwidgets.com http://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com webchat.keyreply.com fonts.gstatic.com kit-free.fontawesome.com https://edge.addthis.com; connect-src 'self' ws: wss: blob: https://geocode.arcgis.com https://log.storelocatorwidgets.com https://b.tiles.expressmaps.com https://a.tiles.expressmaps.com http://markers.storelocatorwidgets.com https://markers.storelocatorwidgets.com https://tiles.expressmaps.com wss://nhg.app.keyreply.com nhg.app.keyreply.com maps.googleapis.com www.google-analytics.com https://v1.addthis.com m.addthis.com https://edge.addthis.com https://api-public.addthis.com https://l.sharethis.com https://datasphere-sbsvc.sharethis.com https://bcp.crwdcntrl.net; frame-src 'self' www.google.com youtu.be www.youtube.com http://s7.addthis.com https://edge.addthis.com https://www.nhgp.com.sg http://t.sharethis.com; frame-ancestors 'self'; img-src * data: maps.gstatic.com *.googleapis.com *.ggpht.com *.storelocatorwidgets.com blob: https://www.wh.com.sg https://cmswh.com.sg; media-src 'self' data: keyreply.blob.core.windows.net youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss: blob: data: https://geocode.arcgis.com https://tiles.expressmaps.com ajax.googleapis.com https://cdn.storelocatorwidgets.com http://cdn.storelocatorwidgets.com maps.googleapis.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://www.wh.com.sg https://cmswh.com.sg https://platform-api.sharethis.com https://t.sharethis.com ; script-src-elem 'self' 'unsafe-inline' ws: wss: blob: https://geocode.arcgis.com/ http://loc.storelocatorwidgets.com/ www.googletagmanager.com www.youtube.com ajax.googleapis.com cdn.storelocatorwidgets.com nhg.app.keyreply.com maps.googleapis.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://platform-api.sharethis.com https://api.mapbox.com; style-src 'self' 'unsafe-inline' data: ajax.googleapis.com s7.addthis.com http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://edge.addthis.com nhg.app.keyreply.com maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com; object-src 'self' youtu.be www.youtube.com https://api.mapbox.com; 3 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 3 frame-ancestors 'self' https://*.etracker.com 3 default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3 frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2 connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allrecipes.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.ew.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.eatingwell.com 2 base-uri 'self'; default-src 'self' *.photonengine.com; block-all-mixed-content; connect-src 'self' *.photonengine.com *.azure.com *.addsearch.com *.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-ancestors 'self'; frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io *.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' *.photonengine.com *.azure.com https://*.google-analytics.com https://*.googletagmanager.com blob: data:; object-src 'self' *.photonengine.com; script-src 'self' *.google.com https://www.gstatic.com 'unsafe-inline' *.azure.com https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 2 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.instyle.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/ https://to.go.saleswingsapp.com/ https://tr.snapchat.com https://tr6.snapchat.com/p https://texthelp.tfaforms.net https://analytics.formassembly.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/ https://sc-static.net https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ https://texthelp.tfaforms.net https://s.saleswingsapp.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/ https://texthelp.tfaforms.net; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net https://texthelp.tfaforms.net https://event.on24.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2 script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self' 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.myrecipes.com 2 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com 'self' https://webapps.itmc.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 'self' 2 base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2 default-src *.maaap.it *.ddev.site *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ingest.sentry.io *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline'; block-all-mixed-content; font-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; frame-src *.ddev.site *.adform.net *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.tiktok.com *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org *.x.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; img-src *.ddev.site *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline'; script-src *.ddev.site *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://tarteaucitron.io inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline' 2 default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; child-src 'self'; font-src 'self' data; form-action https:; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; worker-src 'none' 2 default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/ https://open.spotify.com/ https://australianunity.esaas.inmoment.com.au/cgi-bin/qwebcorporate?idx=QJYD2R https://beyondblue.tfaforms.net/ https://turningpoint.raiselysite.com/ https://turningpoint.raiselysite.com/downer; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/ https://prod-donation-form.vercel.app/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/; frame-ancestors 'self' pages.sitecorecloud.io https://beyondblue-npsp.my.salesforce-sites.com; 2 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.wikimedia.org *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com intermezzo-coop.eu:* *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.localizecdn.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net *.ada.support *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io assets.gyant.com pds.fabrichealth.com pds.stage.fabrichealth.com pds.qa.fabrichealth.com pds.dev.fabrichealth.com; upgrade-insecure-requests 2 base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 2 child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com; connect-src 'self' pi.pardot.com go.jaggaer.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com www.googletagmanager.com promo.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org app.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self' blob: *.qualified.com; upgrade-insecure-requests; 2 default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; connect-src 'self' https://api.friendlycaptcha.com https://piwik.bzga.de 2 frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2 default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2 connect-src 'self' 2 block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2 default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net data:; object-src 'none'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; font-src 'self' data:; report-uri /report-csp-violation 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mista.ua https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.adtrafficquality.google *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org https://polyfill.io/ wikimapia.org https://*.jsdelivr.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com syndicatedsearch.goog *.googletagservices.com *.adtrafficquality.google *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org *.adsensecustomsearchads.com https://www.tiktok.com/; 2 frame-ancestors 'self' https://*.felgenoutlet.de 2 frame-ancestors 'none'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: * 2 default-src https: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com https://*.cevalogistics.com https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 2 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com datawrapper.dwcdn.net *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 2 frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2 frame-ancestors https://*.holman.com *.holmancadillac.com *.holmanhondacentennial.com *.holmanhonda.com *.audisandiego.com *.audiflatirons.com *.audiboulderservice.com *.audipembrokepines.com *.audifortwashington.com *.holmanfordmapleshade.com *.holmanfordturnersville.com *.holmanlincolnmapleshade.com *.princetonbmw.com *.bmwofmtlaurel.com *.bmwoffortlauderdale.com *.bmwofpembrokepines.com *.bmwtigard.com *.kuniautocenter.com *.jaguarsandiego.com *.landroversandiego.com *.landroverdenver.com *.landroverlynnwood.com *.lexusofportland.com *.lexusofportland.com *.lexusofseattle.com *.holmaninfiniti.com *.holmantoyota.com *.lauderdalemini.com *.miniofmtlaurel.com *.porschesandiego.com *.mbvansmapleshade.com *.holmanmotorcars.com *.holmanauto.com *.holmancollision.com *.riskpartners.com *.holmancollision.com *.holmantransportationrrg.com *.holmanvinfastfortlauderdale.com *.holmanineosgranider.com *.studio.porschesandiego.com *.audisandiegofashionvalley.com *.lexusofgreenwoodvillage.com *.holmanineosgrenadier.com 2 frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2 default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2 base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.vimeo.com code.jquery.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com *.player.vimeo.com *.viralsweep.com js.adsrvr.org cdn.userway.org *.vimeo.com analytics.tiktok.com *.pinterest.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com *.vimeo.com code.jquery.com 2 default-src 'self'; block-all-mixed-content; child-src blob:; connect-src 'self' data https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.googleadservices.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://js.zi-scripts.com https://analytics.inzynk.io https://collector4.leadinfo.net https://collector.leadinfo.net https://api.leadinfo.com https://ws.zoominfo.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; font-src 'self' data: data fonts.gstatic.com; frame-src https://*.youtube.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://prod1.solutions.webfg.ch https://*.google.com https://td.doubleclick.net https://www.coface.fr https://pwm-image.trendmicro.com https://edge.media-server.com; img-src 'self' data: data blob https://tr.line.me https://*.lfeeder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://*.hsforms.com https://*.hubspot.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; object-src 'none'; script-src 'self' 'sha256-r5XNBZKG5SuRALRop397WzCpL6A7PPnVeJHjxu4dYoM=' 'sha256-PvjejqLYd3NWAQbuI5ztPkrH0+NbIyvfHcohUy/cDgY=' 'sha256-ixt9cJSW7l/TjcAHQwIkthvmNXKVhbctw0KIBmfT3vI=' 'sha256-TBFB22YzPYBT6rIyeICABgKnf6AS2XlCon7PlKpqwx0=' 'sha256-Mdr7Elzu0r9o/uLCgHaqqkGF/Cjybl8xHE3xxAJOpvE=' 'sha256-Fac3ZJh9Y/mUcXMm30RrYwSt3wFvJ7dvzNvifF3wz9o=' 'sha256-j7hX0Eb40FknxDtJlw+/vJUvnDRI62XPkRyAgR5yDPs=' 'sha256-7vg2+gdz1/ftFJq3ZBimCuYwW04BTLPk0Z8E7kVeGHY=' 'sha256-VyY8SEWR8lMYk6OETYa7fhiLcLnQwdZtN03ECJL48t0=' 'sha256-XbnphNbfccFW7zQZOKk1NECfmmjWeq0cg1FwHrMZZ3A=' 'sha256-nVZbCRzRQSuWk+9W2ls61mQODCppOVf74kz9tIVcvD8=' 'sha256-oIOkXW3jJVB3WzdBAFDW1Y+ploUa4qVp1mqHQeZ7U+Q=' 'sha256-uILB4C9XYyBWeOx5+XQDrAjrU4EsdqN9Ms3lKdPVl58=' 'sha256-fEneWIDmgpMHym15EtxErZC6ZUMtKxivpJeC0XmqQGc=' 'sha256-tAWD8lytuBP8gEXDAj+ZibUssoc3mxK0Qpx5aFn8TT4=' https://*.lfeeder.com https://tags.inzynk.io https://cdn.leadinfo.net https://plugin.sopro.io https://d.line-scdn.net https://js.zi-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://googleads.g.doubleclick.net https://*.gstatic.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hs-scripts.com https://*.linkedin.com https://*.licdn.com https://*.google.com https://*.google.fr; style-src 'self' 'unsafe-inline'; worker-src blob: 2 default-src https: 'self' blob:;script-src https: 'unsafe-inline' 'unsafe-eval' 'self';script-src-elem https: 'self' 'unsafe-inline';object-src https: 'self' blob:;frame-src 'self' blob: https:;style-src 'unsafe-inline' https: data: 'self';font-src https: data:;img-src * data: 'self';connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://*.usw2.pure.cloud wss://intercept-api.questionpro.com; frame-ancestors https://embed.questionpro.com; 2 default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /report-csp-violation 2 style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 2 frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 2 strict-dynamic 2 object-src none; report-uri /report-csp-violation 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 2 default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 2 frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tour.klapty.com/; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.technipenergies.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://d3js.org; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com https://d3js.org; img-src 'self' data: *; frame-src 'self' https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com https://tools.eurolandir.com https://fr.zone-secure.net https://*.ten.com https://*.technipenergies.com; frame-ancestors 'self' https://*.ten.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com; report-uri /report-csp-violation 2 block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://f1-contest.com https://desk.zoho.eu; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com; upgrade-insecure-requests 2 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 2 default-src 'self'; font-src *;img-src * data:; script-src *; style-src * https:; 2 frame-ancestors https://www.degussa-goldhandel.de https://news.degussa-goldhandel.de https://www.degussa-adventskalender.de https://media.degussa-goldhandel.de 2 default-src 'self' localhost static.formstack.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: siteimproveanalytics.com js-agent.newrelic.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com browser-update.org api.eventcalendarapp.com *.formstack.com www.google.com www.gstatic.com web2.production.gyantts.com *.vimeocdn.com cdnjs.cloudflare.com hcaptcha.com newassets.hcaptcha.com stripe.com *.stripe.com *.stripecdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.visualweboptimizer.com app.vwo.com api.eventcalendarapp.com *.gstatic.com fonts.googleapis.com s3.amazonaws.com *.typekit.net *.vimeocdn.com cdnjs.cloudflare.com js.stripe.com; img-src * data:; form-action 'self' *.formstack.com https://bellin.org http://bellin.docksal.site:8080; frame-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; frame-ancestors 'self'; child-src 'self' blob: www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; font-src 'self' data: fonts.gstatic.com *.typekit.net api.eventcalendarapp.com s3.amazonaws.com *.formstack.com; connect-src 'self' bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com wss://web2.production.gyantts.com web2.production.gyantts.com *.hcaptcha.com stripe.com *.stripe.com; base-uri 'self'; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://piwik.bioeg.de/ 2 base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; connect-src 'self' https://www.googletagmanager.com/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://api.cloud.247-inc.net/ https://stg-tie.cloud.247-inc.net/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://d1af033869koo7.cloudfront.net http://d1af033869koo7.cloudfront.net https://dpm.demdex.net/ https://adobedc.demdex.net/ https://edge.adobedc.net https://privacyportal-eu.onetrust.com/ wss://127.0.0.1:2045; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://fonts.gstatic.com/ https://cm.everesttech.net/ data: blob:; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=aBV5lRIpdPJw0yHLVTT2MK2YEObfqH%2FkQl2ZHLCfcBkjSM6JRnMkXKDOzjZ5dW0e5C7yOpPA9g4dunfgNwMcCg%3D%3D; 2 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2 policy-uri /'none' 2 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 2 frame-ancestors https://*.smartrecruiters.com 2 allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com *.typeform.com; fullscreen *.typeform.com 2 img-src * data:; media-src * data: blob:; 2 frame-ancestors 'self' https://app.storyblok.com/ 2 default-src 'self' *.region1.google-analytics.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://api2.abtasty.com try.abtasty.com *.region1.google-analytics.com *.analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gstatic.com z.moatads.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;connect-src 'self' https://measurement-api.criteo.com https://mtmvxcv.pa-cd.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gtm.js wss://*.bing.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://comptoir.jobs.beetween.com;img-src 'self' https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.google.com editor-assets.abtasty.com *.contentsquare.net https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com data: *;child-src blob:;worker-src blob:;style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://gum.criteo.com https://qa-assistant.abtasty.com try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;font-src 'self' data: fonts.gstatic.com common-fonts.abtasty.com;frame-src 'self' https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://bid.g.doubleclick.net https://qa-assistant.abtasty.com csxd.comptoirdesvoyages.fr *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;object-src 'none' 2 default-src 'self'; style-src 'self' 'unsafe-inline' 2 default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com *.hotjar.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org https://storage.pardot.com/961942/1714040807BiAtzoZM/attribution_engine.min.js https://pt.onelineage.com/l/961942/2024-04-25/5n7n9/961942/1714040807BiAtzoZM/attribution_engine.min.js *.zi-scripts.com *.datadoghq-browser-agent.com *.vimeo.com js.zi-scripts.com *.zoominfo.com *.clickagy.com *.weglot.com ; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com *.weglot.com; img-src 'self' data: *.crazyegg.com acsbapp.com *.acsbapp.com *.gstatic.com *.googleapis.com https://cdn.cookielaw.org/logos/static/ot_close.svg https://cdn.cookielaw.org/logos/00ede55a-7822-413c-a767-b17482b93176/6a9f63ca-67d4-447a-846e-044d865079f1/fd22dd1b-b5d9-4bdc-803d-bb78e0f32fd3/lineage_logo.png https://cdn.cookielaw.org/logos/static/powered_by_logo.svg https://id.rlcdn.com/464526.gif *.company-target.com *.everesttech.net *.linkedin.com *.bing.com *.doubleclick.net *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.casalemedia.com *.adnxs.com *.openx.net *.rubiconproject.com *.yahoo.com *.pubmatic.com *.bluekai.com *.cookielaw.org *.clickagy.com *.agkn.com *.sitescout.com *.rlcdn.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com https://airtable.com/ player.vimeo.com *.googletagmanager.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://browser-intake-us5-datadoghq.com *.zi-scripts.com *.zoominfo.com *.hotjar.io *.hotjar.com insight.adsrvr.org https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com *.clickagy.com *; report-uri /report-csp-violation 2 default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2 frame-ancestors https://*.procampaign.net 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.quarticon.com/ https://info.quarticon.com/; img-src 'self' data: https://s.w.org/ https://secure.gravatar.com/ https://cdn.pixabay.com/ https://*.quarticon.com/ https://quarticon.com/; object-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; frame-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; 2 reflected-xss block 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://*.stripe.com/ https://leadbooster-chat.pipedrive.com/ https://*.idea-commerce.com https://www.googleadservices.com; img-src 'self' data: blob: https://www.paypalobjects.com/ https://www.google.pl/ https://s.w.org/; object-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://www.googletagmanager.com/; frame-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://www.googletagmanager.com/; 2 default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gtranslate.net connect.facebook.net/en_US/sdk.js stats.st-denis.cloud-ed.fr translate.google.com *.googleapis.com *.formnx.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com; img-src 'self' data: blob: apicivique.s3.eu-west-3.amazonaws.com cdn.gtranslate.net plainecommune.fr fonts.gstatic.com www.gstatic.com www.google.fr translate.googleapis.com *.google.com; frame-src *; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' apicivique.s3.eu-west-3.amazonaws.com/jvalogo.svg cdn.gtranslate.net stats.st-denis.cloud-ed.fr connect.facebook.net *.googleapis.com *.formnx.com translate.google.com *.gstatic.com; upgrade-insecure-requests 2 default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 2 frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://x.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; 2 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2 default-src 'self' *.google.com *.axa-assistance.cz *.axa-assistance.sk *.axa-assistance.pl *.axa-assistance.at *.axa-assistance.hu 2 default-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://login.microsoftonline.com http://login.microsoftonline.com login.microsoftonline.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 2 img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://*.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cmmdhoksda.cloudimg.io/ https://cdnjs.cloudflare.com https://cmmdhoksda.cloudimg.io/ https://uploads-ssl.webflow.com/ https://cdn.jsdelivr.net https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://svc.webspellchecker.net/ https://postcodes.io https://api.concord.tech; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com https://13646485.fls.doubleclick.net/ https://td.doubleclick.net/ https://www.googletagmanager.com/; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/ https://svc.webspellchecker.net/ https://postcodes.io https://pagead2.googlesyndication.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.google-analytics.com https://*.google.com/ https://google.com/ https://www.thedesignfactory.co.uk https://api.concord.tech; font-src data: 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self' https://uploads-ssl.webflow.com; object-src 'self'; frame-ancestors none 2 form-action 'self' https://liverpoolcharity.franktesting.co.uk/search https://www.uhliverpoolcharity.org/search; default-src 'self'; frame-src 'self' https://indd.adobe.com/ https://gssapps.ebscohost.com/hee/searchboxes/nhs_athensonly.html https://www.youtube-nocookie.com *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com https://forms.office.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js https://www.youtube.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net *.google.com 2 default-src 'self'; block-all-mixed-content; connect-src sentry.trexima.sk 'self' https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.googlesyndication.com https://*.doubleclick.net https://ct.leady.com https://t.leady.com https://ads.worki.sk https://*.tiktok.com; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com https://trexima.ladesk.com https://2-vbus-de.ladesk.com videoservis.tasr.sk www.youtube.com www.facebook.com https://*.doubleclick.net https://*.googlesyndication.com https://*.ladesk.com https://*.googletagmanager.com; img-src 'self' data: *.googleusercontent.com *.worki.sk http.cat http.dog https://*.facebook.com https://*.google.com https://*.google.sk https://*.googletagmanager.com https://*.googlesyndication.com https://*.gstatic.com https://cdn-cookieyes.com https://*.doubleclick.net https://trexima.ladesk.com https://ct.leady.com https://t.leady.com via.placeholder.com; manifest-src 'self' https://dev.worki.sk/ https://dev.worki.sk/site.webmanifest https://stage.worki.sk/ https://stage.worki.sk/site.webmanifest https://www.worki.sk/ https://www.worki.sk/site.webmanifest https://*.worki.sk/*; script-src 'self' ajax.googleapis.com code.jquery.com www.google.com https://*.facebook.net https://*.facebook.com 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.googleadservices.com https://*.doubleclick.net/ https://cdn-cookieyes.com/ https://*.googlesyndication.com https://trexima.ladesk.com https://ct.leady.com https://ads.worki.sk https://*.tiktok.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com/; report-uri /nelmio/csp/report 2 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src 'none'; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://siteintercept.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; report-uri /report-csp-violation 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.youtube.com https://www.facebook.com/ https://*.cloudflare.com https://www.recaptcha.net/ https://www.google.com/ https://platform.twitter.com/ https://tvorimevropu.cz https://region1.google-analytics.com https://www.instagram.com https://www.instagram.com/embed.js https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net/ https://unpkg.com/; img-src 'self' data: blob: https://secure.gravatar.com https://*.ggpht.com https://*.fbcdn.net https://*.twimg.com https://*.w.org https://*.ytimg.com https://www.facebook.com/ https://www.euroskop.cz https://euroskop.uradvlady.online https://tvorimevropu.cz https://scontent.cdninstagram.com/ http://scontent.cdninstagram.com https://*.cdninstagram.com https://www.googletagmanager.com; object-src 'self' data: blob: https://www.youtube-nocookie.com https://www.youtube.com https://*.twitter.com https://anchor.fm https://*.spotify.com/ https://www.instagram.com; frame-src 'self' data: blob: https://www.youtube-nocookie.com https://www.youtube.com https://*.twitter.com https://anchor.fm https://*.spotify.com/ https://www.instagram.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; 2 default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: www.googletagmanager.com https://*.nhs.uk; connect-src 'self' www.googletagmanager.com https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 2 frame-ancestors https://bsp.portal.ednt.de https://www.ednt.de https://www.smart-sip-phone.com https://www.smart-sip-phone.de https://www.acall.de https://www.acall.com 2 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.uno.uk/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 2 default-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.people.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' * 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.realsimple.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1 default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-Jr/ZZL8l6rf3595D0xydcA=='; style-src 'self' 'unsafe-inline' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1 default-src *.archiefweb.eu *.wp.com; frame-src *.archiefweb.eu googleads.g.doubleclick.net *.wp.com; script-src 'unsafe-inline' 'unsafe-eval' *.archiefweb.eu *.googleapis.com *.googlesyndication.com adservice.google.nl adservice.google.com *.wp.com; style-src 'unsafe-inline' *.archiefweb.eu *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src data: *.archiefweb.eu fonts.googleapis.com fonts.gstatic.com *.wp.com *.fontawesome.com wordpress.com *.bootstrapcdn.com; media-src *.archiefweb.eu; img-src data: *.archiefweb.eu *.w.org *.wp.com *.wordpress.com *.gravatar.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-dV/JDg3PmYFqcnGnhuOmMr41yzAnC3noJh2fH17yMU1VULdk'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 default-src 'self' *.destatis.de *.bewacherregister.de; base-uri 'self' *.bewacherregister.de; connect-src 'self' *.destatis.de interamt.de piwik.itzbund.de *.itzbund.de *.bewacherregister.de; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de *.bewacherregister.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net c19.bundesbots.de *.bewacherregister.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de c19.bundesbots.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.destatis.de piwik.itzbund.de c19.bundesbots.de ; child-src blob: *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ c19.bundesbots.de www9.idev.nrw.de www.idev.nrw.de storymaps.arcgis.com stba.maps.arcgis.com *.dashboard-deutschland.de shinymikrosimapp.azurewebsites.net start.video-stream-hosting.de data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com *.destatis.de piwik.itzbund.de c19.bundesbots.de *.bewacherregister.de; frame-ancestors 'self' *.destatis.de statistikportal.bwl.doi-de.net *.statistikportal.de ; upgrade-insecure-requests; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 1 default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1 frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'none'; upgrade-insecure-requests; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.affirm.com *.app-us1.com *.bing.com *.clarity.ms *.doubleclick.net *.files-text.com *.fontawesome.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.typekit.com *.venmo.com *.visualwebsiteoptimizer.com *.youtube.com ccint.activehosted.com cdn.ckeditor.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net i.ytimg.com stackpath.bootstrapcdn.com trackcmp.net unpkg.com www.facebook.com; 1 default-src 'self' data: 'unsafe-inline' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; font-src 'self' fonts.googleapis.com; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net *.sentry-cdn.com *.adobedtm.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com *.wistia.com; img-src 'self' www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms id.rlcdn.com segments.company-target.com tags.srv.stackadapt.com ad.doubleclick.net www.google.co.in *.prod.acquia-sites.com *.apple.com *.advanceinsurance.com data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.wistia.net *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com bcbsks.data.adobedc.net adobedc.demdex.net; upgrade-insecure-requests 1 default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1 default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com vimeo.com *.vimeo.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com vimeo.com *.vimeo.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js https://platform.twitter.com https://challenges.cloudflare.com https://cdn.mouseflow.com https://cdn.jsdelivr.net/npm/search-insights@2.17.3; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/ https://www.googletagmanager.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; upgrade-insecure-requests 1 connect-src * 'self' 1 frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com; object-src *.boursorama.com *.boursobank.com *.brsimg.com 1 frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1 object-src none 1 default-src 'self' http: https: go.addigy.com https://*.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com https://*.pantheonsite.io;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: pages.addigy.com;img-src 'self' data: https://app-app.addigy.com https://www.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://aorta.clickagy.com https://b.sf-syn.com https://dev.visualwebsiteoptimizer.com https://alb.reddit.com https://forms.hsforms.com https://track.hubspot.com https://*.linkedin.com https://ps.eyeota.net https://match.adsrvr.org https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://ml314.com https://obseu.bzcclandlord.com https://cm.g.doubleclick.net https://perf-na1.hsforms.com/ https://forms-na1.hsforms.com/ https://assets.calendly.com/ https://c.clarity.ms/ https://c.bing.com/;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1 frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1 frame-ancestors 'self' bam.harri.com harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com new.harri.com fr.new.harri.com es.new.harri.com ru.new.harri.com de.new.harri.com pl.new.harri.com ar.new.harri.com tr.new.harri.com internal-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com internal-temp-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com live.harri.com liveschedule.harri.com; 1 frame-ancestors https://*.omantel.om 1 frame-ancestors 'self' *.iza.org; 1 frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com nbcolympics.com 1 frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://cdn.popupsmart.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://connect.facebook.net https://partner.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.clarity.ms https://c.bing.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com fonts.googleapis.com https://www.google.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://cdn.popupsmart.com https://use.fontawesome.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data: https://mvsfservicefabricusva.blob.core.windows.net; frame-src 'self' https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://embed.mediavalet.com *.un.org https://cdnapisec.kaltura.com https://datawrapper.dwcdn.net https://app.powerbi.com https://vimeo.com https://player.vimeo.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://*; report-uri /report-csp-violation 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.agriculture.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.learnreligions.com 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se klimatanpassningsradet.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.peopleenespanol.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1 frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 1 default-src https:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' http: www.google-analytics.com ajax.googleapis.com; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 1 X-Content-Security-Policy 1 default-src 'self'; script-src 'self' https://youtube.com/ https://cnes.matomo.cloud/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io ; object-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com ; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io/css/ cdn.tarteaucitron.io/css/ https://fonts.googleapis.com/; img-src 'self' data: https://i.ytimg.com https://*.tile.openstreetmap.fr 'unsafe-inline' https://tarteaucitron.io/log/ tarteaucitron.io/log/; media-src 'self' https://podcast.cnes.fr/ https://www.podcast.cnes.fr/; frame-src 'self' https://youtube.com https://www.youtube.com player.vimeo.com youtube.com www.youtube.com https://youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; frame-ancestors 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://tarteaucitron.io/ tarteaucitron.io https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io; child-src 'self' https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; connect-src 'self' 'unsafe-inline' https://cnes.matomo.cloud/ https://cdn.matomo.cloud/cnes.matomo.cloud/ https://tags.data-driven.fr cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-EjhkrKYmFJxH9/5pFLKwNg=='; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com https://download1.pornbox.com download1.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect https://*.googleapis.com *.googleapis.com https://*.firebaseio.com *.firebaseio.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://fonts.gstatic.com fonts.gstatic.com data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://accounts.google.com accounts.google.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com apis.google.com https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1 frame-src 'self' 1 default-src 'self'; script-src 'report-sample' 'self' https://contaazul.my.salesforce.com/embeddedservice/5.0/client/liveagent.esw.min.js https://d.la1-c2-ia4.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://d.la1-c2-ia5.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://www.googletagmanager.com/gtag/js; style-src 'report-sample' 'self' https://contaazul.my.salesforce.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://contaazul.my.salesforce.com; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://653a851cb68e7c6a2aefe900.endpoint.csper.io/?v=0; worker-src 'self'; 1 frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1 script-src 'nonce-0979d7ca-9179-4d96-93a7-bed6117f0fcd' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1 default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi s3.eu-west-1.amazonaws.com/files.roidu.com/vero-mrs/ customer.cludo.com; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai boost-files-general-eu-west-1-test.s3-eu-west-1.amazonaws.com boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com; media-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai mrs-p.s3.eu-west-1.amazonaws.com *.monitor.azure.com *.cdn.applicationinsights.io customer.cludo.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai youtube.com *.roidu.com *.in.applicationinsights.azure.com js.monitor.azure.com api.cludo.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1 default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com youtu.be *.youtu.be gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net *.g.doubleclick.net addthis.com *.addthis.com 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com www.googleadservices.com www.google.com *.googleadservices.com *.google.com googleads.g.doubleclick.net bid.g.doubleclick.net *.g.doubleclick.net snap.licdn.com *.snap.licdn.com *.licdn.com p.adsymptotic.com *.adsymptotic.com *.googlesyndication.com googlesyndication.com cdn.linkedin.oribi.io www.google.com.eg *.google.com.eg *.mainstay.com addtoany.com *.addtoany.com googleapis.com *.googleapis.com noembed.com *.noembed.com plyr.io *.plyr.io cdn.jsdelivr.net *.clarity.ms surveymonkey.com *.surveymonkey.com; report-uri /report-csp-violation 1 default-src 'self' *.medimpact.com data:;; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com cdnjs.cloudflare.com *.google-analytics.com *.vimeo.com *.youtube.com *.medimpact.com; object-src 'self' *.medimpact.com data:;; style-src 'self' 'unsafe-inline'; img-src 'self' *.google-analytics.com *.medimpact.com *.googletagmanager.com data:;; media-src 'self' *.medimpact.com data:;; frame-src *.vimeo.com *.youtube.com *.medimpact.com; frame-ancestors *.medimpact.com; font-src 'self' * data:;; connect-src 'self' *.google-analytics.com *.vimeocdn.com *.medimpact.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-R/9p3CHWd07n+vlDpphsCA==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1 default-src https: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com cdn.jsdelivr.net *.akamaihd.net *.ceros.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net *.facebook.com *.ceros.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1 base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 1 frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.hlisb.com.my https://www.hlb.com.kh https://www.hlbank.com.sg https://www.hlbank.com.vn https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my https://10.103.8.91 wss://10.103.8.91 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.dailypaws.com 1 frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn 'self'; 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1 default-src 'self' data: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com nonce-0688f2011cf32c6c471ed4de1e1b983a *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net https://cdn.jsdelivr.net/npm/choices.js@4/public/assets/scripts/choices.min.js https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/645ce8e8af0302001ab5296a.js; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob: www.googletagmanager.com; media-src 'self' data: https: blob:; frame-src 'self' data: blob: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' webhost1.ru d.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.bitrix24.ru *.roistat.com privacy-cs.mail.ru top-fwz1.mail.ru infird.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1 default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com *.onelink-edge.com googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com cdn.linkedin.oribi.io *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com www.googleadservices.com googleads.g.doubleclick.net *.tags.srv.stackadapt.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com cdn.userway.org tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net ad.doubleclick.net *.google.ca *.gstatic.com *.googletagmanager.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; media-src 'self' 'unsafe-inline' youtube.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com onelink-edge.com googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com bid.g.doubleclick.net *.company-target.com youtu.be tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; child-src 'self' blob: dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com *.onelink-edge.com googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com cdn.linkedin.oribi.io *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com *.linkedin.com *.google.com *.g.doubleclick.net *.analytics.google.com *.google.ca *.demandbase.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1 default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org https://player.vimeo.com/ https://www.recaptcha.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onelogin.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/;; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:;; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com;; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://cdn01.spd.de https://mitgliedwerden.spd.de https://tamaro.raisenow.com https://cdn.jsdelivr.net https://*.datatrans.com ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://socialwall.spd.de https://cdn01.spd.de https://*.spd.de https://*.openstreetmap.de https://images.admiralcloud.com https://cdn.jsdelivr.net ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://*.spd.de https://*.datatrans.com https://dpa-electionslive.s3.amazonaws.com https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://www.youtube.com https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://www.verbavoice.ne https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://sipg.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://t3prod.admiralcloud.com https://player.admiralcloud.com https://gateway.spendino.de ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de https://static.spd.de https://assets.raisenow.io https://cdn.jsdelivr.net ; connect-src 'self' https://widget-api.raisenow.com https://api.raisenow.io https://analytics.spd.de https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de https://*.raisenow.io ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de https://mitgliedwerden.spd.de https://static.spd.de https://assets.raisenow.io ; 1 frame-ancestors 'self' cmsv2.zebrix.net 1 base-uri 'self';child-src 'none';connect-src 'self' webpack://* *.algolia.net *.algolianet.com *.adnxs.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io privacyportal-fr.onetrust.com bat.bing.com geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com *.googleadservices.com *.facebook.com googleads.g.doubleclick.net *.hotjar.io *.google-analytics.com metrics.relaischateaux.com *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com api.widget.botmind.ai;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self' *.adyen.com *.adyenpayments.com;frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com recaptcha.net www.google.com www.googletagmanager.com *.adyen.com;img-src 'self' data: blob: www.relaischateaux.com *.gstatic.com *.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com www.facebook.com ib.adnxs.com *.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com *.googletraveladservices.com *.googletagmanager.com googleads.g.doubleclick.net *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com d1m7xnn75ypr6t.cloudfront.net cdn.worldweatheronline.com loremflickr.com c1.tacdn.com www.tripadvisor.com www.tripadvisor.fr assets.relaischateaux.com static.tacdn.com;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com recaptcha.net www.gstatic.com www.google.com *.adyen.com *.actito.be secure-hotel-tracker.com *.googleadservices.com *.yahoo.com *.yahoodns.net *.yimg.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com *.googletagmanager.com;worker-src 'self';upgrade-insecure-requests ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://thirdiron-assets.s3.amazonaws.com/ https://maps.googleapis.com https://www.youtube.com/ https://www.google.com https://www.gstatic.com/; img-src 'self' data: https://thirdiron.com https://thirdiron-assets.s3.amazonaws.com https://assets.thirdiron.com https://secure.gravatar.com; object-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; frame-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.midwestliving.com 1 default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.clickandboat.com/frontend-assets/master/elements/ https://assets.clickandboat.com/frontend-assets/master/ https://assets.clickandboat.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com pagead2.googlesyndication.com www.google.com www.googletagmanager.com www.googleadservices.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.clickandboat.com/frontend-assets/master/ https://assets.clickandboat.com/frontend-assets/master/elements/ blog.clickandboat.com blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.doubleclick.net secure.adnxs.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk www.google.com.co www.google.com.do *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.clickandboat.com/frontend-assets/master/elements/ https://assets.clickandboat.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com browser.sentry-cdn.com 'unsafe-inline' 'nonce-ZQSYTXlO70hF8GHOr0z12Q=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.clickandboat.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; report-uri https://o417216.ingest.us.sentry.io/api/4506020607492097/security/?sentry_key=3c14ba189cc8cb536d95fb1b6fe67298 1 frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.woodmagazine.com 1 default-src 'self'; script-src 'self'; object-src 'none'; 1 default-src 'self' *.crazyegg.com https://www.clarity.ms https://*.clarity.ms https://brandfolder.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://93903118.adoric-om.com/adoric.js cdn.pushcrew.com *.crazyegg.com https://brandfolder.com https://script.crazyegg.com https://www.youtube.com https://bat.bing.com https://bat.bing.com/bat.js https://www.youtube.com/s/player/652ba3a2/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/s/player/9135c2ab/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__en.js https://www.google.com/recaptcha/api.js https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com http://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com http://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com http://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://brandfolder.com https://static.adoric.com/adoric.v9.11.min.css *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://dev.visualwebsiteoptimizer.com/static/latest/styles/themes/light-1975c1b85dd0e3c2ab714e934485e6dc.css https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://090-bzj-603.mktoutil.com https://o.clarity.ms/collect https://n.clarity.ms/collect https://brandfolder.com *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://e.clarity.ms/collect https://app.adoric-om.com https://www.google.com https://r3.visualwebsiteoptimizer.com https://s.clarity.ms/collect https://u.clarity.ms/collect https://q.clarity.ms/collect https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://script.crazyegg.com https://v.clarity.ms/collect https://z.clarity.ms/collect https://i.clarity.ms/collect https://bat.bing.com https://pagead2.googlesyndication.com https://r.clarity.ms/collect https://d.clarity.ms/collect https://h.clarity.ms/collect https://api.nelioabtesting.com https://googleads.g.doubleclick.net/pagead/landing https://b.clarity.ms/collect https://www.google.com/pagead/landing https://l.clarity.ms/collect https://k.clarity.ms/collect https://j.clarity.ms/collect https://a.clarity.ms/collect https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com http://play.vidyard.com https://play.vidyard.com http://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com https://brandfolder.com https://aurora.videojet.com https://sketchfab.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.crazyegg.com https://ce-user-images.s3.amazonaws.com https://r3.visualwebsiteoptimizer.com https://cdn.videojet.com https://bat.bing.com https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.videojet.com https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' blob: https://www.videojet.com/8f800ce3-8244-4b89-89b5-f03508f5a826 https://www.videojet.com/17d37230-7797-4321-a585-61ea33fad9f3 https://www.videojet.com/cc4a4225-3925-4a45-9842-5933b7d1004b https://www.videojet.com/56d54f80-c9ab-4331-b33f-e06b66dc3b0d https://www.videojet.com/4a05e78f-8c13-4b73-b62e-cf1df09d0daf https://www.videojet.com/450800d5-f8dd-4adc-9cee-572a40fcf72d https://www.videojet.com/77112999-e527-4268-a2e0-3fc213b55130 https://www.videojet.com/35be1011-2e28-417c-8a5e-7f73009dc4f4 https://www.videojet.com/852f27a1-4c63-4e96-b551-09b8f4c8fec9 https://www.videojet.com/7f16fe24-41b5-48db-84d6-22eba56fbc4b https://www.videojet.com/0b2010b5-5b14-4954-8230-e5816ffb81e5 https://www.videojet.com/346cc51c-f115-4697-9b12-446a731a14ce https://www.videojet.com/16590a3a-1258-41d0-aa21-eb1844b7c560 https://www.videojet.com/b6d93fc6-05bb-4ce9-9e4a-80cf090dc381 https://www.videojet.com/64a77bc7-a7fe-4ba2-93d4-9c66636966c6 https://www.videojet.com/37656ea4-dd66-4da7-9bc8-0e8454b7f99d https://www.videojet.com/0c3580f6-3734-462d-b2b3-ec419e4341aa https://www.videojet.com/af68f78b-610e-437a-b4b5-72e77a2e56cb https://www.videojet.com/0a433153-d644-4a90-9e9d-2a6798084d16 https://www.videojet.com/5fb9fe23-9ef9-4843-a751-337ccd9d9ff7 https://www.videojet.com/176f0f62-9ad1-4968-a8c0-bf0cef77d9df https://www.videojet.com/01e5614d-ef9b-4ee9-aabf-d467a15efe37 https://www.videojet.com/d0efd544-1d21-412c-b5df-f4bb1e962a0e https://www.videojet.com/41077642-ba17-4a59-8c15-b88998d01515 https://www.videojet.com/f5dcab1f-c82e-4e77-a4a3-bda49f73c4b8 https://www.videojet.com/2714c20b-65e2-44de-b392-7de6d9ed1d0b https://www.videojet.com/00d52daf-2ce5-43d5-8aa5-bada1ae6bb35 https://www.videojet.com/c2a9034a-2113-47b0-95e0-ba70f153ada0 https://www.videojet.com/5e605692-361b-4b3b-8e35-f390a089aec5 https://www.videojet.com/8c980ae2-aee2-49ae-a310-01d4ec69b200 https://www.videojet.com/93a2e38a-1795-4548-a9d5-77016b60d2da https://www.videojet.com/da4bf386-65f8-48d1-9320-7bc8baffb942 https://www.videojet.com/27924d43-ac34-4b4f-9dc8-8c4044b64419 https://www.videojet.com/053c2f2d-12c6-4c7a-ad65-dc3a9fa37e11 https://www.videojet.com/8a8ed960-d9e4-4e75-bcee-b10b973e5538 https://www.videojet.com/4b26b4de-e236-45b4-a332-dcbcab49a215 https://www.videojet.com/6589a4db-4107-48fe-b7ec-a64dfde8efe4 https://www.videojet.com/90e5c3a7-ace9-4cfd-850c-a7cf3bb63a7f https://www.videojet.com/876a4b1e-29d5-4aa9-b700-d19e22919ab3 https://www.videojet.com/be48ff17-3c5f-4363-a81d-fc019f7989d9 https://www.videojet.com/b513495a-d5af-406f-956b-ea8f707d3c83 https://www.videojet.com/9412d8a5-1a32-4101-8a63-6b1f6e039630 https://www.videojet.com/a05777b4-dd1a-4c6c-b531-2f6723deae8d https://www.videojet.com/8d61af98-d917-4429-94b1-0936842ac333 https://www.videojet.com/c134f1fc-70df-4ad4-a498-20f0037e8c5c https://www.videojet.com/c17d1145-be66-4f9c-b6eb-92acdfcf315d https://www.videojet.com/7e685416-f3f7-4121-a4f1-174f7f0c3bec https://www.videojet.com/c696b255-535b-4608-81b7-39e0806df13a https://www.videojet.com/61bd0fb4-b015-40bb-96c9-130e3b985be0 https://www.videojet.com/46892d75-c151-4707-b51c-2292d2d6d65f https://www.videojet.com/f118d694-df45-4bcf-bd4d-aab3b7aeee33 https://www.videojet.com/48017537-929e-4ad5-9757-e67b262d45df https://www.videojet.com/117795bb-b988-48b3-9b0f-5db989c4b691 https://www.videojet.com/1cafafe3-39ff-4f4f-b692-5e038933fc7d https://www.videojet.com/b0936365-29d0-426c-ae87-760d4b3613da https://www.videojet.com/14adb335-c443-4497-ba6a-62aeec9d5f68 https://www.videojet.com/22033d11-8285-45c6-9096-42f6f039514c https://www.videojet.com/d006e5b8-84f5-4676-9727-f926834dcc6c https://www.videojet.com/101e1222-bf33-40be-863f-81ee6807c9c4 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/54d65f82-d9d5-4f40-b356-5ff2bfa1ede5 https://www.videojet.com/c27ea47d-1ace-4499-8f48-dd365c2c2cff https://www.videojet.com/67328adb-ce0e-44d8-89ff-907cec9a9572 https://www.videojet.com/2c5dac11-53be-45bd-a1bf-9158e0c258e9 https://www.videojet.com/6c37e40f-eef0-425f-afd2-07cf2902f0c8 https://www.videojet.com/b03ab104-a4cc-490a-8c46-1e6ec48ab5ab https://www.videojet.com/043af784-9c5c-4edd-bff3-38c5eb2f5768 https://www.videojet.com/3585e1e8-d56e-4662-92db-efd1a3f74c40 https://www.videojet.com/3dbad550-e88f-4360-b5d8-9c9281e07435 https://www.videojet.com/095ee2b7-26bc-4836-8d0a-74706fecb366 https://www.videojet.com/00ad9452-3529-4ce0-9ed6-1eaff508d2e9 https://www.videojet.com/114b0a18-57c7-4663-9c1a-527928629afc https://www.videojet.com/32e1040a-1837-41a2-a9f0-af59f6b3b271 https://www.videojet.com/429959ec-3e8a-4c07-9fab-c386491ccd9b https://www.videojet.com/3b662cf4-d714-41f9-bc28-e984e2646ec5 https://www.videojet.com/60497885-22f7-4d78-b232-8a03496a511a https://www.videojet.com/975addda-33ab-419b-be30-f8f28cbcbed2 https://www.videojet.com/fdd687c5-3a20-455e-93a8-249ca0be729b https://www.videojet.com/6d404870-636e-4a2e-90c0-23ff00ec0091 https://www.videojet.com/6a51256c-7fc3-48c4-8ba2-4c2fed76f3fd https://www.videojet.com/159c39b4-c875-49e1-afee-1484faed62e2 https://www.videojet.com/489d5d2c-4da2-4d03-ba13-d691b2048e29 https://www.videojet.com/6ef4e507-36a9-4608-b214-b25fc9f3826c https://www.videojet.com/10d5333b-d694-4260-8849-5409a982f4f2 https://www.videojet.com/7f6f422a-f91d-4566-a955-280febef40f0 https://www.videojet.com/642c9f9a-9c7f-48af-a8bc-b11952d37dbf https://www.videojet.com/70a6aac0-b30b-45dc-a2bf-26c7d77b18fc https://www.videojet.com/a671e91f-8658-4818-ba3f-27a99afbe204 https://www.videojet.com/0d0cc83f-b381-4158-8b09-3694096c6fe6 https://www.videojet.com/440cf408-5c40-42b4-a359-749f3acac925 https://www.videojet.com/36214bec-996a-4e05-970a-d241d12f2db8 https://www.videojet.com/926a8753-53b5-4ad4-a62c-4713dbd1c37f https://www.videojet.com/c9d5afaf-a0aa-4db7-b518-d967b3d81b36 https://www.videojet.com/1295068b-cdb0-46ed-819a-deec0a6a36bd https://www.videojet.com/a644a86c-7519-4f37-aea1-b6d2f9fdc74d https://www.videojet.com/3c3628c1-5a46-41af-a537-db43daeef27f https://www.videojet.com/eaee86f7-2def-47cd-a2da-c205fd59ff74 https://www.videojet.com/d474b2a2-dfbd-4839-801c-7bfa3d00d171 https://www.videojet.com/2bc12286-5f03-4415-8f6b-0b18c6c90678 https://www.videojet.com/53cde3ea-2d8d-4289-aa7e-64e16b22c213 https://www.videojet.com/3243adbf-8aa3-4fa5-8666-2ec5bdb6f8b7 https://www.videojet.com/08a2f4c8-c23c-41fa-b029-ea7e111c1514 https://www.videojet.com/3191c924-2f60-4df2-b958-218e0b9b123e https://www.videojet.com/91a64e33-4c05-4b24-b405-a8461f7f1322 https://www.videojet.com/9600bcf4-3d06-4e24-b9af-7acd859cf28a https://www.videojet.com/0a315fd7-f8d2-4b2b-915b-77c4bd3c0217 https://www.videojet.com/7ab9984b-8cab-4783-b2ab-2427d3b33600 https://www.videojet.com/32afd7a5-fa8b-4d05-8146-ef4a0a4369ab https://www.videojet.com/84173372-c53e-4ed0-8ffe-bdbb31359feb https://www.videojet.com/cf6e098c-906f-4e75-b259-dd7e1c6a0786 https://www.videojet.com/d1fc4e99-bda5-42fd-ac03-2b4ec19dc3ac https://www.videojet.com/3e11e14c-6fe1-45e3-b8bd-5f2339b05902 https://www.videojet.com/e25e662a-d923-4559-aee9-e5fa12862a4f; 1 frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com *.google.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; script-src-elem: cdn.dashjs.org; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self' datawrapper.dwcdn.net; 1 default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1 font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de 'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de; img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; font-src 'self' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' cdn.pendo.io; img-src 'self' https://purecatamphetamine.github.io; object-src 'none'; frame-src 'self'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation; connect-src 'self' https://localhost:7279; navigate-to 'self' https:; base-uri 'self'; 1 default-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk 'strict-dynamic'; script-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://static.addtoany.com https://www.googletagmanager.com https://px.ads.linkedin.com https://f.vimeocdn.com https://www.google-analytics.com https://*.vimeo.com https://vimeo.com https://snap.licdn.com https://maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval' https://sidebar.bugherd.com https://cdn.jsdelivr.net https://www.bugherd.com; object-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk; style-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk 'unsafe-inline' https://fonts.googleapis.com; img-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://px.ads.linkedin.com https://i.vimeocdn.com https://www.google-analytics.com https://i.ytimg.com https://www.googletagmanager.com data:; media-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk; frame-ancestors 'self' https://*.carlyle.com; child-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk static.addtoany.com *.vimeo.com https://td.doubleclick.net https://www.youtube.com https://sidebar.bugherd.com; font-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://fonts.gstatic.com; connect-src *.prod.acquia-sites.com *.web.ahdev.cloud *.carlyle.cn *.carlyle.com *.carlyle.jp *.carlylegroup.ch *.carlylegroup.cn *.carlylegroup.co.in *.carlylegroup.co.kr *.carlylegroup.co.nz *.carlylegroup.co.uk *.carlylegroup.com.br *.carlylegroup.com.cn *.carlylegroup.com.es *.carlylegroup.com.fr *.carlylegroup.com.hk *.carlylegroup.com.tw *.carlylegroup.de *.carlylegroup.dk *.carlylegroup.es *.carlylegroup.fr *.carlylegroup.in *.carlylegroup.info *.carlylegroup.it *.carlylegroup.jp *.carlylegroup.net.nz *.carlylegroup.net.ru *.carlylegroup.nl *.carlylegroup.org *.carlylegroup.org.nz *.carlylegroup.org.uk https://www.google-analytics.com https://vimeo.com https://px.ads.linkedin.com https://analytics.google.com https://f.vimeocdn.com https://fresnel.vimeocdn.com/add/player-stats https://stats.g.doubleclick.net https://sidebar.bugherd.com; upgrade-insecure-requests 1 frame-ancestors self; report-uri /report-csp-violation 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1 default-src *;script-src 'self' 'nonce-u6pMJPW42mTl8p5UvNDkO+xDAodqn0AP1KxEBK/AoF8='; 1 default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; connect-src * 'self' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com 1 frame-ancestors 'self' boomerang.pierreetvacances.com 1 frame-ancestors 'self' https://www.genau-lotto.de https://genau-lotto.de https://*.etracker.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://static.cloudflareinsights.com; 1 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com bat.bing.net *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de *.moviexchange.com unpkg.com *.adtrafficquality.google ad.turn.com; block-all-mixed-content 1 frame-ancestors 'self' https://www.lowi.es https://lowi.es; 1 frame-ancestors 'self' https://*.pmsuryaghar.gov.in; script-src 'self' https://gis.pmsuryaghar.gov.in 'unsafe-inline' https://mapservice.gov.in https://js.arcgis.com; script-src-elem 'self' https://gis.pmsuryaghar.gov.in 'unsafe-inline' https://mapservice.gov.in https://js.arcgis.com; object-src 'none'; worker-src 'self' https://js.arcgis.com blob:; 1 frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.san.com *.go-vip.net *.doubleclick.net *.cookiebot.com *.googleapis.com *.googletagmanager.com *.wp.com *.wordpress.com interactives.ap.org wordpress.com *.parsely.com *.brightcove.net *.brightcove.com *.typekit.net *.zencdn.net *.gstatic.com *.newrelic.com *.surveycarrot.com *.googlesyndication.com *.googletagservices.com *.dwcdn.net *.jsdelivr.net *.appboycdn.com *.twitter.com *.x.com *.instagram.com *.facebook.net *.facebook.com *.google.com *.tiktok.com *.truthsocial.com *.c-span.org truthsocial.com *.byspotify.com byspotify.com *.ads-twitter.com ads-twitter.com *.mediaengagement.org mediaengagement.org *.tiktokcdn-us.com *.mouseflow.com *.typeform.com *.sparkloop.app *.polldaddy.com *.cloudflare.com *.sketchfab.com *.tradingview.com; img-src * data:; font-src * data:; connect-src *; worker-src * blob:; media-src * blob:; frame-src 'self' san.com *.san.com san-maps.vercel.app *.google.com *.googletagmanager.com *.wp.com *.wordpress.com interactives.ap.org wordpress.com *.cookiebot.com *.twitter.com *.x.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.facebook.net *.facebook.com *.g.doubleclick.net *.googlesyndication.com *.safeframe.googlesyndication.com *.tiktok.com *.truthsocial.com *.c-span.org truthsocial.com *.byspotify.com byspotify.com *.ads-twitter.com ads-twitter.com *.mediaengagement.org mediaengagement.org *.typeform.com sketchfab.com *.sketchfab.com *.polldaddy.com *.brightcove.net *.brightcove.com *.tradingview.com tradingview-widget.com s.tradingview.com flo.uri.sh datawrapper.dwcdn.net; 1 script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1 default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1 default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1 default-src blob: https: wss: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.youtube.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com youtu.be *.youtube.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-src 'self' player.vimeo.com *.youtube.com *.youtube-nocookie.com youtu.be *.youtube.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com youtu.be *.youtube.com *.ytimg.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1 default-src 'self';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline';connect-src 'self';font-src 'self';style-src 'self' 'unsafe-inline'; 1 default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1 default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src 'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://gateway.mobbeel.com/ mobbeel.com *.mobbeel.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.industowers.com/ https://*.industowers.com/ http://*.industowers.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/ https://s.tradingview.com/; img-src 'self' data: blob: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://goo.gle/ https://www.industowers.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googletagmanager.com; object-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; frame-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; form-action 'self' data: blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; 1 frame-ancestors 'self'; frame-src 'self' centredeservices.alturing.eu www.youtube.com www.youtube-nocookie.com *.chronopost.fr *.weborama.fr www.googletagmanager.com mmtro.com www.zenaps.com *.doubleclick.net www.awin.com marketingplatform.google.com *.chronoshop2shop.fr *.chronoshop2shop.com *.cookiebot.com; form-action 'self' *.chronopost.fr *.chronoshop2shop.com *.chronoshop2shop.fr http:; default-src 'self' data: *.googleusercontent.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.aticdn.net *.cookiebot.com *.xiti.com *.abtasty.com *.chronopost.fr *.chronoshop2shop.fr *.chronoshop2shop.com *.cloudflare.com cdn.jsdelivr.net *.facebook.net *.facebook.com *.googleapis.com *.doubleclick.net *.mmtro.com *.weborama.fr *.metaffiliation.com www.dwin1.com *.clarity.ms *.google.com *.google.fr *.googlesyndication.com lantern.roeye.com lantern.roeyecdn.com *.googleadservices.com 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1 upgrade-insecure-requests; default-src * data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' data: https://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline' 'unsafe-eval' https://web106.reachmee.com https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://cdn.plyr.io https://player.vimeo.com https://static.cloud.coveo.com https://cdn.jsdelivr.net https://view.ceros.com https://jamesleist.com https://clientweb.passle.net https://cdn.iframe.ly https://safespaces.azurewebsites.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com; style-src 'self' data: 'unsafe-inline' https://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.plyr.io https://static.cloud.coveo.com https://jamesleist.com https://safespaces.azurewebsites.net https://www.gstatic.com; img-src * 'self' data: https://*.hotjar.com https://jamesleist.com; font-src 'self' data: https://*.hotjar.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com https://jamesleist.com https://safespaces.azurewebsites.net; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://jamesleist.com; frame-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com https://view.ceros.com https://jamesleist.com https://www.podcaster.de https://w.soundcloud.com https://open.spotify.com/ https://cdn.iframe.ly; frame-ancestors 'self' https://sdn.sitecore.net 1 default-src 'self'; connect-src 'self' https://*.digiaccess.org https://*.usercentrics.eu https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://*.ekir.de; frame-src 'self' https://*.usercentrics.eu https://umap.openstreetmap.fr https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://contentpool3.ekir.customers.intentive.net https://*.usercentrics.eu https://*.openstreetmap.fr https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com https://*.ekir.de; media-src 'self' https://contentpool3.ekir.customers.intentive.net https://*.evangelisch.de https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.digiaccess.org https://*.usercentrics.eu https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; frame-ancestors 'none'; 1 default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com *.imaginativeenterprising-intelligent.com *.mouseflow.com *.clarity.ms *.publuu.com *.buzzsprout.com *.lfeeder.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com *.cloudflare.com *.avl-marketing.com *.clarity.ms *.amazonaws.com *.lfeeder.com *.kununu.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at *.publuu.com publuu.com *.buzzsprout.com publications.avl.com www.googletagmanager.com; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com *.mouseflow.com *.cloudflare.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com *.mouseflow.com *.clarity.ms bat.bing.com; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.google.com/ads/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://b.6sc.co/ https://app-sj27.marketo.com/ https://go.scaledagile.com/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://static.smartrecruiters.com/ https://*.company-target.com/ https://www.smartrecruiters.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://s.company-target.com/ https://scaledagilenetwork.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://www.google.com/ https://www.google.com/ads/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://cdn.vidyard.com/ https://cdn.vidyard.com/thumbnails/18287566/TcTilRh6vhdyHxZi9F4VIQ.png https://play.vidyard.com/ https://id.rlcdn.com/ https://b.6sc.co/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.linkedin.com/* https://go.scaledagile.com/ https://www.googletagmanager.com/ https://segments.company-target.com/ https://scaledagile.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://scaledagilenetwork.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; 1 default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com t.co/i/adsct cf.zortrax.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com www.googletagmanager.com *.upviral.com ;connect-src 'self' bd1.zortrax.com stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com www.google.com ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1 default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-Sk7KR+1V6UjBktxZ' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js bat.bing.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net bat.bing.net adservice.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.* bat.bing.net ad.doubleclick.net adservice.google.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl www.googletagmanager.com player.springcast.app;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 block-all-mixed-content; frame-ancestors 'self' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.gsb.bund.de; media-src 'self' *.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1 default-src 'self'; img-src 'self' 1 base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://*.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-pvbqm6mav-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com fonts.googleapis.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio;frame-src 'self' https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1 default-src 'self'; frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com https://forms.hsforms.com; frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://vmecharttest3 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://maps.googleapis.com https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://vmecharttest3 https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com; font-src 'self' https://fonts.gstatic.com https://code.jquery.com; form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com; img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://maps.gstatic.com https://hyropublic.blob.core.windows.net https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com https://www.google.com https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com; connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net wss://web.hyro.ws/widget-client https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://app.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com; object-src 'none'; base-uri 'self'; media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.googleapis.com https://cdn.addevent.com https://platform.twitter.com embed.aidaform.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://partner.googleadservices.com https://*.list-manage.com https://*.clarity.ms https://c.bing.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.google.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net https://cdn-images.mailchimp.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://flo.uri.sh https://api.mapbox.com https://app.powerbi.com https://data.humdata.org https://drive.google.com calendar.google.com https://www.youtube.com https://datawrapper.dwcdn.net https://teamup.com https://lookerstudio.google.com https://experience.arcgis.com https://public.tableau.com https://rrmniger.azurewebsites.net/ *.unocha.org https://*.addevent.com https://cdn.knightlab.com https://dashboards.impact-initiatives.org https://docs.google.com https://e.infogram.com https://jmmi-northernsyria.shinyapps.io https://logie.logcluster.org https://m.facebook.com https://miro.com https://spxih.mjt.lu https://turkiyeeq.thedeep.io https://ukraine.servicesadvisor.net https://unhcr.carto.com https://www.arcgis.com https://www.facebook.com https://rwsupport.aidaform.com https://analytics.wfp.org *.un.org https://cdnapisec.kaltura.com https://vimeo.com https://player.vimeo.com https://ukraine.servicesadvisor.net https://*.kobotoolbox.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 img-src 'self' *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://app.usercentrics.eu https://accelerator.extern.hmmh.io https://piwik.norma-online.de https://c.clarity.ms https://www.facebook.com/ https://c.bing.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://piwik.norma-online.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.clarity.ms https://connect.facebook.net/ https://c.bing.com blob:; object-src 'none'; font-src 'self'; 1 frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://js.cdn.applicationinsights.io https://js.cdn.monitor.azure.com *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src-attr 'self' data: 'unsafe-inline' 'unsafe-eval' *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://embed.typeform.com/ www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://cdn.optimizely.com *.siteimproveanalytics.io *.linkedin.com *.cookiebot.com *.vimeocdn.com maps.googleapis.com maps.gstatic.com https://*.google-analytics.com www.gstatic.com videoapi-sprites.vimeocdn.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: www.taylorwessing.com taylorwessing.com *.taylorwessing.com *.podigee-cdn.net fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' https://js.monitor.azure.com https://dc.services.visualstudio.com www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://logx.optimizely.com https://*.optimizely.com idx.liadm.com *.doubleclick.net *.linkedin.com cdn.linkedin.oribi.io consentcdn.cookiebot.com maps.googleapis.com www.google-analytics.com player-telemetry.vimeo.com region1.google-analytics.com 132vod-adaptive.akamaized.net 62vod-adaptive.akamaized.net *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' www.taylorwessing.com taylorwessing.com *.taylorwessing.com blob:; object-src 'none'; frame-src 'self' https://chart-studio.plotly.com https://*.doubleclick.net www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://a27617570016.cdn.optimizely.com https://a27617570016.cdn-pci.optimizely.com cdn.yoshki.com form.typeform.com tw.bryter.io *.podigee.io *.podigee-cdn.net *.newsmailservice.de *.soundcloud.com *.podcasts.apple.com *.spotify.com *.fliplet.com sites-taylor-wessing.vuturevx.com v6.newsmailservice.de app.livestorm.co *.buzzsprout.com consentcdn.cookiebot.com player.vimeo.com www.google.com *.youtube.com taylorwessing.foleon.com datastudio.google.com lookerstudio.google.com https://www.googletagmanager.com; worker-src 'self'; frame-ancestors 'self'; report-uri https://taylorwessing.report-uri.com/r/d/csp/enforce; report-to https://taylorwessing.report-uri.com/r/d/csp/wizard 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de cdnjs.cloudflare.com; object-src 'self' multimedia.gsb.bund.de download.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de download.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de multimedia.gsb.bund.de download.gsb.bund.de cdnjs.cloudflare.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 frame-ancestors *.scaledrone.com 1 frame-ancestors 'self' forms.saib.com.sa *.saib.com.sa; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1 allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1 default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allpeoplequilt.com 1 default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' http://*.usercentrics.eu:* https://*.usercentrics.eu:* http://*.usercentrics.eu https://*.usercentrics.eu wss://*.usercentrics.eu 'unsafe-inline' https://*.yoast.com; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob: https://*.reactful.com http://*.reactful.com; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1 default-src 'self' https://www.googletagmanager.com https://connect.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.userway.org https://cdn.gtranslate.net https://cdn.agentbot.net https://static.addtoany.com https://cdn.jsdelivr.net https://www.youtube.com https://vimeo.com https://player.vimeo.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://d335luupugsy2.cloudfront.net https://www.facebook.com https://*.facebook.net https://*.fbcdn.net https://snap.licdn.com/ https://avi-web-scripts.s3.us-east-1.amazonaws.com https://avi.unisabana.edu.co; object-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.userway.org https://static.canva.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com; img-src 'self' 'unsafe-inline' https://usabana.widen.net https://cdn.gtranslate.net https://objectstorage.us-ashburn-1.oraclecloud.com https://cdn.userway.org data: https://cdn.jsdelivr.net https://previews.us-east-1.widencdn.net https://i.ytimg.com https: blob: https://static.canva.com; media-src 'self' 'unsafe-eval' https://agentcore.s3.amazonaws.com https://usabana.widen.net https://previews.us-east-1.widencdn.net https://youtu.be https://www.youtube.com https://vimeo.com https://player.vimeo.com data: https: blob: https://static.canva.com; frame-src 'self' https://static.addtoany.com https://cdn.userway.org https://www.youtube.com https://online.flippingbook.com https://formconnector.com https://view.genially.com https://vimeo.com https://player.vimeo.com https://www.google.com https://canvateam.zendesk.com https://phoenix.canva.com https://www.canva-iris.com https://www.canva.com https://app.powerbi.com https://view.genial.ly https://w.soundcloud.com https://www.googletagmanager.com https://td.doubleclick.net https://calendar.google.com https://google.com https://live.unisabana.edu.co/ https://avi.unisabana.edu.co/; frame-ancestors 'self' https://unisabanastartstage.prod.acquia-sites.com; child-src 'self' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org data: https: https://static.canva.com; connect-src 'self' https://adapter.aivo.co https://api.userway.org https://cdn.userway.org https: data: wss: https://o13855.ingest.sentry.io https://telemetry.canva.com/v1/traces https://translate-pa.googleapis.com/v1/translateHtml https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0; upgrade-insecure-requests 1 default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com www.kununu.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com intermezzo-coop.eu:* *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io; upgrade-insecure-requests 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com *.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://img.youtube.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com translate-pa.googleapis.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com player.vimeo.com; 1 default-src 'none'; block-all-mixed-content; connect-src 'self' *.abtasty.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.infra-hellowork.com *.nr-data.net *.regionsjob.com *.twitter.com bat.bing.com bat.bing.net cdn.jsdelivr.net/gh/magma-app/magma-widget@latest/src/widget-v3.min.js googleads.g.doubleclick.net vimeo.com; font-src 'self' fonts.cdnfonts.com/s/14903/ *.abtasty.com; frame-ancestors 'self'; frame-src 'self' *.abtasty.com *.francetv.fr *.googletagmanager.com *.instagram.com *.linkedin.com *.magma.app *.podcasts.apple.com *.slideshare.net *.soundcloud.com *.tiktok.com *.ttwstatic.com *.twitter.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.youtube.br *.youtube.com td.doubleclick.net; img-src 'self' data: *.abtasty.com *.facebook.com *.hellowork.com *.osm.org *.twitter.com diplomeo-static.com bat.bing.com bat.bing.net diplomeo.com local:// https://i.hellowork.com *.tile.openstreetmap.fr *.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.aticdn.net *.dev-hellowork.com *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleadservices.com *.infra-hellowork.com *.hellowork.com *.regionsjob.com *.tiktok.com *.ttwstatic.com *.twitter.com *.instagram.com bat.bing.com bat.bing.net; style-src 'self' 'unsafe-inline' *.abtasty.com *.hellowork.com *.ttwstatic.com fonts.cdnfonts.com/css/sofia-pro 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1 frame-ancestors 'self' https://twitter.com; 1 default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-ea42326bb96f5eab46ea1673a5898e85' 'nonce-6966842bd95735fa14b8b6decf9e4982' 'nonce-c993bf9b7011ebdd0ed89b7a163a3bc2' 'nonce-bacbf58c45fdd27036d3a06eadd0fac3' 'nonce-844065cf4478db92ff195cf2b99927ad' 'nonce-b853a6efd00548d6be372eddd16ddbc7' 'nonce-8c79e17e86432a4df32b9d3eeb664af0' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ea42326bb96f5eab46ea1673a5898e85' 'nonce-6966842bd95735fa14b8b6decf9e4982' 'nonce-c993bf9b7011ebdd0ed89b7a163a3bc2' 'nonce-bacbf58c45fdd27036d3a06eadd0fac3' 'nonce-844065cf4478db92ff195cf2b99927ad' 'nonce-b853a6efd00548d6be372eddd16ddbc7' 'nonce-8c79e17e86432a4df32b9d3eeb664af0' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-95c82e9adb97ab1f4e82a2503925b9e0' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-95c82e9adb97ab1f4e82a2503925b9e0' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://fonts.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://stats.g.doubleclick.net https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1 default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.google-analytics.com https://*.googleapis.com https://checkout.stripe.com https://api.stripe.com https://*.ads.linkedin.com; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com https://px.ads.linkedin.com https://www.linkedin.com/px; object-src https://s3-eu-west-1.amazonaws.com/catapush-cdn/; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://checkout.stripe.com https://js.stripe.com https://js.hsforms.net/forms/v2.js https://snap.licdn.com https://*.ads.linkedin.com 'report-sample' 'unsafe-inline' 'nonce-I+hGbL6UMhaeyxVh4xJZFQ=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1 default-src 'self' dock.ui.bosch.tech vars.hotjar.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com; font-src 'self' *.bosch-pt.com bosch-pt.com www.bosch-pt.com *.bosch-professional.com ; object-src data: 'self'; img-src https: data:; style-src 'self' ptlegalpagesnew.kittelberger.net *.bosch-pt.com bosch-pt.com *.bosch-professional.com 'unsafe-inline'; script-src https: http://www.bosch-pt.com 'unsafe-inline' 'unsafe-eval'; connect-src https: search.internet.bosch.com wss://*.hotjar.com; script-src-elem https: http: 'unsafe-inline' *.bosch-pt.com 1 upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com fundingchoicesmessages.google.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1 frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live pl.team.live ar.team.live tr.team.live; 1 default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data: 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://gtm.zone-secure.net https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/ *.woosmap.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.googletagmanager.com *.google.com *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com *.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com *.centrakor.com https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io *.woosmap.com https://purecatamphetamine.github.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com *.google.com *.googletagmanager.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/ https://service.zone-secure.net/ *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.googletagmanager.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com;base-uri 'self';media-src 'self' data: *.flbx.io;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one *.contentsquare.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se audience.ws.apsis.one *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.genially.com view.genially.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.genially.com view.genially.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/ https://public.tableau.com public.tableau.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1 default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1 upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; 1 default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-79268df141332fbb2f60675a9cfc0a2f' 'nonce-1b2721542f73a43842419aff6ab0be46' 'nonce-47a16e415de78e711368435a36a4da62' 'nonce-f9f1b2244ed0cf292eea0dcc2fd4e81b' 'nonce-99cbe20d61c17ae62cb82d7bcc3bee76' 'nonce-b13e4c3e3243a0163da7ef8223fe65f2' 'nonce-2a450d2874cdf28fe6e28f9d98ae189b' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-79268df141332fbb2f60675a9cfc0a2f' 'nonce-1b2721542f73a43842419aff6ab0be46' 'nonce-47a16e415de78e711368435a36a4da62' 'nonce-f9f1b2244ed0cf292eea0dcc2fd4e81b' 'nonce-99cbe20d61c17ae62cb82d7bcc3bee76' 'nonce-b13e4c3e3243a0163da7ef8223fe65f2' 'nonce-2a450d2874cdf28fe6e28f9d98ae189b' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1 default-src 'none'; block-all-mixed-content; connect-src 'self' neopay.online www.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.lt *.doubleclick.net cdn.jsdelivr.net *.pipedrive.com www.googleadservices.com; font-src 'self' neopay.online fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net assets.neopay.online *.pipedrive.com maxcdn.bootstrapcdn.com; form-action 'self' neopay.online; frame-ancestors 'self' neopay.online *.neopay.online neopay.lt *.neopay.lt; frame-src 'self' neopay.online www.googletagmanager.com *.google.com *.google.lt *.doubleclick.net; img-src 'self' neopay.online data: assets.neopay.online assets.neopay.lt cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.pipedrive.com www.gstatic.com *.google.com *.google.lt *.doubleclick.net; manifest-src 'self' neopay.online; object-src data:; script-src 'self' neopay.online cdn.jsdelivr.net ajax.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.cookie-script.com www.googletagmanager.com cdn.ampproject.org *.googlesyndication.com *.google-analytics.com *.google.com *.google.lt www.gstatic.com www.googleadservices.com *.pipedrive.com 'unsafe-inline'; style-src 'self' neopay.online fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdn.cookie-script.com *.pipedrive.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com assets.neopay.online 'unsafe-inline' 1 base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self' *;frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1 default-src 'self' 'unsafe-inline' https://data.fiawec.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com http://fiawec.lmem-pp.6tm.eu https://fiawec.com https://hatscripts.github.io https://static.rolex.com https://www.youtube.com https://storage.googleapis.com https://www.fiawec.com https://i.ytimg.com https://www.youtube.com http://www.youtube.com https://play.google.com data: https://*.cdninstagram.com https://www.googletagmanager.com https://sdk.privacy-center.org https://api.privacy-center.org; block-all-mixed-content; connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com; frame-ancestors 'self'; img-src 'self' https://www.youtube.com http://www.youtube.com https://play.google.com https://sdk.privacy-center.org https://api.privacy-center.org https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' https://i.ytimg.com https://storage.googleapis.com https://*.cdninstagram.com data:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.youtube.com http://www.youtube.com https://play.google.com https://sdk.privacy-center.org https://api.privacy-center.org https://www.googletagmanager.com https://www.google-analytics.com 1 default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1 default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io calendly.com *.calendly.com *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr *.youtube.com *.vimeo.com *.atlantic.fr *.cookiebot.com *.doubleclick.net *.vectary.com *.instagram.com *.facebook.com *.cdninstagram.com *.googletagmanager.com *.pinterest.com calendly.com *.calendly.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.pinterest.com *.googletagmanager.com *.groupe-atlantic.com *.cookiebot.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.google-analytics.com *.soyooz.com *.mxpnl.com code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com googleads.g.doubleclick.net *.facebook.net *.tradelab.fr *.pinimg.com *.inbenta.services *.inbenta.io calendly.com *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.calendly.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com 1 default-src 'self'; frame-src 'self' https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://studio.eu.screencloud.com/ https://screencloud.com/ https://cdn.tickettailor.com/js/widgets/min/widget.js *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.webspellchecker.net/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://studio.eu.screencloud.com/ https://screencloud.com/ *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://translate-pa.googleapis.com/ https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.analytics.google.com/ https://www.doctify.com/ *.webspellchecker.net/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 object-src 'none'; frame-ancestors *; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1 base-uri 'none';child-src 'none';connect-src 'self' https://www.facebook.com https://www.google.com https://www.google.com.ar https://www.google-analytics.com https://analytics.google.com http://static.ads-twitter.com http://script.crazyegg.com http://onelinksmartscript.appsflyer.com https://*.amplitude.com https://www.googletagmanager.com https://facebook.net https://analytics.tiktok.com https://map-handler.qa.playdigital.com.ar https://stats.g.doubleclick.net https://tracking.crazyegg.com https://*.crazyegg.com https://go.botmaker.com https://cdn.freshbots.ai https://www.freshbots.ai https://m-infra.appspot.com wss://ws.botmaker.com *.freshbots.ai *.crazyegg.com *.botmaker.com *.googleapis.com *.playdigital.com.ar *.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;form-action 'self';frame-ancestors *;frame-src https://*.doubleclick.net https://*.modo.com.ar https://www.googletagmanager.com/;img-src 'self' data: www.afip.gob.ar www.argentina.gob.ar modo.onelink.me *.playdigital.com.ar https://t.co https://analytics.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://assets.mobile.preprod.playdigital.com.ar https://assets.mobile.qa.playdigital.com.ar https://assets.mobile.develop.playdigital.com.ar https://assets.mobile.playdigital.com.ar https://s3.amazonaws.com https://www.google.com a.storyblok.com www.google.com.ar www.facebook.com storage.googleapis.com www.googletagmanager.com *.doubleclick.net;manifest-src 'self';media-src https://storage.googleapis.com *.playdigital.com.ar *.googleapis.com;object-src https://amplitude.com;prefetch-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://connect.facebook.net https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com https://www.googleadservices.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.freshbots.ai;worker-src 'self' *.modo.com.ar blob:;script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com;report-uri /api/reporting;report-to /api/reporting; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-vy47dbvQgiF2AR8fHySHmNcdQW8Qu44P' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/*; connect-src 'self' *.thelinuxfoundation.org *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net *.google-analytics.com *.gstatic.com *.google.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com *.youtube.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/fbevents.js comparison.go2jump.org/aff_goal bat.bing.com analytics.tiktok.com kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com cdn.sajari.net cdn.sajari.com analytics.twitter.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com assets.adobedtm.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; http://dtwebsite2.datatoolscloud.net.au; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com global.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' * blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1 default src 1 default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de web.cmp.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: uct.service.usercentrics.eu app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' web.cmp.usercentrics.eu app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1 base-uri 'none';connect-src 'self' http://localhost:3001 http://127.0.0.1:3001 *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se *.oresundsbron.com *.adnxs.com *.strossle.com;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com *.strossle.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com;worker-src 'self'; 1 frame-src spasibosberbank.ru new.spasibosberbank.ru 1 default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com *.twitter.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.instagram.com *.cdninstagram.com *.bund.de *.bundesbots.de https://twemoji.maxcdn.com https://pbs.twimg.com https://cdn.jsdelivr.net https://www.kununu.com https://assets.kununu.com; frame-ancestors 'self'; 1 default-src 'self' ; script-src 'self' 1 default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-c188181af2e89905fe4b75ecb94d7b32' 'nonce-b0686361fd613b119783bd2a4d92cdf6' 'nonce-bd916e73a3f1d1bc9ee36328aa1a5758' 'nonce-11229cfaa317296097d0ae4cdef887cf' 'nonce-06b0c95855a7c7d86d63c8ba54c3d43d' 'nonce-2b51010667f922958b19e4dec31183ff' 'nonce-4b2e547f16f27848874e65633376a870' 'nonce-dfead5794e6e413df40f034869039e27' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-c188181af2e89905fe4b75ecb94d7b32' 'nonce-b0686361fd613b119783bd2a4d92cdf6' 'nonce-bd916e73a3f1d1bc9ee36328aa1a5758' 'nonce-11229cfaa317296097d0ae4cdef887cf' 'nonce-06b0c95855a7c7d86d63c8ba54c3d43d' 'nonce-2b51010667f922958b19e4dec31183ff' 'nonce-4b2e547f16f27848874e65633376a870' 'nonce-dfead5794e6e413df40f034869039e27' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1 allow 'self'; options inline-script eval-script 1 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://*.hs-koblenz.de https://player.vimeo.com https://www.google.com; style-src 'self' 'unsafe-inline'; default-src https://*.hs-koblenz.de 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data:; script-src https://*.hs-koblenz.de 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' https://*.tile.openstreetmap.de data: 'self'; 1 default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de *.immoviewer.com 'unsafe-inline' 1 default-src 'self'; child-src data: blob:; connect-src 'self' *.aticdn.net *.cdnbasket.net *.cookiebot.com *.googleapis.com *.hotjar.com *.hotjar.io *.onconnect-coach.3slab.fr *.payline.com *.suez.com *.xiti.com apisimulator.toutsurmoneau.test bam.eu01.nr-data.net bam.nr-data.net data.gouv.nc ids.cdnwidget.com payline.com smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net stats.g.doubleclick.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com wss://*.hotjar.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io; font-src 'self' data: *.hotjar.com *.payline.com *.suez.com fonts.gstatic.com maxcdn.bootstrapcdn.com payline.com smartsolution-onconnectcoach.azureedge.net *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-ancestors 'self' https://eco-gagnant-recette.stellio.io/ https://eco-gagnant.cud.fr https://seleniumbase.io/; frame-src 'self' data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com *.qualtrics.com *.cloudflare.com; img-src 'self' data: blob: *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.hotjar.com *.payline.com *.suez.com *.youtube-nocookie.com *.youtube.com api.cabestan.com cdn1.iconfinder.com cloudfront.net maps.googleapis.com maps.gstatic.com payline.com smartsolution-onconnectcoach.azureedge.net www.googletagmanager.com *.suez.com *.cookiebot.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ati-host.net *.aticdn.net *.atinternet-solutions.com *.atinternet.com *.atinternet.io *.bootstrapcdn.com *.capadresse.com *.capadresse.com:2814 *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.google.com *.google.com/maps *.hotjar.com *.js-agent.newrelic.com *.newrelic.com *.onconnect-coach.3slab.fr *.payline.com *.piano.io *.suez.com *.xiti.com ajax.cloudflare.com api.cabestan.com apisimulator.toutsurmoneau.test bam.nr-data.net capadresse.apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 code.jquery.com maps.googleapis.com payline.com smartsolution-smartcoach.azureedge.net suez-eau-france.dimelochat.com ws.livingactor.com www.googletagmanager.com www.gstatic.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test *.cloudflare.com cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.hotjar.com *.payline.com *.suez.com fonts.googleapis.com payline.com smartsolution-smartcoach.azureedge.net www.gstatic.com *.googleapis.com *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io; worker-src blob: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/ https://hcaptcha.com/; img-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://media.giphy.com/ https://*.tile.openstreetmap.org/ https://*.hcaptcha.com/; object-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/ https://hcaptcha.com/; frame-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/ https://hcaptcha.com/; 1 connect-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://api.carrotquest.app/ https://api.carrottrack.app/ https://rts-v2.carrotquest.app/ wss://rts-v2.carrotquest.app/ https://tracker.comagic.ru/ https://stats.g.doubleclick.net;default-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://tracker.comagic.ru https://stats.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://maps.google.com http://bitrix.info https://connect.facebook.net https://*.gstatic.com:* https://*.googleapis.com https://www.google.ru https://*.googleadservices.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.maps.yandex.net https://cdnjs.cloudflare.com https://app.comagic.ru https://cllctr.roistat.com/ https://cloud.roistat.com/ https://cdn.jsdelivr.net/ https://cdn.carrotquest.app/ https://use.fontawesome.com/ https://www.google.com/recaptcha/ https://yastatic.net:*;style-src 'self' 'unsafe-inline' data: https://mc.yandex.ru:* https://*.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.jsdelivr.net https://*.gstatic.com:*;img-src 'self' data: https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app/ blob: https://*.maps.yandex.net;font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.carrotquest.app/ https://*.gstatic.com:*;frame-src 'self' data: https://*.youtube.com https://*.youtu.be https://*.yandex.ru https://yandex.ru https://mc.yandex.ru/ https://www.google.com https://*.youtube-nocookie.com;base-uri 'self';form-action 'self' data: ; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-GKpKzQXRxNkE5xgSR8d7Wn8eLifgaeTD' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1 default-src 'self'; script-src 'self' 'nonce-zUZvwrCcLHqcBG8TDc06+WiQ10eZPra0ea3Jg5liTaQ=' 'unsafe-inline' koop.piwik.pro; connect-src 'self' 'nonce-zUZvwrCcLHqcBG8TDc06+WiQ10eZPra0ea3Jg5liTaQ=' 'unsafe-inline' koop.piwik.pro; img-src 'self' koop.piwik.pro; style-src 'self' 'nonce-zUZvwrCcLHqcBG8TDc06+WiQ10eZPra0ea3Jg5liTaQ=' 'unsafe-inline'; frame-src 'self' data: koop.piwik.pro; frame-ancestors 'self'; 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' *.sessioncam.com *.cloudfront.net *.snapchat.com *.cookielaw.org *.tintup.com *.snapchat.com *.amazon-adsystem.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.googleapis.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.betrad.com *.youtube.com *.evidon.com *.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net *.doubleclick.net *.hypemarks.com *.gstatic.com *.krxd.net *.adimo.co *.bazaarvoice.com *.iesnare.com *.googleadservices.com *.hotjar.com *.pricespider.com *.yahoo.com *.doubleclick.net *.hotjar.com *.nestle.co.uk *.google.com *.googleoptimize.com *.adsrvr.org *.gbqofs.com *.usabilla.com:* *.fusepump.com:* bam.nr-data.net:* *.locate.com:* *.mapbox.com:* *.pricespider.com:* *.sc-static.net *.snapchat.com *.tintup.com *.sc-static.net tintup.com:* sc-static.net:* *.cookielaw.org *.googletagmanager.com:* *.amazon-adsystem.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.addtoany.com *.jsdelivr.net *.cloudflare.com *.pinterest.com *.pinimg.com *.brightcove.net; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com *.typography.com *.google.com *.fontawesome.com *.nestle.co.uk *.pricespider.com:* *.mapbox.com:* *.cloudfront.net *.salesforce.com *.bazaarvoice.com *.adimo.co; img-src 'self' 'unsafe-inline' https: data: blob: *.googleapis.com *.gstatic.com *.cloudflare.com *.semasio.net *.sessioncam.com *.cloudfront.net *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.krxd.net *.starbucksathome.com *.adimo.co *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com *.google.co.in google-analytics.com *.google.com *.pantheonsite.io *.cookielaw.org *.pricespider.com:* *.adsrvr.org:* *.google.com *.google-analytics.com *.usabilla.com *.demdex.net *.yahoo.com *.bluekai.com *.imrworldwide.com *.sharethrough.com *.truoptik.com *.dotomi.com *.insightexpressai.com *.ml314.com *.amazon-adsystem.com *.googletagmanager.com *.eb2.3lift.com *.dr.mookie1.com *.track2.securedvisit.com *.mid.rkdms.com *.eb2.3lift.com; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; frame-src 'self' *.addtoany.com *.youtube.com *.evidon.com *.fls.doubleclick.net *.youtube-nocookie.com *.hypemarks.com *.fusepump.com *.google.com *.krxd.net l3.evidon.com *.adimo.co *.bazaarvoice.com *.netsuite.com *.hotjar.com *.doubleclick.net *.netsuite.com *.flashtalking.com *.google.com *.tintup.com *.amazon-adsystem.com *.facebook.com *.adsrvr.org *.salesforce.com *.snapchat.com *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.pinterest.com *.adsrvr.org *.googletagmanager.com *.usabilla.com https://starbucks.jebbit.com/; frame-ancestors 'self' *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.hypemarks.com *.usabilla.com https://starbucks.jebbit.com/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com http://live-dig0028606-coffee-starbucks-usa.pantheonsite.io https://live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io https.live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io blob:;; font-src 'self' data: *.gstatic.com *.fontawesome.com *.cloudflare.com; connect-src 'self' *.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.analyze.ly *.serving-sys.com *.doubleclick.net *.iriworldwide.com *.bazaarvoice.com *.hotjar.io *.nr-data.net *.bing.com *.nestle.gbqofs.io *.pricespider.com:* *.mapbox.com:* *.usabilla.com *.google-analytics.com *.clarity.ms *.tintup.com *.amazonaws.com *.snapchat.com *.cookielaw.org *.onetrust.com *.bam.nr-data.net bam.nr-data.net:* *.pinterest.com *.google.com *.google-analytics.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com 1 frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1 frame-ancestors 'self' https://journeokioskcontent.azurewebsites.net/; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-L57OOCbONTged9mV4dGVdXpQmqnOzS2V' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src \'self\'; img-src *; media-src * data:; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 connect-src 'self' *.getnitropack.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.cloudfront.net * *.hscollectedforms.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net *.gstatic.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.gstatic.com *.bootstrapcdn.com ; frame-src videosuite-player.vercel.app www.googletagmanager.com swiftcdn6.global.ssl.fastly.net px4.ads.linkedin.com blob: player.vimeo.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net www.google.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.hs-sites.com js.hubspot.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' i-fast.b-cdn.net cdn.cookielaw.org px4.ads.linkedin.com swiftcdn6.global.ssl.fastly.net www.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org cdn.usefathom.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.hsforms.com *.hubspot.com *.hsappstatic.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org; script-src 'self' 'unsafe-inline' videosuite-player-wrapper.vercel.app js.hubspot.com js.hsadspixel.net cdn.cookielaw.org vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net geolocation.onetrust.com *.hubspot.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' videosuite-player-wrapper.vercel.app js.hubspot.com js.hsadspixel.net cdn.cookielaw.org vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net geolocation.onetrust.com *.hubspot.com data* *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self' 'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net data* *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net data* *.googleapis.com *.gstatic.com ; worker-src blob:; upgrade-insecure-requests; 1 default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self' 'unsafe-inline' *.interiorhealth.ca fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1 default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-scripts.com https://app.privally.global; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com https://www.googletagmanager.com/; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1 default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com fonts.googleapis.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.qenta.com; navigate-to 'self' https: 1 default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1 default-src 'self' data: https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self' https://ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: https://*.ckeditor.com https://*.hotjar.com https://*.hotjar.io https://*.teads.tv https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://maps.googleapis.com https://p1.zemanta.com https://region1.analytics.google.com https://region1.google-analytics.com https://static1.r66net.com https://stats.g.doubleclick.net; frame-src 'self' https://*.doubleclick.net https://*.greenconnected.fr https://bonusqualirepar.ecosystem.eco https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://ecosystemfrance.qualtrics.com https://form.jotform.com https://insight.adsrvr.org https://match.adsrvr.org https://page.ecosystem.eco https://portail-reparateurs.ecosystem.eco https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://extranet.corepile.net; img-src 'self' data: https://*.doubleclick.net https://*.ecosystem.eco https://*.teads.tv https://6745d80ec3904300272752ef.tracker.adotmob.com https://img.youtube.com https://imgsct.cookiebot.com https://insight.adsrvr.org https://jedonnemontelephone.fr https://ks1.b26net.com https://ks1.invibes.com https://maps.googleapis.com https://maps.gstatic.com https://p1.zemanta.com https://track.adform.net https://www.google.fr https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://*.ecosystem.eco; object-src 'none'; script-src 'unsafe-inline' 'self' https://*.hotjar.com https://cdn.datatables.net https://cdn.matomo.cloud https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://fonts.googleapis.com https://insight.adsrvr.org https://js-tag.zemanta.com https://js.adsrvr.org https://k.r66net.com https://maps.googleapis.com https://p.teads.tv https://s2.adform.net https://static.r66net.net https://track.adform.net https://www.googletagmanager.com https://www.youtube.com; style-src 'unsafe-inline' 'self' https://cdn.datatables.net https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'none' 1 default-src 'self'; script-src 'self'; img-src 'self' 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; font-src 'self' data: *.googleapis.com *.gstatic.com use.typekit.net; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com analytics.imirwin.com partner.googleservices.com partner.googleadservices.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com *.gstatic.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.google.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com td.doubleclick.net syndicatedsearch.goog;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com analytics.imirwin.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1 child-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru ; connect-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru wss://coapi.myoffice.team data:; font-src 'self' data: cdn.myoffice.team boards.myoffice.team; frame-ancestors auth.myoffice.team boards.myoffice.team cdn.myoffice.team docs.myoffice.team files.myoffice.team links.myoffice.team mail.myoffice.team im.ncloudtech.ru im.ncloudtech.ru; frame-src 'self' blob: coapi.myoffice.team auth.myoffice.team boards.myoffice.team cdn.myoffice.team docs.myoffice.team links.myoffice.team crash-reports.myoffice.ru mail.myoffice.team im.ncloudtech.ru im.ncloudtech.ru; img-src 'self' data: blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru ; media-src 'self' blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru ; object-src 'self' blob: coapi.myoffice.team; report-uri https://coapi.myoffice.team/csp-report; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.myoffice.team boards.myoffice.team; style-src 'self' 'unsafe-inline' cdn.myoffice.team boards.myoffice.team; default-src 'none' 1 default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com pagead2.googlesyndication.com www.google.com www.googletagmanager.com www.googleadservices.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ blog.clickandboat.com blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.doubleclick.net secure.adnxs.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk www.google.com.co www.google.com.do *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com browser.sentry-cdn.com 'unsafe-inline' 'nonce-a3+KCWQFjVgJeurHhoUXDw=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; report-uri https://o417216.ingest.us.sentry.io/api/4506020607492097/security/?sentry_key=3c14ba189cc8cb536d95fb1b6fe67298 1 child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com google.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com www.linkedin.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net analytics.ahrefs.com 1 default-src 'self';img-src *; script-src *; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.snapchat.com snapchat.com *.medallia.eu medallia.eu *.tealiumiq.com tealiumiq.com; frame-src 'self' directus.br.extranet.addmore.cloud test.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com *.snapchat.com snapchat.com *.googletagmanager.com googletagmanager.com; img-src 'self' data: 'unsafe-inline' test.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com *.bing.net bing.net maps.gstatic.com *.googletagmanager.com googletagmanager.com; media-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com *.sc-static.net sc-static.net *.snapchat.com snapchat.com; worker-src 'self' blob: 1 default-src 'self' https; connect-src 'self' https://dc.services.visualstudio.com https://attach.ukpowernetworks.co.uk https://*.go-mpulse.net https://*.akstat.io/ https://*.akamaihd.net/ www.google-analytics.com region1.google-analytics.com https://apikeys.civiccomputing.com/c/v https://in.hotjar.com/ https://vc.hotjar.io https://clapi.civiccomputing.com/ stats.g.doubleclick.net https://translate.googleapis.com https://maps.googleapis.com https://api.what3words.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://*.applicationinsights.azure.com https://*.azurewebsites.net https://graph.microsoft.com/ https://*.tangentlabs.co.uk https://col.site24x7rum.eu https://l.sharethis.com https://platform.twitter.com/widgets.js https://connect.facebook.net https://api.reciteme.com https://stats.reciteme.com https://speechstreamv3-webservices-8.texthelp.com/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.speechstream.net https://en.wikipedia.org/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://apps.parcelforce.com/sso/Home/IsAlive https://apps.parcelforce.com/sso/ https://static.queue-it.net 956e469338e2e6898c68816e7d5d70.4d.environment.api.powerplatform.com 122893fe7778e05ebe27d6a1abed5c.42.environment.api.powerplatform.com 0f561d2ccae5e5c6b9552edc1c9164.5b.environment.api.powerplatform.com europe.directline.botframework.com wss://europe.directline.botframework.com *.uk.omnichannelengagementhub.com eu-mobile.events.data.microsoft.com browser.pipe.aria.microsoft.com *.uk.communication.azure.com *.communication.microsoft.com *.trouter.teams.microsoft.com teams.microsoft.com/registrar/prod/v3/registrations prod.registrar.skype.com/v3/registrations wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com; font-src 'self' ukpn.local hello.myfonts.net data: https://*.blob.core.windows.net https://*.tangentlabs.co.uk fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk https://*.cdn.office.net; style-src 'self' 'unsafe-inline' ukpn.local https://*.blob.core.windows.net https://*.tangentlabs.co.uk fonts.googleapis.com https://fonts.googleapis.com https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net oc-cdn-public-gbr.azureedge.net/livechatwidget/v2public/styles/LiveChatWidgetFrame.css; script-src 'self' 'unsafe-eval' ukpn.local https://*.go-mpulse.net 'unsafe-inline' https://*.blob.core.windows.net https://*.tangentlabs.co.uk https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.googletagmanager.com/ns.html www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com script.hotjar.com static.hotjar.com http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js z.moatads.com https://translate.google.com/ https://translate.googleapis.com/ apis.google.com www.google.com www.gstatic.com maps.googleapis.com ajax.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://static.site24x7rum.eu https://widget.trustpilot.com https://t.sharethis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://graph.facebook.com https://www.youtube.com https://www.linkedin.com/ https://s.ytimg.com https://platform.twitter.com https://connect.facebook.net https://api.reciteme.com https://stats.reciteme.com https://*.speechstream.net https://wikisum.texthelp.com/ https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://ukpowernetworks.queue-it.net https://ukpowernetwork.queue-it.net https://static.queue-it.net/script/queueclient.min.js https://static.queue-it.net/script/queueconfigloader.min.js https://assets.queue-it.net cdn.botframework.com oc-cdn-public-gbr.azureedge.net/livechatwidget/scripts/LiveChatBootstrapper.js oc-cdn-public-gbr.azureedge.net/livechatwidget/v2scripts/LiveChatBootstrapper.js oc-cdn-public-gbr.azureedge.net https://grid.is; img-src 'self' data: https://api.umbraco.io https://media.umbraco.io https://img.youtube.com https://*.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://*.blob.core.windows.net www.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads https://translate.google.com maps.gstatic.com maps.googleapis.com https://www.google.com https://www.google.co.uk/ https://www.google.com/images/cleardot.gif https://www.gstatic.com fonts.googleapis.com apis.google.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://l.sharethis.com https://api.reciteme.com https://speechstreamv3-webservices-8.texthelp.com/ https://upload.wikimedia.org blob:; child-src 'self' https://www.googletagmanager.com/ns.html https://content.googleapis.com; frame-src 'self' https://powerupgames.z33.web.core.windows.net https://vars.hotjar.com https://powerupgames.z33.web.core.windows.net/hunt-the-hazards/story.html www.google.com *.google.com https://www.googletagmanager.com www.youtube.com www.linkedin.com https://widget.trustpilot.com http://t.sharethis.com https://platform-api.sharethis.com https://platform.twitter.com https://web.facebook.com/ https://www.facebook.com/ https://m.facebook.com/ https://api.reciteme.com https://*.speechstream.net web.powerva.microsoft.com https://956e469338e2e6898c68816e7d5d70.4d.environment.api.powerplatform.com https://122893fe7778e05ebe27d6a1abed5c.42.environment.api.powerplatform.com https://0f561d2ccae5e5c6b9552edc1c9164.5b.environment.api.powerplatform.com https://oc-cdn-public-gbr.azureedge.net/ https://comms.omnichannelengagementhub.com/ https://grid.is; object-src data:; worker-src blob:; media-src https://api.reciteme.com self https://*.speechstream.net data:; 1 default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com www.googleadservices.com crmweb.burkert.com cloud.ccm19.de snid.snitcher.com sst.burkert.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com googleads.g.doubleclick.net; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com cloud.ccm19.de; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net crmweb.burkert.com cloud.ccm19.de snid.snitcher.com sst.burkert.com; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com scnem2.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1 frame-ancestors https://*.portaltemponovo.com.br 1 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://www.buymusic.club wss://ws.hotjar.com https://*.hcaptcha.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors 'none'; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com https://www.googletagmanager.com/ https://td.doubleclick.net/; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com https://*.licdn.com https://*.snapchat.com 'nonce-mDIsE58kuTaqnXrH3ygkKA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1 default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1 block-all-mixed-content; upgrade-insecure-requests 1 allow *; options inline-script eval-script; frame-ancestors 'self'; 1 default-src 'none'; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1 default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src 'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1 frame-ancestors https://goloadup.com 1 default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrich.ai *.cookiebot.eu *.usemessages.com *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src *.nrich.ai *.usercentrics.eu *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.googletagmanager.com *.cookiebot.eu *.hubspot.com td.doubleclick.net ad.doubleclick.net *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.bing.com *.bing.net *.nrich.ai *.cookiebot.eu google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1 frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self'; 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1 script-src https://counter.simplybook.me https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-dbd3e675b775a745f951b3a61ed45c0e'; child-src blob: ; frame-src * 1 default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io imgsct.cookiebot.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net collector.leadinfo.net collector4.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net collector4.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 1 frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1 default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com https://*.juicer.io ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com https://*.sc-static.net https://*.bing.com https://*.ads-twitter.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com ;connect-src 'self' https://docs.google.com https://www.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co https://*.muchloved.com ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' 'unsafe-inline' data: ; 1 frame-ancestors https://deejay.de https://*.deejay.de https://vinylfuture.com https://*.vinylfuture.com; 1 upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1 base-uri 'none';child-src 'self' https://*.twitch.tv https://*.youtube.com;connect-src 'self' https://*.immutable.com https://cms.staging.gam3s.gg https://analytics.gam3s.gg https://metrics.gam3s.gg https://metrics.gam3s.gg/collect-alt https://staging.api.gam3s.gg/ http://localhost:3001/ http://localhost:3002/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://dev.api.polkastarter.gg/ https://api.twitch.tv https://cms.gam3s.gg http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.cookie3.co https://gam3s.featurebase.app https://*.thirdweb.com https://*.alchemy.com http://cdn.cpmstar.com wss://staging.api.gam3s.gg wss://api.gam3s.gg https://us.i.posthog.com https://us-assets.i.posthog.com https://*.posthog.com https://insights.gam3s.gg https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://*.walletconnect.com https://*.walletconnect.org wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://enhanced-provider.rainbow.me https://rpc.ankr.com;default-src 'self';font-src 'self' data: https://*.hotjar.com https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'self' https://*.gam3s.gg https://*.polkastarter.gg;frame-src 'self' * https://challenges.cloudflare.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.ads-twitter.com https://www.redditstatic.com https://connect.facebook.net https://gleam.io https://widget.gleamjs.io https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://*.hotjar.com https://*.cookie3.co https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://cdn.blockpass.org https://do.featurebase.app https://*.cpmstar.com https://metrics.gam3s.gg https://metrics.gam3s.gg/ingestion.js https://us.i.posthog.com https://us-assets.i.posthog.com https://*.posthog.com https://insights.gam3s.gg https://challenges.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://embed.typeform.com https://vercel.live/fonts https://do.featurebase.app https://*.posthog.com;worker-src 'self' blob:; 1 default-src 'self'; script-src 'self' blob *.amalgamatedbank.com *.go-mpulse.net bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com d21y75miwcfqoq.cloudfront.net; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; child-src blob: *.amalgamatedbank.com; font-src 'self' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.go-mpulse.net abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1 https://client.libertydentalplan.com; https://libertydentalplan.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.stripe.com/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.valued.app; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.valued.app 'unsafe-inline' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-jbA8VreA42SNzS8N9VHJ5N6pZWjqC2B/c/cBk+1diXE=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' https://api.recurly.com 'unsafe-inline'; report-uri /nelmio/csp/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com cdn.usefathom.com *.hotjar.com *.dotdigital-pages.com *.tiktok.com *.vimeo.com https: data:;style-src 'self' 'unsafe-inline' *.hotjar.com https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.googleadservices.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.vimeocdn.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com *.adnxs.com cdn.usefathom.com *.smooch.io wss://api.smooch.io *.hotjar.com *.hotjar.io wss://*.hotjar.com ct.pinterest.com pro.ip-api.com api.hellobar.com *.flippingbook.com *.tiktok.com *.bing.com *.convertexperiments.com data:;font-src 'self' static.tacdn.com *.gstatic.com assets.hootsuite.com *.hotjar.com my.hellobar.com *.tiktok.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net cdn.usefathom.com assets.hootsuite.com *.hotjar.com hi.hellobar.com px.gumgum.com *.flippingbook.com *.mapbox.com data:;frame-src 'self' *.vimeo.com vimeo.com *.vimeocdn.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net e.issuu.com ct.pinterest.com *.dotdigital-pages.com www.googletagmanager.com *.flippingbook.com ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1 default-src https: wss:; base-uri 'none'; font-src https: data:; img-src https: data:; script-src 'strict-dynamic' 'nonce-h1WLPCtlMREUcpJ/4Q/e2A=='; style-src https: 'unsafe-inline' 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1 base-uri 'self' ; child-src 'self' ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.youtube.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.youtube.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' s.w.org; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.youtube.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com; worker-src 'self' blob:; 1 default-src 'self'; base-uri 'self'; 1 default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org piwik.bzga.de; style-src 'self' 'unsafe-inline';font-src 'self' data:; media-src 'self' *.stage.bio; connect-src 'self' nominatim.openstreetmap.org ws://socket.stage.bio *.stage.bio piwik.bzga.de; img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de *.stage.bio; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:* https://form.jotform.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:* https://form.jotform.com:* https://submit.jotform.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' maps.googleapis.com e.issuu.com/embed.js embed.flickr.com https://js.stripe.com 'strict-dynamic' https: 'unsafe-eval' 'nonce-87f82d52fbfe0bbf91e4d0ee7bf74794'; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://sentry.issuu.com/api/ https://api.stripe.com data: blob:; img-src * data:; media-src * data:; frame-src e.issuu.com *.google.com player.vimeo.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' https://fonts.googleapis.com 'nonce-fd00332e7ed25f1135a434c42d1afc4c'; font-src * data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ; img-src 'self' data: blob: https://secure.gravatar.com; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1 script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' data: https://www.dw.com https://api.service-digitale-verwaltung.de https://events.click-around.systems/ https://ictp-trst-001.westeurope.cloudapp.azure.com/matomo/ https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; style-src https: 'unsafe-inline' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://www.instagram.com https://static.cdninstagram.com; frame-src 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de https://www.youtube-nocookie.com https://www.youtube.com https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; frame-ancestors 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de; 1 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://snazzymaps.com https://maps.googleapis.com https://player.vimeo.com https://api.ipdata.co https://*.ipdata.co https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://use.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://snazzymaps.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://*.warburgpincus.com *.warburgpincus.com https://warburgpincus.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://i.vimeocdn.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://snazzymaps.com https://player.vimeo.com https://maps.googleapis.com https://api.ipdata.co https://*.ipdata.co https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://snazzymaps.com https://player.vimeo.com https://maps.googleapis.com https://api.ipdata.co https://*.ipdata.co https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 connect-src 'self' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net use.typekit.net *.gstatic.com *.bootstrapcdn.com ; frame-src 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com player.vimeo.com owp.com www.youtube.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org player.vimeo.com; script-src 'self' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net code.jquery.com owp.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net code.jquery.com player.vimeo.com owp.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' 'unsafe-inline' owp.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net owp.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net p.typekit.net owp.com *.googleapis.com *.gstatic.com ; style-src-attr 'unsafe-inline' ; worker-src 'self' blob:; upgrade-insecure-requests; 1 default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl; frame-ancestors 'self' *.ufg.pl; 1 default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io https://s.pinimg.com https://*.pinterest.com https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.taboola.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self' *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io https://*.pinterest.com https://open.spotify.com *.fontawesome.com https://www.googletagmanager.com https://player.captivate.fm; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com https://ct.pinterest.com *.fontawesome.com https://*.cookiepro.com https://*.taboola.com; upgrade-insecure-requests 1 frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1 default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1 frame-ancestors 'self' aviloo--uat.sandbox.my.site.com site.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://polyfill.io *.google.com *.google.ad *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.ki *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net https://maps.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.google.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://snap.licdn.com https://polyfill.io/v3 https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' *.pumps.circor.com *.circor.com *.youtube.com *.vimeo.com https://js.stripe.com https://consentcdn.cookiebot.com *.doubleclick.net *.google.com https://circor.prod.acquia-sites.com; child-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; connect-src 'self' https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu https://px.ads.linkedin.com wss://ws.hotjar.com https://content.hotjar.io https://www.google.com https://*.google-analytics.com https://metrics.hotjar.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.analytics.google.com https://maps.googleapis.com; report-uri /report-csp-violation 1 default-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://includes.ccdc02.com/ https://songbird.cardinalcommerce.com/ https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://salesiq.zohopublic.com/ https://js.zohocdn.com/ https://static.zohocdn.com/; object-src 'self' style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/ https://css.zohocdn.com/ https://static.zohocdn.com/; img-src 'self' https://s3-sa-east-1.amazonaws.com/frame-image-br/ https://icon-library.com/ https://maps.gstatic.com/ https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ https://static.zohocdn.com/ https://us4-files.zohopublic.com/ https://css.zohocdn.com/ data:; media-src 'self' https://static.zdassets.com/ https://static.zohocdn.com/; frame-src 'self' https://centinelapi.cardinalcommerce.com/ https://3ds.seglan.com/ https://geo.cardinalcommerce.com/ https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/ https://salesiq.zohopublic.com/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/ https://css.zohocdn.com/; connect-src 'self' https://writer.cardinalcommerce.com/ https://centinelapi.cardinalcommerce.com/ https://kg668dbov0.execute-api.us-east-1.amazonaws.com/ wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/ https://maps.googleapis.com/ wss://vts.zohopublic.com/ https://salesiq.zohopublic.com https://in.hotjar.com/api/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://geo.cardinalcommerce.com/ https://3ds.seglan.com/ 1 default-src 'self' https://*.fbcdn.net https://*.cdninstagram.com; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com https://connect.facebook.net https://www.facebook.com https://audio7.audima.co blob: data:; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com https://api.cvortex.com https://backmenu.audima.co https://ka-f.fontawesome.com https://cdn.privacytools.com.br https://pt.wiktionary.org https://en.wiktionary.org https://es.wiktionary.org https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://menu.audima.co https://ka-f.fontawesome.com https://vlibras.gov.br https://cdn.jsdelivr.net https://fonts.bunny.net data:; form-action 'self' https://www.facebook.com https://wpmudev.com data:; frame-ancestors 'none'; frame-src https://www.gstatic.com https://www.google.com https://audio7.audima.co https://www.youtube.com https://open.spotify.com https://clarity.microsoft.com https://td.doubleclick.net/ blob:; img-src 'self' https://minervafoods.com https://vlibras.gov.br https://www.google.com.br https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net https://s.w.org https://claritystatic.blob.core.windows.net https://menu.audima.co https://2.gravatar.com https://*.cdninstagram.com data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://menu.audima.co https://audio7.audima.co https://kit.fontawesome.com https://www.youtube.com https://cdn.privacytools.com.br https://www.vlibras.gov.br https://unpkg.com https://clarity.microsoft.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.privacytools.com.br https://fonts.bunny.net 'unsafe-inline'; upgrade-insecure-requests 1 base-uri 'self'; child-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.feefo.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbankinggroup.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://ict.infinity-tracking.net/ https://insights.sitesearch360.com/ https://stats.g.doubleclick.net/ https://www.google.co.uk/ https://www.google.com/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' https://*.feefo.com/ https://*.paragonbankinggroup.co.uk/ https://*.surveymonkey.com/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://ict.infinity-tracking.net/ https://pagead2.googlesyndication.com/ https://snap.licdn.com/ https://unpkg.com/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://dev.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://register.feefo.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self' https://*.surveymonkey.com/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=JzkSr0n1mZeoexp7QAQq7NXLvWztpkiFSLl5v0G46XFO0JqBjRsZAqDBh0sCaM%2BkQDmdrh4ZJmC11j%2BScG%2BL3g%3D%3D; 1 default-src 'unsafe-inline' 'unsafe-eval' https: blob:;img-src * data: blob:;font-src * data:; 1 frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1 default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://*.slinger.to/ https://*.doubleclick.net/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-cDSiWm2yTFuOa4KVom4v2w=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/; upgrade-insecure-requests 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-/P/4TYuJ8Y1V55kL' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js bat.bing.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net bat.bing.net adservice.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.* bat.bing.net ad.doubleclick.net adservice.google.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl www.googletagmanager.com player.springcast.app;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 frame-ancestors https://go.cargomatic.com/l/911892/2023-10-10/rzl4f 1 base-uri 'none';child-src 'none';connect-src 'self' https://o554791.ingest.us.sentry.io webpack://* https://api2.amplitude.com https://admin.keikiworld.com;default-src 'self';font-src 'self' https://*.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://*.google.com;img-src 'self' https://cdn.keikiworld.com https://keiki.app data:;manifest-src 'self';media-src 'self' https://cdn.keikiworld.com https://keiki.app;object-src 'none';script-src 'self' 'unsafe-inline' https://*.google.com https://*.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1 script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdn.cookielaw.org s2.adform.net browser.sentry-cdn.com js.hubspot.com js.sentry-cdn.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net maps.googleapis.com pagead2.googlesyndication.com server.adform.net *.lytics.io; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css *.lytics.io; img-src 'self' blob: data: cdn.cookielaw.org *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net *.lytics.io; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' fast.wistia.net *.hs-sites.com fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net c.lytics.io; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org adservice.google.com px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://*.spotify.com https://archiv.yourvideo.tv https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at wss://*.onlim.com https://*.googleapis.com https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com https://*.onlim.com; media-src https://*; worker-src blob: 1 default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 default-src 'self' https://*.redlion.net https://*.redlion.cn;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://*.redlion.net https://*.redlion.cn https://themes.googleusercontent.com https://www.googletagmanager.com https://ajax.googleapis.com https://google.com https://cdn.cookielaw.org https://www.bugherd.com https://sidebar.bugherd.com https://static.oktopost.com https://okt.to https://fast.wistia.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://browser.sentry-cdn.com https://tags.srv.stackadapt.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://www.google.com https://www.gstatic.com https://s.btstatic.com https://sellmore.redlion.net https://www.googleoptimize.com https://fast.wistia.net https://player.vimeo.com https://www.youtube.com;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tags.srv.stackadapt.com https://marketing.redlion.net https://sellmore.redlion.net https://fast.wistia.com https://fast.wistia.net;; img-src 'self' data: https://*.redlion.net https://*.redlion.cn https://*.linkedin.com https://www.google-analytics.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://www.google.com https://fast.wistia.com https://www.google.co.in https://*.wistia.com https://sellmore.redlion.net https://fast.wistia.net https://i.ytimg.com https://googleads.g.doubleclick.net https://www.googletagmanager.com;; media-src 'self' blob: https://*.redlion.net https://*.redlion.cn https://embed-ssl.wistia.com;; frame-src 'self' https://www.googletagmanager.com https://sidebar.bugherd.com https://td.doubleclick.net https://www.google.com https://sellmore.redlion.net https://www.youtube.com https://fast.wistia.net https://googleads.g.doubleclick.net;; frame-ancestors 'self' https://www.googletagmanager.com https://sidebar.bugherd.com https://td.doubleclick.net https://www.google.com https://sellmore.redlion.net https://www.youtube.com https://fast.wistia.net https://googleads.g.doubleclick.net;; font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://fast.wistia.com https://*.wistia.com https://sellmore.redlion.net https://fast.wistia.net;; connect-src 'self' https://www.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.google-analytics.com https://marketing.redlion.net https://*.linkedin.com https://fast.wistia.com https://pipedream.wistia.com https://tags.srv.stackadapt.com https://distillery.wistia.com https://*.wistia.com https://bam.nr-data.net https://s.btstatic.com https://sellmore.redlion.net https://fast.wistia.net https://googleads.g.doubleclick.net https://*.litix.io https://*.hotjar.io wss://*.hotjar.com; 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-ODfuw0zcwVTeZO2nveqT9A=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-ODfuw0zcwVTeZO2nveqT9A=='; upgrade-insecure-requests; report-uri /csp/report 1 frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1 : default-src 'self' 1 script-src 'self' 'unsafe-eval' 'nonce-94c789ca3f3154a8abb543cd2dd845aa' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'nonce-94c789ca3f3154a8abb543cd2dd845aa' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U=' 'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU=' 'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4=' 'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o=' 'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A=' 'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0=' 'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg=' 'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0=' 'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk=' 'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k=' 'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g=' 'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM=' 'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc=' 'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA=' 'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw=' 'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA=' 'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8=' 'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM=' 'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60=' 'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk=' 'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA=' 'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4=' 'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA=' 'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0=' 'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo=' 'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg=' 'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8=' 'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk=' 'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4=' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1 font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' ; script-src 'self' *.b-ite.com https://stats.hnee.de 'unsafe-inline' https://cdn.ckeditor.com https://pm.web-vision.de ; connect-src 'self' *.b-ite.com https://stats.hnee.de; img-src * *.b-ite.com data:; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com *.b-ite.com; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1 frame-ancestors 'self' bewerbung.jobs 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1 script-src 'self' 'unsafe-eval' 'nonce-f2b1516c41e1d2f5b78fd951584fc29f' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'nonce-f2b1516c41e1d2f5b78fd951584fc29f' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U=' 'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU=' 'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4=' 'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o=' 'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A=' 'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0=' 'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg=' 'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0=' 'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk=' 'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k=' 'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g=' 'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM=' 'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc=' 'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA=' 'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw=' 'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA=' 'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8=' 'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM=' 'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60=' 'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk=' 'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA=' 'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4=' 'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA=' 'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0=' 'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo=' 'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg=' 'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8=' 'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk=' 'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4=' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1 allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1 default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com https://sgtm.deltalight.com; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com sgtm.deltalight.com https://cookie-cdn.cookiepro.com; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 1 default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005 *.hcaptcha.com; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com *.hcaptcha.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net *.hcaptcha.com 'unsafe-inline' 'nonce-u/9zqanQFvv6to59OEC5kg=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com *.hcaptcha.com 'unsafe-inline' 'nonce-u/9zqanQFvv6to59OEC5kg=='; report-uri /csp/report 1 default-src 'self'; connect-src 'self' www.google-analytics.com *.analytics.google.com *.google-analytics.com wss://www.joa.fr stats.g.doubleclick.net via.batch.com ws.batch.com maps.googleapis.com www.novaresa.net www.joa.fr consentcdn.cookiebot.com www.facebook.com; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none' https://enplug.com https://*.enplug.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com module.lafourchette.com widget.thefork.com *.weezevent.com ubishaker.com t.regionsjob.com *.gaming1.com www.google.com widget.fanzo.com www.facebook.com consentcdn.cookiebot.com *.paperform.co; img-src 'self' www.googletagmanager.com media.joa.fr www.google-analytics.com ytimg.com i.ytimg.com img.youtube.com www.facebook.com www.google.com www.google.fr maps.googleapis.com *.gstatic.com data: blob: www.novaresa.net novaresa.net icons.batch.com www.google.ch www.google.hr www.google.lu www.joa.fr www.tripadvisor.fr via.batch.com apply.indeed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com via.batch.com www.youtube.com connect.facebook.net maps.googleapis.com www.novaresa.net www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.joa.fr www.weezevent.com t.regionsjob.com paperform.co; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.novaresa.net www.googletagmanager.com; upgrade-insecure-requests; report-uri /csp 1 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1 frame-ancestors 'self' https://finance.sponser.co.il https://rotter.net; 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.google.com fonts.googleapis.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tag.demandbase.com script.hotjar.com kit.fontawesome.com *.googletagmanager.com *.google.com *.google.co.uk www.gstatic.com cdn-apac.onetrust.com player.vimeo.com pi.pardot.com *.onetrust.com *.hsadspixel.net *.google-analytics.com googleads.g.doubleclick.net static.hotjar.com snap.licdn.com ws.zoominfo.com *.hs-scripts.com *.txone.com *.hs-banner.com *.hs-analytics.net js-eu1.usemessages.com *.googleadservices.com www.youtube.com *.clarity.ms; font-src 'self' data: *.fontawesome.com fonts.gstatic.com txone.localdev; img-src 'self' data: *.linkedin.com segments.company-target.com id.rlcdn.com track-eu1.hubspot.com *.onetrust.com dnbe7xanmz9uh.cloudfront.net *.gravatar.com media.txone.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google.com.tw googleads.g.doubleclick.net fonts.gstatic.com *.clarity.ms; media-src 'self' media.txone.com dnbe7xanmz9uh.cloudfront.net youtu.be; connect-src 'self' segments.company-target.com tag-logger.demandbase.com api.company-target.com stats.g.doubleclick.net ws.zoominfo.com *.fontawesome.com yoast.com *.linkedin.oribi.io *.onetrust.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com api-eu1.hubapi.com pagead2.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io api-eu1.hubspot.com googleads.g.doubleclick.net google.com px.ads.linkedin.com *.clarity.ms; frame-src 'self' s.company-target.com tag.demandbase.com www.google.com youtube.com www.youtube.com youtu.be player.vimeo.com *.youtube-nocookie.com td.doubleclick.net app-eu1.hubspot.com; frame-ancestors 'self'; object-src 'none' 1 base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' *.ads.linkedin.com *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' blob: *.crazyegg.com *.constantcontact.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src 'self' td.doubleclick.net tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com blob: www.google.com www.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' 'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.medtronic.com s.w.org ; object-src 'self' ; script-src 'self' 'unsafe-inline' payments.blackbaud.com tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' payments.blackbaud.com tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' ; worker-src 'self' blob: ; upgrade-insecure-requests; 1 default-src 'self'; connect-src 'self' *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de *.podigee.io *.podigee-cdn.net *.interamt.de; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; report-uri /security/csp/report 1 default-src 'self' https://*.energylink.com wss://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net 'unsafe-eval' 'unsafe-inline'; font-src 'self' blob: data: https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us https://fonts.googleapis.com https://fonts.google.com https://fonts.gstatic.com; img-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; object-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; media-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com https://player.vimeo.com; script-src 'self' blob: data: https://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com; 1 X-Content-Security-Policy script-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://www.general-security.gov.lb 'unsafe-inline'; connect-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 1 default-src 'self' data: https://*.more-realty.ru:* https://more-realty.ru:* https://*.miel-sochi.ru:* https://miel-sochi.ru:* https://bitrix.info:* https://*.bitrix.info:* https://*.yandex.ru:* https://*.yandex.com:* https://*.yandex.net:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://*.intrumnet.ru:* https://*.intrumnet.com:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://www.googleadservices.com:* https://*.jquery.com:* https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.rutube.ru:* https://*.gstatic.com:* https://www.gstatic.com:* https://cdn.jsdelivr.net/* https://*.jivosite.com/* https://mc.webvisor.org/* https://yandexmetrica.com* https://*.tools.seo-zona.ru:*;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.more-realty.ru:* https://more-realty.ru:* https://*.miel-sochi.ru:* https://miel-sochi.ru:* https://bitrix.info:* https://*.bitrix.info:* https://*.yandex.ru:* https://*.yandex.com:* https://*.yandex.net:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://*.intrumnet.ru:* https://*.intrumnet.com:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://www.googleadservices.com:* https://*.jquery.com:* https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.rutube.ru:* https://*.gstatic.com:* https://www.gstatic.com:* https://cdn.jsdelivr.net/* https://*.jivosite.com/* https://mc.webvisor.org/* https://yandexmetrica.com* https://*.tools.seo-zona.ru:* ;style-src 'self' 'unsafe-inline' data: https://*.more-realty.ru:* https://more-realty.ru:* https://*.miel-sochi.ru:* https://miel-sochi.ru:* https://bitrix.info:* https://*.bitrix.info:* https://*.yandex.ru:* https://*.yandex.com:* https://*.yandex.net:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://*.intrumnet.ru:* https://*.intrumnet.com:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://www.googleadservices.com:* https://*.jquery.com:* https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.rutube.ru:* https://*.gstatic.com:* https://www.gstatic.com:* https://cdn.jsdelivr.net/* https://*.jivosite.com/* https://mc.webvisor.org/* https://yandexmetrica.com* https://*.tools.seo-zona.ru:* ;img-src 'self' 'unsafe-inline' data: https://*.more-realty.ru:* https://more-realty.ru:* https://*.miel-sochi.ru:* https://miel-sochi.ru:* https://bitrix.info:* https://*.bitrix.info:* https://*.yandex.ru:* https://*.yandex.com:* https://*.yandex.net:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://*.intrumnet.ru:* https://*.intrumnet.com:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://www.googleadservices.com:* https://*.jquery.com:* https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.rutube.ru:* https://*.gstatic.com:* https://www.gstatic.com:* https://cdn.jsdelivr.net/* https://*.jivosite.com/* https://mc.webvisor.org/* https://yandexmetrica.com* https://*.tools.seo-zona.ru:*;font-src 'self' data: https://*.more-realty.ru:* https://more-realty.ru:* https://*.miel-sochi.ru:* https://miel-sochi.ru:* https://bitrix.info:* https://*.bitrix.info:* https://*.yandex.ru:* https://*.yandex.com:* https://*.yandex.net:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://*.intrumnet.ru:* https://*.intrumnet.com:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://www.googleadservices.com:* https://*.jquery.com:* https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.rutube.ru:* https://*.gstatic.com:* https://www.gstatic.com:* https://cdn.jsdelivr.net/* https://*.jivosite.com/* https://mc.webvisor.org/* https://yandexmetrica.com* https://*.tools.seo-zona.ru:*;frame-ancestors 'self' data: https://*.more-realty.ru:* https://more-realty.ru:* https://*.miel-sochi.ru:* https://miel-sochi.ru:* https://bitrix.info:* https://*.bitrix.info:* https://*.yandex.ru:* https://*.yandex.com:* https://*.yandex.net:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://*.intrumnet.ru:* https://*.intrumnet.com:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://www.googleadservices.com:* https://*.jquery.com:* https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.rutube.ru:* https://*.gstatic.com:* https://www.gstatic.com:* https://cdn.jsdelivr.net/* https://*.jivosite.com/* https://mc.webvisor.org/* https://yandexmetrica.com* https://*.tools.seo-zona.ru:*;object-src 'self' 'unsafe-inline' data: https://*.more-realty.ru:* https://more-realty.ru:* https://*.miel-sochi.ru:* https://miel-sochi.ru:* https://bitrix.info:* https://*.bitrix.info:* https://*.yandex.ru:* https://*.yandex.com:* https://*.yandex.net:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://*.intrumnet.ru:* https://*.intrumnet.com:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://www.googleadservices.com:* https://*.jquery.com:* https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.rutube.ru:* https://*.gstatic.com:* https://www.gstatic.com:* https://cdn.jsdelivr.net/* https://*.jivosite.com/* https://mc.webvisor.org/* https://yandexmetrica.com* https://*.tools.seo-zona.ru:*; 1 base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1 default-src 'self'; script-src 'self' 'self' https://www.google.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src 'self' data: fonts.gstatic.com;frame-src 'self' https://www.google.com; report-uri https://login.microworkcloud.com.br/csp/report 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 connect-src 'self' pagead2.googlesyndication.com idb.iubenda.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' 'unsafe-inline' data: *.gstatic.com *.bootstrapcdn.com fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; frame-src www.youtube.com player.vimeo.com *.doubleclick.net *.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' data: i.ytimg.com i.vimeocdn.com *.g.doubleclick.net *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src s.w.org; script-src 'self' 'unsafe-inline' pagead2.googlesyndication.com *.hotjar.com *.iubenda.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' pagead2.googlesyndication.com *.hotjar.com *.iubenda.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; worker-src blob:; upgrade-insecure-requests; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1 default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https: rldb:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1 default-src 'none'; base-uri www.hahn-airport.de www.hahn-airport-cargo.com; block-all-mixed-content; connect-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de; font-src www.hahn-airport.de www.hahn-airport-cargo.com; form-action www.hahn-airport.de www.hahn-airport-cargo.com parken.hahn-airport.de; frame-ancestors www.hahn-airport.de www.hahn-airport-cargo.com; frame-src www.hahn-airport.de www.hahn-airport-cargo.com; img-src www.hahn-airport.de www.hahn-airport-cargo.com data: *.openstreetmap.de; media-src www.hahn-airport.de www.hahn-airport-cargo.com; script-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de 'sha256-3gL0ESqaJki/Wh0f/lc2YDLEdxGa87F8Q5TXgPOCikM=' 'sha256-81MEiw1n03G/Umzr1t9TBswGsKYi01GH9Qu+KQu7dD4=' 'sha512-xbcqNOgP70FrlmytA93CaZ+Lh4zepgmKXpUeumuNwRa8sD7TlgTwTgSBKrbiP5/HcguwdErI+ExunDL8rxCrkg==' 'sha512-px1M+IgU2D7N1Ag8ujEEbrR/bWVa9WcgiPLZ6flkhCC+8XiyDRgirHntE0Un+lSGbp4p/VA403aBf4NWUPAD8A==' 'sha512-Tyxc4Zm8bJMo23iSuUGf1AwygBbaOSZEvgDkIoZNrH9oAdhVZp6ZgdFSeajkBFA/J7YY/rQXtXaTxUiZUU1S/w=='; style-src www.hahn-airport.de www.hahn-airport-cargo.com 'unsafe-hashes' fast.fonts.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0kneztpqrRRhpdMukBrBUYV4ZMDr+1A5B/zcgBxiCdQ='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1 frame-ancestors 'self' insights.hotjar.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://cdn.cookielaw.org https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1 default-src 'self' *.akamaihd.net *.facebook.com *.kaporal.com *.kaporal.net *.payline.com *.payments-amazon.com *.truefitcorp.com https://photorankapi-a.akamaihd.net *.build.kaporal.net *.heyday.ai pay.google.com *.vimeo.com *.akamaized.net *.sc-static.net *.analytics.google.com blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.appsmiles.eu *.bing.com *.kaporal.com *.cdn.payline.com *.payments-amazon.com/ *.truefitcorp.com https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://photorankapi-a.akamaihd.net https://photorankstatics-a.akamaihd.net https://www.googletagmanager.com pixel.cdnwidget.com *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.criteo.com *.criteo.net *.heyday.ai docs.google.com *.googleadservices.com *.build.kaporal.net unpkg.com *.unpkg.com *.adobe.net *.adyen.com *.contentsquare.net www.google-analytics.com www.paypal.com *.googleapis.com https://commerce.adobedtm.com https://unpkg.com/@adobe/magento-storefront-event-collector@^1/dist/index https://unpkg.com/@adobe/magento-storefront-events-sdk@%5E1/dist/index.js https://magento-recs-sdk.adobe.net/v2/index.js www.paypalobjects.com *.paypal.com *.google.com *.shipup.co *.clarity.ms *.batch.com *.powerspace.com an.pwspace.com t.contentsquare.net contentsquare.com *.contentsquare.com *.pwspace.com *.social-media-system.com social-media-system.com *.sc-static.net sc-static.net api.social-media-system.com www.datadoghq-browser-agent.com https://analytics.tiktok.com *.vimeo.com *.avads.net *.snapchat.com *.affilae.com *.analytics.google.com *.raptorsmartadvisor.com *.raptorstatic.com az19942.vo.msecnd.net pay.google.com blob:;frame-src 'self' *;style-src 'self' 'unsafe-inline' *.amazonaws.com *.cdn.payline.com *.truefitcorp.com photorankstatics-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.googletagmanager.com *.build.kaporal.net *.b.kaporal.net *.googleapis.com *.paypal.com *.adyen.com *.google.com *.shipup.co *.kaporal.com *.heyday.ai *.sc-static.net *.avads.net *.analytics.google.com *.raptorstatic.com pay.google.com;img-src 'self' data: *.akamaihd.net *.amazonaws.com *.appsmiles.eu *.bing.com *.cdnwidget.com www.google.de www.google.pt adservice.google.com www.google.fr www.google.be *.cloudfront.net *.eu-west-3.amazonaws.com *.facebook.com *.kaporal.com *.doubleclick.net googleads.g.doubleclick.net *.kaporal.net *.cdn.payline.com *.pinterest.com *.truefitcorp.com data.photorank.me photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.google.com *.google.fr *.adnxs.com *.criteo.com *.criteo.net *.heyday.ai *.build.kaporal.net *.adyen.com *.pubmatic.com *.analytics.yahoo.com *.yahoo.com *.emxdgt.com *.ad.smaato.net *.mediavine.com *.stickyadstv.com *.ivitrack.com *.sharethrough.com *.omnitagjs.com *.adform.net *.media.net *.teads.tv *.360yield.com *.casalemedia.com *.3lift.com *.smartadserver.com *.taboola.com *.outbrain.com *.tremorhub.com *.ads.yieldmo.com *.rubiconproject.com *.liadm.com *.googleapis.com *.gstatic.com www.paypalobjects.com www.paypal.com *.paypal.com *.shipup.co *.onestock-retail.com *.bidswitch.net *.advertising.com *.rlcdn.com googletagmanager.com s.ad.smaato.net *.mgid.com tbs.tradedoubler.com *.clarity.ms *.batch.com *.powerspace.com public-prod-dspcookiematching.dmxleo.com i.liadm.com criteo-partners.tremorhub.com www.img-static.com r.phywi.org *.contentsquare.net *.contentsquare.com www.googletagmanager.com *.googletagmanager.com *.sc-static.net sync-criteo.ads.yieldmo.com *.vimeo.com *.google-analytics.com *.avads.net id5-sync.com *.yieldlab.net *.criteo.com *.demdex.net *.krxd.net *.thebrighttag.com *.affilae.com *.analytics.google.com pay.google.com *.yahoo.net *.postrelease.com *.raptorstatic.com www.googletagmanager.com;font-src 'self' data: *.kaporal.com *.cdn.payline.com *.truefitcorp.com maxcdn.bootstrapcdn.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com *.shipup.co *.heyday.ai *.sc-static.net *.amazonaws.com *.analytics.google.com pay.google.com;connect-src 'self' *.abtasty.com *.akamaihd.net *.appsmiles.eu *.facebook.com www.google.de www.google.pt adservice.google.com www.google.fr www.google.be *.google-analytics.com *.googleapis.com *.payline.com *.payments-amazon.com *.truefitcorp.com https://graph.facebook.com https://photorankmedia-a.akamaihd.net https://z1photorankmedia-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.doubleclick.net *.g.doubleclick.net *.heyday.ai *.bing.com *.cdnwidget.com *.cdnbasket.net *.kaporal.com *.onestock-retail.com notifpush.com *.clarity.ms www.clarity.ms *.criteo.com *.batch.com *.powerspace.com *.contentsquare.net *.contentsquare.com *.sc-static.net *.snapchat.com *.social-media-system *.pwspace.com api.social-media-system.com www.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.vimeo.com https://analytics.tiktok.com *.build.kaporal.net *.adyen.com *.adobedc.net www.sandbox.paypal.com sslwidget.criteo.com https://commerce.adobedc.net/collector/tp2 https://commerce.adobe.io www.paypalobjects.com www.paypal.com *.paypal.com *.avads.net *.analytics.google.com pay.google.com google.com *.raptorsmartadvisor.com *.raptorstatic.com *.google.com ;base-uri 'self';media-src 'self' data: *.build.kaporal.net *.b.kaporal.net *.p.kaporal.net *.kaporal.com;report-uri /csp/report 1 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 report-uri https://abgtr7ca.uriports.com/reports/enforce; report-to default; script-src 'self' 'unsafe-eval' 'strict-dynamic' https: 'unsafe-inline' 'sha256-NYXJ5OiEtqIqpDGECnciWqLfTDjOI4YK3DJbxnPZcGk=' 'sha256-y3YyXG6Irx3+WJzNWsRWYaYS22VFUWZ5QEhbUKcr4pE=' 'sha256-kJSetDBewtVAhs/ZALDDMc8OxygoKufBG+OOatdJYJU=' 'nonce-x3iYPry2OxEwWW7ocCxYiQ=='; object-src 'none'; base-uri 'none'; frame-ancestors 'self' https://weddybird.com/; upgrade-insecure-requests 1 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data; img-src 'self' 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com 1 frame-ancestors t.signalplus.com fi.signalplus.com t.signalplus.net fi.signalplus.net falconx.signalplus.com falconx.signalplus.net t-pre.signalplus.com; 1 base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; connect-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au; font-src 'self' https://*.hotjar.com https://*.hotjar.io data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.pega.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mypurecloud.com.au https://*.youtube-nocookie.com https://*.youtube.com https://subscriptions.smartrecruiters.com/ https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; img-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://*.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.google.co.nz *.google.co.nz https://meridian-production-media.s3.ap-southeast-2.amazonaws.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au 'nonce-YThlODQzNTcwMzVmMjgxNDIwNzNmM2M3MTBmZTdiMDVhMzkxODIzNThkZWYyZDg5MWM0MDk0NjQ3NWRiNTBmZjkzZTU5YmEyMzZmYzhiOTM5N2YxZWE2NmY0M2UzM2U1N2QxZGY3Nzc0OGFhYzM4NGQ5NGM5MzczMTFhYTc1MjQ=' 'unsafe-eval'; style-src 'self' https://s.swiftypecdn.com https://*.mypurecloud.com.au https://static.smartrecruiters.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6229198/security/?sentry_key=d3383061a5464af09b0da48432305265&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1 base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.hsforms.com *.hsforms.com; font-src 'self' https://*.typekit.net *.typekit.net; form-action 'self' https://*.hsforms.com *.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.hsforms.com *.hsforms.com https://*.matterport.com *.matterport.com https://*.youtube.com *.youtube.com https://*.google.com *.google.com; img-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.hsappstatic.com *.hsappstatic.com https://*.hsforms.com *.hsforms.com https://*.hs-embed-reporting.com *.hs-embed-reporting.com https://*.hubspot.com *.hubspot.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'self' https://*.olivia.com *.olivia.com https://samplelib.com samplelib.com https://*.googleapis.com *.googleapis.com; object-src 'none'; script-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.clarity.ms *.clarity.ms https://*.googletagmanager.com *.googletagmanager.com https://*.hsforms.net *.hsforms.net https://*.hs-scripts.com *.hs-scripts.com https://*.youtube.com *.youtube.com 'unsafe-inline'; style-src 'self' https://*.typekit.net *.typekit.net 'unsafe-inline'; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://barebells.com/; img-src 'self' data: blob: https://barebells.com/; object-src 'self' data: blob: https://barebells.com/; frame-src 'self' data: blob: https://barebells.com/; 1 frame-ancestors https://betway.be https://betway.com https://betway.de https://www.betway.dk https://betway.es https://www.betway.it https://betway.mx https://beyway.se https://betway.ca https://betway.nl https://betwaysatta.com https://betwaysatta1.com https://betwayarabia.com https://sports.betway.be https://sports.betway.com https://sports.betway.de https://sports.betway.dk https://sports.betway.es https://sports.betway.it https://sports.betway.mx https://sports.beyway.se https://sports.betway.ca https://sports.betway.nl https://sports.betwaysatta.com https://sports.betwaysatta1.com https://sports.betwayarabia.com https://staging.betway.be https://staging.betway.com https://staging.betway.de https://staging.betway.dk https://staging.betway.es https://staging.betway.it https://staging.betway.mx https://staging.beyway.se https://staging.betway.ca https://staging.betway.nl https://staging.betwaysatta.com https://staging.betwaysatta1.com https://staging.betwayarabia.com https://sportsbackend.net https://*.sportsbackend.net https://sportsbackend.dev https://*.sportsbackend.dev https://sportsuat.com https://*.sportsuat.com https://uat.betway.com https://*.uat.betway.com 1 frame-ancestors 'self' https://appwizzy.com 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com app.privacybee.ch app.privacybee.io *.googleapis.com *.google.com *.google.ch; font-src 'self' fonts.gstatic.com cdn.scaleflex.it; frame-src player.vimeo.com www.googletagmanager.com challenges.cloudflare.com; img-src 'self' data: region1.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.google.ch maps.gstatic.com; script-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.privacybee.ch app.privacybee.ch app.privacybee.io challenges.cloudflare.com 'nonce-xSYqo95lcSuaF6S6A17daA=='; style-src 'self' fonts.googleapis.com app.privacybee.ch app.privacybee.io 'unsafe-inline'; upgrade-insecure-requests; report-uri /nelmio/csp/report; worker-src 'self' blob: 1 frame-ancestors 'self' https://*.squaredup.com https://squaredup.com https://app.gather.town; 1 script-src blob: https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://d5.gs1.mwsrv.de https://consent.cookiefirst.com https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com https://static.virtualbadge.io; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://consent.cookiefirst.com https://d5.gs1.mwsrv.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' https://copilotstudio.microsoft.com https://td.doubleclick.net https://*.googletagmanager.com https://*.gs1-germany.de https://optimize.google.com https://*.walls.io https://consent.cookiefirst.com https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://easy-feedback.com https://*.easy-feedback.com https://ext.nonstoppartner.net https://*.gs1.org https://f5ba538cf0d6445983504cc2cd8ccb42.svc.dynamics.com https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net https://public.virtualbadge.io; frame-ancestors 'self' https://*.dev.mehrwert.de https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1 form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://app.mailjet.com/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://app.mailjet.com/; object-src 'self' https://cdn.joomlacontenteditor.net/ 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com secure.payzen.eu maps.googleapis.com *.paypal.com *.algolia.net *.algolianet.com *.bing.com *.facebook.net *.facebook.com *.mgtmod01.com trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinterest.com *.pinimg.com snap.licdn.com www.google.fr www.googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.googleadservices.com pagead2.googlesyndication.com *.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;frame-src 'self' secure.payzen.eu www.youtube.com maps.googleapis.com *.paypal.com secure.ogone.com ogone.test.v-psp.com *.openstreetmap.org *.facebook.com *.youtube-nocookie.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com widget.eu.criteo.com *.pinterest.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr td.doubleclick.net *.doubleclick.net *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com *.gstatic.com placehold.it https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr *.youtube-nocookie.com *.ytimg.com secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.criteo.com e1.emxdgt.com rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com *.yahoo.net *.postrelease.com *.pinterest.com *.pinimg.com *.adform.net *.facebook.net sync.1rx.io jadserve.postrelease.com *.unrulymedia.com bat.bing.net px.ads.linkedin.com aa.agkn.com www.google.com www.google.fr ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net *.g.doubleclick.net pagead2.googlesyndication.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;font-src 'self' fonts.gstatic.com data: cdn.linearicons.com;connect-src 'self' *.paypal.com *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com noembed.com bat.bing.com *.criteo.com *.taboola.com *.outbrain.com *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.pinterest.com *.facebook.com *.outbrain.com bat.bing.com bat.bing.net px.ads.linkedin.com www.google.fr www.google.com google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.g.doubleclick.net *.analytics.google.com *.google-analytics.com pagead2.googlesyndication.com *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;base-uri 'self' 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.doubleclick.net; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch *.cablex-germany.de; frame-ancestors *.cablex.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.cablex-germany.de *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com *.google.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.youtube.com *.doubleclick.net *.google.com *.gstatic.com; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch *.cablex-germany.de; upgrade-insecure-requests 1 frame-ancestors 'self' bam.harridev.com harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com pl.harridev.com ar.harridev.com tr.harridev.com dev.harridev.com fr.dev.harridev.com es.dev.harridev.com ru.dev.harridev.com de.dev.harridev.com pl.dev.harridev.com ar.dev.harridev.com tr.dev.harridev.com newdev.harridev.com stage.harridev.com hmap.harridev.com fr.hmap.harridev.com es.hmap.harridev.com ru.hmap.harridev.com de.hmap.harridev.com pl.hmap.harridev.com ar.hmap.harridev.com tr.hmap.harridev.com dv1.harridev.com dv2.harridev.com sandbox.harridev.com local.harridev.com:9001 fr.local.harridev.com:9001 es.local.harridev.com:9001 ru.local.harridev.com:9001 de.local.harridev.com:9001 pl.local.harridev.com:9001 ar.local.harridev.com:9001 tr.local.harridev.com:9001 local.harridev.com:9002 fr.local.harridev.com:9002 es.local.harridev.com:9002 ru.local.harridev.com:9002 de.local.harridev.com:9002 pl.local.harridev.com:9002 ar.local.harridev.com:9002 tr.local.harridev.com:9002 localhost.harridev.com:9001; 1 default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1 default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com sky.blackbaudcdn.net www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com connect.facebook.net *.facebook.com *.facebook.net host.nxt.blackbaud.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs static.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com sky.blackbaudcdn.net widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com connect.facebook.net *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com feeds.trac.jobs static.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io connect.facebook.net *.facebook.com *.facebook.net; img-src 'self' data: blob: imgsct.cookiebot.com www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs static.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io connect.facebook.net *.facebook.com *.facebook.net; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com connect.facebook.net *.facebook.com *.facebook.net; connect-src 'self' *.browsealoud.com feeds.trac.jobs static.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com sky.blackbaudcdn.net payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io connect.facebook.net *.facebook.com *.facebook.net; worker-src 'self' blob:; 1 default-src 'self'; \ script-src 'self' https://ajax.googleapis.com; \ img-src 'self' https://ssl.google-analytics.com 1 "default-src *" 1 default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-af494f2099f62ae3113965745103c94b' 'nonce-779cac247419747b0245de6f5b361f8d' 'nonce-fdcecdb3b16e8cad4595e0d313fb4e02' 'nonce-99c2a6b6cb444432d12fb23035629488' 'nonce-321b8dec64a1eb229031f4fff07966f9' 'nonce-c26c59ca3b2f44e0339858cc2148a286' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-af494f2099f62ae3113965745103c94b' 'nonce-779cac247419747b0245de6f5b361f8d' 'nonce-fdcecdb3b16e8cad4595e0d313fb4e02' 'nonce-99c2a6b6cb444432d12fb23035629488' 'nonce-321b8dec64a1eb229031f4fff07966f9' 'nonce-c26c59ca3b2f44e0339858cc2148a286' 'self' 'unsafe-inline' https: 'report-sample' 1 base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1 frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com wireframe.cc cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-744356d7257e99bf0c11a2e95fe78b43' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none' 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com;style-src 'self' 'unsafe-inline'; 1 frame-ancestors 'self' www.skaki64.gr skaki64.gr 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; object-src https://*.cloudfront.net/; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com *.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.amazonaws.com/ https://*.cloudfront.net/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://unpkg.com https://fonts.googleapis.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 1 default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-27b3f18db836e88e3121016330aa8ad3' 'nonce-c88b814076fa2154127c3245fefa2e5d' 'nonce-90c22d821fe5831c5c1be4c6618ccd25' 'nonce-565d0ffc65769bb313d4807ec8abc158' 'nonce-a980dce0b97b30108d33775f6f803e1b' 'nonce-a9190322d54766922a4701fa92de27cb' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-27b3f18db836e88e3121016330aa8ad3' 'nonce-c88b814076fa2154127c3245fefa2e5d' 'nonce-90c22d821fe5831c5c1be4c6618ccd25' 'nonce-565d0ffc65769bb313d4807ec8abc158' 'nonce-a980dce0b97b30108d33775f6f803e1b' 'nonce-a9190322d54766922a4701fa92de27cb' 'self' 'unsafe-inline' https: 'report-sample' 1 base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.polkastarter.com https://*.cookie3.co https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://*.bnbchain.org https://*.bnbchain.org:8545/ https://rpc.ankr.com/bsc https://*.binance.org https://testnet.omni.network https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.base.org https://sepolia.base.org https://forno.celo.org https://alfajores-forno.celo-testnet.org https://mainnet.mode.network https://sepolia.mode.network https://goerli.optimism.io https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc.ankr.com/polygon_mumbai https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://rpc.ankr.com https://rpc.ankr.com/eth https://rough-lingering-pine.bsc.quiknode.pro https://little-intensive-wildflower.quiknode.pro;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'none';frame-src https://verify.synaps.io/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live https://www.tradingview-widget.com https://s.tradingview.com https://*.facebook.net https://*.facebook.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co https://www.youtube.com https://unpkg.com https://s3.tradingview.com https://*.facebook.net https://*.facebook.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1 frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1 frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1 default-src 'self' www.clarity.ms c.bing.com *.clarity.ms *.iadvize.com wss://*.iadvize.com static.zdassets.com ekr.zdassets.com ekr.zendesk.com *.zendesk.com api.smooch.io media.smooch.io zendesk-eu.my.sentry.io *.twilio.com *.zendesk.com zendesk-eu.my.sentry.io api.smooch.io voice-js.roaming.twilio.com wss://*.zendesk.com wss://*.zopim.com;base-uri 'self' d6tizftlrpuof.cloudfront.net;form-action 'self' *.adyen.com facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' app.storyblok.com *.forter.com vercel.live pay.google.com *.cloudflarestream.com www.paypal.com *.chantelle.com *.livera.nl *.femilet.dk *.cookielaw.org www.googletagmanager.com connect.facebook.net *.bing.com *.iadvize.com *.taboola.com *.target2sell.com *.tiktok.com *.digital-metric.com *.pinimg.com *.adleadevent.com *.affilae.com *.doubleclick.net *.usabilla.com *.hotjar.com *.digital-metric.net www.clarity.ms *.pinterest.com *.air360tracker.net *.air360.io cdn.jsdelivr.net *.trustedshops.com d1pna5l3xsntoj.cloudfront.net *.ablyft.com ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js https://core.helloretail.com/serve/setup *.helloretailcdn.com static.zdassets.com *.thuiswinkel.org *.thuiswinkel-cdn.org *.zendesk.com https://app.aiden.cx/webshop/build/aiden-embedded.min.js *.emaerket.dk https://snap.licdn.com/li.lms-analytics/insight.min.js https://acro-public-assets.s3.eu-central-1.amazonaws.com/NL-popup/LV-desktop.js widget-mediator.zopim.com https://js.go2sdk.com/v2/tune.js https://tag.heylink.com/960f0d92-a289-4025-96d4-364fe890cdef/script.js *.hyj.mobi blob:;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com *.iadvize.com *.amazonaws.com *.mapbox.com *.air360tracker.net *.air360.io cdn.jsdelivr.net *.ablyft.com *.thuiswinkel-cdn.org d1pna5l3xsntoj.cloudfront.net;img-src 'self' purecatamphetamine.github.io/country-flag-icons/ *.adyen.com a.storyblok.com via.placeholder.com placeholderimage.eu www.gstatic.com *.cloudfront.net www.paypalobjects.com *.cookielaw.org *.picsum.photos picsum.photos www.facebook.com *.doubleclick.net *.google.com *.google.fr *.google.de *.google.at googleads.g.doubleclick.net *.chantelle.com *.livera.nl *.femilet.dk *.bing.com *.usabilla.com *.digital-metric.net *.iadvize.com *.tiktok.com *.mapbox.com *.air360tracker.net *.air360.io *.trustedshops.com *.googletagmanager.com bat.bing.net c.clarity.ms *.ablyft.com static.zdassets.com accounts.zendesk.com *.zendesk.com media.smooch.io *.zdusercontent.com *.amazonaws.com *.cloudfunctions.net static.affilae.com *.thuiswinkel-cdn.org lb.affilae.com *.linkedin.com *.bidswitch.net *.casalemedia.com *.google.je *.adnxs.com *.360yield.com *.pubmatic.com *.smartadserver.com data:;media-src 'self' watch.cloudflarestream.com *.cloudflarestream.com static.zdassets.com data: blob:;font-src 'self' fonts.gstatic.com *.air360tracker.net *.air360.io cdn.jsdelivr.net *.iadvize.com *.trustedshops.com data:;connect-src 'self' *.forter.com *.cloudfront.net *.target2sell.com *.adyen.com vercel.live *.helloretail.com *.google.com/pay https://google.com/pay https://pay.google.com https://www.sandbox.paypal.com www.paypal.com *.cookielaw.org *.onetrust.com *.chantelle.com *.livera.nl *.femilet.dk *.google.com *.taboola.com *.iadvize.com *.pinterest.com *.tiktok.com bat.bing.com bat.bing.net *.clarity.ms *.doubleclick.net *.mapbox.com *.air360tracker.net *.air360.io *.hotjar.io *.cloudflarestream.com *.trustedshops.com *.hotjar.com *.amazonaws.com *.facebook.com wss://*.iadvize.com wss://*.twilio.com *.ablyft.com *.helloretailcdn.com *.zdassets.com *.zendesk.com wss://pod-28-sunco-ws.zendesk.com wss://widget-mediator.zopim.com https://api.country.is lb.affilae.com *.thuiswinkel-cdn.org app.aiden.cx *.linkedin.com;frame-src *.adyen.com pay.google.com *.paypal.com *.doubleclick.net *.pinterest.com www.googletagmanager.com *.cloudflarestream.com tsdtocl.com www.facebook.com *.iadvize.com *.air360.io lb.affilae.com app.aiden.cx widget-mediator.zopim.com *.widget.thuiswinkel.org *.chantelle.com *.femilet.dk *.livera.nl;frame-ancestors app.storyblok.com *.air360.io;manifest-src 'self' https://www.google.com/pay;upgrade-insecure-requests; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1 script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz ct.leady.com; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1 default-src 'self'; img-src *; media-src * data:;, default-src 'self'; img-src *; media-src * data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com code.jquery.com:* static.addtoany.com:* cdn.jsdelivr.net:* googleads.g.doubleclick.net:* connect.facebook.net:* cdnjs.cloudflare.com:* cdn.cookielaw.org:* *.gigya.com:* *.qualtrics.com *.adimo.co:* app.tintup.com:* tintup.com:* www.tintup.com www.google.com www.recaptcha.net www.gstatic.com *.nestlegoodnes.com js-agent.newrelic.com:* assets.pinterest.com:* *.atlassian.net:* apis.google.com:* *.qualifioapp.com; object-src 'none'; frame-src 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com *.qualtrics.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.youtube.com *.qualifioapp.com; frame-ancestors 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.qualifioapp.com 1 default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1 frame-ancestors khh.travel 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none' 1 default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-eu.purina.fr; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.fr 1 default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1 frame-ancestors 'self' decisely.com *.decisely.com 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.googleapis.com youtube.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com *.doubleclick.net *.youtube.com cdn.jsdelivr.net unpkg.com lottie.host; style-src 'self' 'unsafe-inline' *.googleapis.com *.siteimprove.net *.curator.io *.google.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com curator-assets.b-cdn.net *.googletagmanager.com *.google.com.au *.google.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com *.google.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.siteimprove.com *.facebook.com td.doubleclick.net player.vimeo.com *.googletagmanager.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net *.siteimprove.com api.curator.io *.addthis.com *.pingdom.net maps.googleapis.com *.google.com *.googlesyndication.com *.googleadservices.com; report-uri /report-csp-violation 1 default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1 frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1 default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-79d171fe610c7fd8f9a06834b13f139b' 'nonce-016af35a2bc76c88e8cebb1e6cc73626' 'nonce-5f38969b32197d7cda445437c2c7967d' 'nonce-8fcd846b74f78a9c33ac41c4a791d23d' 'nonce-55ae861eebefe8fc284cb1c4cc5a1582' 'nonce-2e4736aaa2e0ce62092b09d1f27d0963' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-79d171fe610c7fd8f9a06834b13f139b' 'nonce-016af35a2bc76c88e8cebb1e6cc73626' 'nonce-5f38969b32197d7cda445437c2c7967d' 'nonce-8fcd846b74f78a9c33ac41c4a791d23d' 'nonce-55ae861eebefe8fc284cb1c4cc5a1582' 'nonce-2e4736aaa2e0ce62092b09d1f27d0963' 'self' 'unsafe-inline' https: 'report-sample' 1 block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com; report-uri /csp/report 1 base-uri 'none';child-src 'none';connect-src 'self' https://graphql-listen.datocms.com https://vitals.vercel-insights.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.mainnet.aptoslabs.com https://*.testnet.aptoslabs.com https://*.devnet.aptoslabs.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors https://cms.aptosfoundation.org https://plugins-cdn.datocms.com;frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://live.eventtia.com;img-src 'self' data: https://media.aptosfoundation.org https://aptosfoundation-proxy.imgix.net https://*.googleusercontent.com https://pbs.twimg.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://track.hubspot.com https://*.hsforms.com https://*.mainnet.aptoslabs.com https://*.testnet.aptoslabs.com https://*.devnet.aptoslabs.com;manifest-src 'self';media-src 'self' https://video.twimg.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://va.vercel-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-scripts.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1 base-uri 'none'; default-src 'none'; connect-src 'self' https:; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://ckf02.lancsd.org https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://bam.nr-data.net https://dmaqfsvvftg8w.cloudfront.net/dtc.all.min.js https://reactjs.org/link/react-devtools https://pscentral.shoppable.com/cartAuth https://*.krxd.net https://s.yimg.com https://www.youtube.com *.bazaarvoice.com *.ada.support https://mpsnare.iesnare.com/ https://tr.snapchat.com https://analytics.tiktok.com https://api.ipify.org https://script.crazyegg.com https://acsbapp.com http://static.ads-twitter.com http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://bat.bing.com/bat.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js https://cdnjs.cloudflare.com/ajax/libs/image-picker/0.3.1/image-picker.js https://insight.adsrvr.org https://cdn.optimizely.com/js/27562260171.js https://a25353130117.cdn.optimizely.com https://*.optimizely.com https://cdn.optimizely.com https://*.cdn.optimizely.com https://staging-dogcheckupchallenge.snipp.us/Upload.aspx https://staging-catcheckupchallenge.snipp.us/Upload.aspx https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://checkupchallenge-dog.snipp.us/ https://checkupchallenge-cat.snipp.us/ https://cdn.ampproject.org https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css *.qualtrics.com https://royalcanincx.qualtrics.com/ https://znbogsizglasvsj70-royalcanincx.siteintercept.qualtrics.com https://cdnjs.cloudflare.com https://shoppable.commerce-connector.com https://t.contentsquare.net/uxa/629ab3f372251.js https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net/pagead https://www.googleadservices.com/*; object-src 'none'; frame-src 'self' https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://processor808.shoppable.com https://www.youtube.com/ https://ct.pinterest.com https://*.krxd.net https://*.bazaarvoice.com *.ada.support/ https://marspetcare-na.ada.support https://pedigreedg.snipp.us https://marspetcare-bark.ada.support/ https://www.facebook.com https://checkupchallenge-cat.snipp.us https://checkupchallenge-dog.snipp.us https://td.doubleclick.net/ https://stagingiamssweepstakes.snipp.us https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js https://iamssweepstakes.snipp.us https://a25353130117.cdn.optimizely.com https://insight.adsrvr.org *.id.opendns.com https://match.adsrvr.org https://checkupchallenge-dog.snipp.us/ https://checkupchallenge-cat.snipp.us/ https://royalcanincx.qualtrics.com/ https://shop.pricespider.com/; child-src blob: 1 frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self' 1 default-src * 'self' *.lpsnmedia.net *.billtrust.com; style-src 'self' http://* 'unsafe-inline' *.lpsnmedia.net *.liveperson.net *.billtrust.com https://*.hotjar.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.liveperson.net https://*.hotjar.com assets.adobedtm.com; img-src * 'self' data: https: *.lpsnmedia.net https://*.hotjar.com; font-src 'self' data: https://smart-ip.net *.kaltura.com https://*.hotjar.com; connect-src 'self' wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.azurewebsites.net wss://*.signalr.net *.signalr.net *.kaltura.com *.walkme.com *.demdex.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.omtrdc.net; frame-src * 'self' *.lpsnmedia.net *.liveperson.net; media-src 'self' blob: *.lpsnmedia.net *.kaltura.com; 1 default-src 'self' https://learn.founderz.com https://staging.founderz.com http://founderz.test http://founderz.local; img-src *; media-src * data:; 1 default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://embed.podcasts.apple.com https://w.soundcloud.com https://playlist.megaphone.fm; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com 'unsafe-inline' 'nonce-Yy2zm/XxbBDM755Jy+C82Q=='; style-src 'self' 'unsafe-inline' 1 frame-ancestors 'none'; report-uri /report-csp-violation 1 default-src https: data:; frame-src https: data:; base-uri 'self'; font-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; connect-src https: blob:; media-src 'self' blob:; child-src 'self' blob:; form-action 'self'; object-src 'self' 1 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1 default-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com develop-ms-business.immodvisor.digital ms-business.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital; block-all-mixed-content; connect-src https://mato.immodvisor.com https://*.immodvisor.com https://develop-ms-business.immodvisor.digital https://ms-business.immodvisor.com http://localhost https://localhost https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha/api2/clr www.google.com/recaptcha/api/siteverify *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; font-src 'self' fonts.gstatic.com *.immodvisor.doc *.immodvisor.digital; frame-src 'self' www.youtube.com www.dailymotion.com geo.dailymotion.com my.matterport.com public-site-wp.immodvisor.com https://www.google.com *.immodvisor.doc *.immodvisor.digital; img-src 'self' data: public-site-wp.immodvisor.com placehold.co secure.gravatar.com public-staging.immodvisor.com develop-www.immodvisor.digital http://localhost:8080 staging-pro-photo.s3.rbx.io.cloud.ovh.net pro-photo.s3.rbx.io.cloud.ovh.net *.tile.openstreetmap.org tile.openstreetmap.org *.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com; script-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com www.immodvisor.com immodvisor.com develop-ms-business.immodvisor.digital www.gstatic.com www.google.com *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com 'nonce-hPufaRx8ijWkvrk1S56n5A=='; style-src 'self' 'unsafe-inline' public-site-wp.immodvisor.com *.immodvisor.doc *.immodvisor.digital; upgrade-insecure-requests 1 default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net www.canva.com *.youtube.com view.genial.ly view.genially.com climatefarmdemo.eu *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1 object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms https://c.bing.com https://*.bing.com https://*.bing.net;frame-src https://www.youtube.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.linkedin.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com https://*.bing.com https://*.bing.net;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=' https://*.bing.com https://*.bing.net;style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.licdn.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;child-src *.facebook.com *.facebook.net;manifest-src https://www.wefact.nl 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouser.com *.google-analytics.com *.google.com *.hubapi.com *.youtube.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.crazyegg.com *.jquery.com https://js.hs-scripts.com https://api.ipify.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://googleads.g.doubleclick.net https://snap.licdn.com https://ajax.googleapis.com https://js.hsforms.net/ https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com https://js.zi-scripts.com https://*.zoominfo.com blob: https://js.adsrvr.org https://tags.clickagy.com https://marketing.lord.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://px.ads.linkedin.com https://track.hubspot.com data: https://marketing.lord.com; img-src 'self' https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://track.hubspot.com data: https://microstrainstg.prod.acquia-sites.com https://www.microstrain.com *.ads.linkedin.com https://js.hsforms.net https://forms-na1.hsforms.com https://forms.hsforms.com/ https://*.ads.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.ca https://perf-na1.hsforms.com https://*.clickagy.com https://pixel-sync.sitescout.com https://*.doubleclick.net https://*.agkn.com https://us-u.openx.net https://idsync.rlcdn.com https://dpm.demdex.net https://marketing.lord.com; frame-src https://www.youtube.com https://www.googletagmanager.com https://forms.hsforms.com/ https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com https://static.addtoany.com https://insight.adsrvr.org https://*.clickagy.com https://match.adsrvr.org; frame-ancestors self https://www.google.com; font-src *.gstatic.com 'self' https://themes.googleusercontent.com; connect-src 'self' https://www.youtube.com https://ipapi.co https://microstrainstg.prod.acquia-sites.com https://api.mouser.com https://api.hubapi.com https://px.ads.linkedin.com https://forms.hubspot.com https://analytics.google.com https://code.jquery.com https://*.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://maps.googleapis.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://google.com https://adservice.google.com https://cta-service-cms2.hubspot.com https://js.zi-scripts.com https://*.zoominfo.com https://*.clickagy.com http://*.hubspot.com https://insight.adsrvr.org; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' data: 'sha256-wJOL4ABbdtljPOwmtmY4U8xp5eI9bSAq+wVNc9yPitU='; 1 default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-d1ff46ec7e95e36996220f504d8f4f2f' 'nonce-86be3aab49cba107910a9c057066998d' 'nonce-fe59b52026bafc7efb64b21ff5d27934' 'nonce-faa54bebd9d48e0dbbba19f8c2cf863d' 'nonce-f489bd0fef443bed48392166069219ed' 'nonce-26e389cf4439b76c3ea5eb9eda71014a' 'nonce-6290432efb802438eb361ee0617cf89a' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-d1ff46ec7e95e36996220f504d8f4f2f' 'nonce-86be3aab49cba107910a9c057066998d' 'nonce-fe59b52026bafc7efb64b21ff5d27934' 'nonce-faa54bebd9d48e0dbbba19f8c2cf863d' 'nonce-f489bd0fef443bed48392166069219ed' 'nonce-26e389cf4439b76c3ea5eb9eda71014a' 'nonce-6290432efb802438eb361ee0617cf89a' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-e767a6b9ce062817f75f327b434af231' 'nonce-95409017a6e39b98f119139113b7f34f' 'nonce-da0b5705226b070cb2c4c635fd415895' 'nonce-fd31d13918a11f0e6c87164819f0823e' 'nonce-ed14f58d60194da551eab4f65a1228fe' 'nonce-01b1e72554360ddde21b0a69822224f3' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e767a6b9ce062817f75f327b434af231' 'nonce-95409017a6e39b98f119139113b7f34f' 'nonce-da0b5705226b070cb2c4c635fd415895' 'nonce-fd31d13918a11f0e6c87164819f0823e' 'nonce-ed14f58d60194da551eab4f65a1228fe' 'nonce-01b1e72554360ddde21b0a69822224f3' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl 1 frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com https://support.rockwellautomation.com 1 default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' c.bing.com snap.licdn.com *.analytics.google.com *.hotjar.com *.doubleclick.net www.gstatic.com www.google.com apis.google.com maps.googleapis.com googleadservices.com www.xart.cz fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.ccvision.de www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.cz connect.facebook.net giphy.com *.facebook.com akamaihd.net fbcdn.net fb.me fbsbx.com api.mapy.cz mapserver.mapy.cz tagmanager.google.com ssl.gstatic.com fe.marketingovalista.cz sc.lfeeder.com tr.lfeeder.com static.userback.io api.userback.io www.googleadservices.com app.marketingovalista.cz accounts.google.com *.clarity.ms *.google-analytics.com *.googlesyndication.com 1 default-src 'self'; \ script-src 'self' https://ajax.googleapis.com; \ img-src 'self' https://ssl.google-analytics.com 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/scripttemplates/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://*.gstatic.com ; img-src 'self' https://cdn.cookielaw.org/ https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org/ https://www.jobup.ch https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://privacyportal-ch.onetrust.com/request/v1/consentreceipts https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net/ https://10857799.fls.doubleclick.net/; 1 default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-nWU7PRNpskSVVpems8p2pg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1 default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors https://*.cloudfront.net https://*.streavent.de https://*.dwa.de https://*.dwa-bayern.de https://*.dwa-bw.de https://*.dwa-hrps.de https://*.dwa-mitte.de https://*.dwa-nord.de https://*.dwa-no.de https://*.dwa-nrw.de https://*.dwa-st.de https://*.gfa-news.de 1 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1 frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://shop.bioeg.de/ https://vrweb15.linguatec.org; img-src 'self' data: blob: https://piwik.bzga.de/ https://shop.bioeg.de/ https://tools.gesund.bund.de; script-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://tools.gesund.bund.de youtube.com www.youtube.com www.youtube-nocookie.com; font-src 'self' data: https://tools.gesund.bund.de; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' https://piwik.bzga.de/ https://vrweb15.linguatec.org https://fonts.openmaptiles.org; frame-src 'self' youtube.com www.youtube.com www.youtube-nocookie.com 1 default-src 'self' *.optimizely.com wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline' https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://service.force.com; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://static.lightning.force.com https://*.salesforceliveagent.com 'self' 'unsafe-eval' 'nonce-b0604ad49a2a45b6910fdcd95a17f0f9'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.newforma.com/ https://bimtrack.co https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://service.force.com/ 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://konekt.help.newforma.com https://storbtqa.blob.core.windows.net/staticcontentcontainer/ https://www.newforma.com data: https://bt03storage.blob.core.windows.net/; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoll-portal.de; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1 frame-ancestors https://web-ne-dev-h20-hippo.azurewebsites.net 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 http://127.0.0.1:3000 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de https://staging.bptk.de https://staging-api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de http://www.youtube.com/iframe_api https://www.youtube.com;style-src 'self' 'unsafe-inline'; 1 default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1 script-src 'nonce-abcdefg'; data: blob:; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://translate-pa.googleapis.com/v1/translateHtml https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com bat.bing.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.at *.cookiebot.eu *.google-analytics.com connect.facebook.net px.ads.linkedin.com px4.ads.linkedin.com stats.g.doubleclick.net *.transgourmet.com *.transgourmet.at svrdntfctn.com analytics.tiktok.com *.googleadservices.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.at *.gstatic.com *.googletagmanager.com *.google-analytics.com bat.bing.com api.mapbox.com *.mindspace.at *.vorauerfriends.com *.usercentrics.eu px.ads.linkedin.com px4.ads.linkedin.com *.transgourmet.com *.transgourmet.at *.facebook.com; script-src 'self' bat.bing.com *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.cookiebot.eu *.googletagmanager.com *.google-analytics.com snap.licdn.com connect.facebook.net svrdntfctn.com analytics.tiktok.com *.googleadservices.com; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; report-uri /csp/report 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com static.hotjar.com sc-static.net connect.facebook.net embed.tawk.to *.google-analytics.com *.paypal.com script.hotjar.com ajax.googleapis.com ws.colissimo.fr api.mapbox.com *.axept.io *.tawk.to cdn.jsdelivr.net *.matomo.cloud *.googleapis.com *.snapchat.com *.youtube.com landing.ls.skeepers.io googleads.g.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googleadservices.com *.googlesyndication.com;frame-src 'self' *.snapchat.com vars.hotjar.com *.google.fr *.facebook.com *.tawk.to *.youtube.com *.calameo.com *.vimeo.com td.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' tagmanager.google.com api.mapbox.com ws.colissimo.fr embed.tawk.to cdn.jsdelivr.net fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googletagmanager.com;img-src 'self' data: tr.snapchat.com *.facebook.com *.google.fr *.google.com *.onyourmap.com ws.colissimo.fr *.mapbox.com axeptio.imgix.net *.tawk.to cdn.jsdelivr.net tawk.link script.hotjar.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.be favicons.axept.io googleads.g.doubleclick.net spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.terreseteaux.fr *.mux.com;font-src 'self' data: ws.colissimo.fr *.tawk.to fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net github.com fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com *.mux.com;connect-src 'self' *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne in.hotjar.com stats.g.doubleclick.net ws.colissimo.fr *.hotjar.io *.axept.io tr.snapchat.com *.hotjar.com *.tawk.to wss://*.tawk.to wss://*.hotjar.com api.sandbox.getalma.eu api.getalma.eu maps.googleapis.com terreseteaux.matomo.cloud *.facebook.com *.analytics.google.com *.google.com *.snapchat.com *.googlesyndication.com spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.mux.com *.litix.io stream.mux.com *.skeepers.io googleads.g.doubleclick.net *.googleadservices.com *.google.fr;base-uri 'self';media-src 'self' data: *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com stream-mux.com *.mux.com blob:;report-uri /csp/report;form-action secure.payzen.eu *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube-nocookie.com https://*.monday.com https://*.doubleclick.net https://*.slinger.to/ https://fonts.bunny.net/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.google.nl; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-WIwgxRHXUSg3HvdbLZsGvQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/ https://fonts.bunny.net/; upgrade-insecure-requests 1 default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1 default-src 'self' ; frame-src 'self' https://by.id.facct.ru https://acs2.bgpb.by https://3ds.alfabank.by https://ipcacs.bps-sberbank.by https://3ds.priorbank.by https://emv3ds.npc.by https://emv3ds.npc.by:8443 https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi2.mtbank.by:8046/ https://ucas.npc.by:8443/ https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io https://app.blinger.io https://static.mybank.by data: blob: https://www.google-analytics.com https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1 frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.web2016-acc.netivity.nl https://matrabike.WEB2016-ACC.netivity.nl http://www.google.com 1 frame-ancestors https://*.estratraining.it 1 default-src 'self' challenges.cloudflare.com *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud; frame-src 'self' challenges.cloudflare.com *.microsoftonline.com *.powerbi.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' px.ads.linkedin.com challenges.cloudflare.com *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com js.hsforms.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' px.ads.linkedin.com challenges.cloudflare.com data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' snap.licdn.com challenges.cloudflare.com *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' challenges.cloudflare.com *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=CSrelvJVFKZtDoUcrgbyKhMKm4DBBPpJcdaR8h1wZP/5zjHodNdgeQ== 1 default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 1 default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.videoamp.com *.tapad.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fullstory.com * .googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org *.sc-static.net https://sc-static.net/scevent.min.js https://sc-static.net/sc-pixel-helper.min.js *.mikmak.ai *.swaven.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.monsido.com *.jsdelivr.net *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.rubiconproject.com *.twitter.com *.monsido.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.videoamp.com *.tapad.com *.snapchat.com *.doubleclick.net *.analytics.yahoo.com *.adnxs.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/ *.mikmak.ai *.swaven.com *.abtasty.com; media-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.googletagmanager.com *.abtasty.com *.mikmak.ai *.swaven.com *.smartactivatordev.com https://cloud.bluetriton.com/; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.mikmak.ai *.swaven.com; connect-src 'self' *.fullstory.com *.doubleclick.net *.google-analytics.com *.facebook.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net *.mikmak.ai *.swaven.com *.google.com; upgrade-insecure-requests 1 frame-ancestors https://* 1 default-src 'self' https://cdn.competitionsuite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://*.sentry-cdn.com https://js.stripe.com https://checkout.stripe.com https://cdn.firebase.com https://www.gstatic.com https://*.firebaseio.com https://kendo.cdn.telerik.com https://ajax.googleapis.com www.google-analytics.com ssl.google-analytics.com ajax.cloudflare.com https://ajax.cloudflare.com https://d3js.org sdk.amazonaws.com beacon-v2.helpscout.net static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://player.vimeo.com/ unpkg.com; style-src 'self' data: 'unsafe-inline' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cdn.competitionsuite.com https://competitionsuite.com https://cdn.competitionsuite.io https://cdn.competitionsuite.com https://vault.compsuite.io https://competitionsuite.blob.core.windows.net https://s3.amazonaws.com cs-profile-upload.s3.amazonaws.com www.google-analytics.com ssl.google-analytics.com http://kendo.cdn.telerik.com https://*.stripe.com d33v4339jhl8k0.cloudfront.net; frame-src 'self' https://js.stripe.com https://checkout.stripe.com https://player.vimeo.com *.firebaseio.com mozilla.github.io https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://cdn.competitionsuite.com files.competitionsuite.com https://socket.competitionsuite.com https://*.sentry.io wss://socket.competitionsuite.com wss://*.firebaseio.com https://s3.amazonaws.com *.stripe.com *.vimeo.com *.pndsn.com cs-video.s3.amazonaws.com cognito-identity.us-east-1.amazonaws.com www.google-analytics.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net https://sse.competitionsuite.com; media-src 'self' http://audio.competitionsuite.com https://audio.competitionsuite.com https://s3.amazonaws.com; report-uri https://sentry.io/api/1333530/security/?sentry_key=db3117a28c894c5ebfcaf7b702a4f22f&sentry_environment=production 1 frame-ancestors 'self' 'hackintosh-olarila.com'; 1 default-src 'self'; script-src 'self'; includeSubDomains; preload 1 object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1 base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-ipeG7WrPGnFJ28CuHsjpvuKD' 'nonce-2he3Nsn0uCzyJDdHXqJ4x0QQ' 'nonce-BMgLXH+1oycz9evInmXv2sRu' 'nonce-4BdpgL7Bt/841fqkf3w/ctfD' 'nonce-IXgaCBeo/1gdAHzuiXUU9Y1b' 'nonce-rAIFMCXKIavdd2lNLrGHE4mJ' 'nonce-W02rqzARK6PCrqBws+SbchoU' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; object-src *; media-src *; frame-src *; worker-src *; child-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; block-all-mixed-content; 1 worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1 base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.googletagmanager.com https://td.doubleclick.net;img-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32 https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1 default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com https://*.sentry.io https://*:9090; font-src 'self' https://*.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src *; img-src 'self' https://*.google-analytics.com data:;; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.smooch.io https://*.sentry.io https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://cdn.jsdelivr.net 'nonce-iulr/5R5YDlr2TIVuTEDPA=='; style-src 'self' 'unsafe-hashes' 'unsafe-eval' https://cdn.jsdelivr.net https://*.googleapis.com 'nonce-iulr/5R5YDlr2TIVuTEDPA=='; upgrade-insecure-requests 1 object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' wss://directline.botframework.com https://directline.botframework.com directline.botframework.com https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://*.algolia.net *.algolia.net https://*.algolianet.com *.algolianet.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://stats.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' https://*.faqbot.nz *.faqbot.nz https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://dnc.us5.list-manage.com dnc.us5.list-manage.com; frame-ancestors 'self'; frame-src 'self' wss://directline.botframework.com https://youtube.com youtube.com https://youtu.be youtu.be https://*.sharethis.mgr.consensu.org *.sharethis.mgr.consensu.org https://www.google.com www.google.com https://public.tableau.com public.tableau.com https://player.vimeo.com player.vimeo.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googleapis.com https://*.s3.ap-southeast-2.amazonaws.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://www.facebook.com www.facebook.com data:; media-src https://youtube.com youtube.com https://www.youtube.com www.youtube.com https://vimeo.com vimeo.com https://youtu.be youtu.be https://i.vimeocdn.com i.vimeocdn.com; object-src 'self'; script-src 'self' https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://sharethis.com sharethis.com https://*.sharethis.com *.sharethis.com https://*.googletagmanager.com *.googletagmanager.com https://www.google.com www.google.com https://gstatic.com gstatic.com https://public.tableau.com public.tableau.com https://code.jquery.com code.jquery.com https://www.google-analytics.com www.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://*.sharethis.js *.sharethis.js https://connect.facebook.net connect.facebook.net https://www.googletagmanager.com www.googletagmanager.com https://www.gstatic.com www.gstatic.com 'nonce-OTM3MjBhMmQ1ZGYyNzYwNThhNTdkMDFjMmI5ZGNlYWI4ZjZiYTEzMGE1YzdjNTFlOGI0NDhiM2Y2OWQyMjUyYjY2Y2FjMmMxY2Y3ZTM1NjM0YTI1MjU3ZmMxZjJiNzY3NGYyNGY2MGI5YjZlNDU0OWRkY2Y5OWM1Zjk5NGY0Mzk=' 'unsafe-eval'; style-src 'self' https://unsafe-inline unsafe-inline https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.google-analytics.com ssl.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-to csp-endpoint; upgrade-insecure-requests 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 default-src https: 'self'; block-all-mixed-content; font-src https: 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com https://privacy.telethon.fr/ https://td.doubleclick.net https://www.googletagmanager.com/; img-src data: https: https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com 'self'; script-src https: 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com 'nonce-zTJRfPFUFHwj5iscer2zmA=='; style-src https: https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' 1 default-src 'self' data: https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://i.ytimg.com https://images-secure.pixibox.com https://cdn.couponai.fr https://brands.click2buy.com https://analytics.clic2buy.com https://widget.clic2buy.com https://www.instagram.com https://instagram.com https://capig.stape.cloud https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com; font-src 'self' data: https://cloud.typography.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://widget.clic2buy.com https://widget.clic2drive.com https://clients.clic2drive.com https://brands.click2buy.com https://analytics.clic2buy.com https://assets.clic2buy.com https://www.youtube.com https://www.instagram.com https://maps.google.com/; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.elle-et-vire.com https://assets.clic2buy.com https://fonts.googleapis.com; report-uri /nelmio/csp/report 1 base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-MDhiZmFkZDUxOTg0MWE4MDdhZmFhNjVmODc2MzgxNWI5YWVkZDczNTBlNjAxZWRjMDliYWVlNDgwNzE4MzViNGU0ZjgwNzA1NjEwOWRjYzZiM2VjYTA2OGE4NmFjMzE5NTI5M2I0NzA5NzlhYmM3ZWQwMGE0YTdhMjk3MDVlMDg=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1 default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com letsgoeasy-koop.de; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl https://stsdboneprod.blob.core.windows.net/ https://stsdboneacc.blob.core.windows.net/ https://stsdbonetest.blob.core.windows.net/ https://esm.sh/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js https://esm.sh/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1 default-src 'self' https://*.clarity.ms https://c.bing.com https://www.google.com 'unsafe-inline';style-src 'self' 'nonce-o4wnB2ZBKt1puflnqXhwoI4gTaZYjCeo/TYwzayLEQU=' https://www.gstatic.com;img-src * 'self' data: https: https://www.gstatic.com;object-src 'none';frame-ancestors 'none';sandbox allow-forms allow-same-origin allow-scripts allow-downloads allow-popups;base-uri 'self';script-src 'self' 'unsafe-inline' 'nonce-o4wnB2ZBKt1puflnqXhwoI4gTaZYjCeo/TYwzayLEQU=' 'sha256-kHb9IgtqKl2dZLDx7+YeW7Se1+DGF3pFHdB6SMV3mEg=' https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/utils.js https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag https://www.google-analytics.com/ https://www.googletagmanager.com/gtag/js https://www.clarity.ms/ https://www.clarity.ms/tag/ ;frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.clarity.ms/tag/ ;connect-src 'self' https://www.google-analytics.com/ https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://clarity.ms/ https://*.clarity.ms/ ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js; img-src 'self' data: http://fasadeu.public80.prekdemo.se/ https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' data: ; frame-src 'self' data: ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maillist-manage.net/ua/TrailEvent?callback=processData&category=updImpression&signupFormIx=3z2b1cad771d6eaeaeb0e2bbf505315985402081f71c4ab3fe1d5eae7d868d04a0&trackingCode=ZCFORMVIEW&action=impression&orgId=3z8781ce729168d79b5c42fdd2785596d8db2e0bf942561fa5e4cecebb6f9cb533&actId=3z4f744b06beaf81bbb0cf226b686d2fdf5f03a74ecf6a3bdd4ddcc94c7f8993e0&custId=3z4f744b06beaf81bbb0cf226b686d2fdfd44ab791b6f2fc3d92b6e7ae4d095678&zx=134d43161&visitorType=0 https://jwgcv-zgpvh.maillist-manage.net/js/dig.js https://jwgcv-zgpvh.maillist-manage.net/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z2b1cad771d6eaeaeb0e2bbf505315985402081f71c4ab3fe1d5eae7d868d04a0&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fcongresso-go%2F%3Fpreview_id%3D27395%26preview_nonce%3D7d6f981372%26preview%3Dtrue&ref=https%3A%2F%2Fmedgrupo.com.br%2Fwp-admin%2Fpost.php%3Fpost%3D27395%26action%3Delementor https://jwgcv-cmpzourl.maillist-manage.com/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z8499bd93ca6649db7c77441daa4d7f1887e91940131bcae0f8525c055ec1b426&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fzoho%2F%3Fpreview_id%3D26836%26preview_nonce%3D69265c5d3c%26preview%3Dtrue&ref=https%3A%2F%2Fmedgrupo.com.br%2Fzoho%2F%3Fpreview_id%3D26836%26preview_nonce%3D69265c5d3c%26preview%3Dtrue https://jwgcv-cmpzourl.maillist-manage.com/js/dig.js https://jwgcv-cmpzourl.maillist-manage.com/* https://ma.zoho.com/js/optin.min.js https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.gstatic.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://cdn.jsdelivr.net https://code.jquery.com/ https://cdnjs.cloudflare.com/; img-src 'self' data: https://ma.zoho.com/images/challangeiconenable.jpg https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://www.google.com.br/* https://code.jquery.com/* https://cdnjs.cloudflare.com/*; object-src 'self' data: https://jwgcv-cmpzourl.maillist-manage.com/* https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://code.jquery.com/ https://cdnjs.cloudflare.com/; frame-src 'self' data: https://jwgcv-cmpzourl.maillist-manage.com/* https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://code.jquery.com/ https://cdnjs.cloudflare.com/; 1 default-src data: https: http:;script-src 'self' resource://pdf.js/ 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'unsafe-inline' https: http: blob:;object-src 'self' blob:;img-src 'self' https://*.everesttech.net https://dhlcom.d3.sc.omtrdc.net/ data: blob:;connect-src blob: 'self' https://*.demdex.net https://*.dhl.com https://*.video-cdn.net https://*.hereapi.com https://*.usetiful.com https://*.dpdhl.com;worker-src blob: 1 urbanohio.com 1 default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; object-src 'none'; frame-ancestors 'self'; report-uri /report-csp-violation 1 frame-ancestors https://*.communaute-paysbasque.fr 1 script-src 'nonce-Ggb9D1UMhNKUoIqneayHHQl5zgs=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1 frame-ancestors 'self' vidaworld.com *.vidaworld.com heromotocorp3--dev.sandbox.my.salesforce.com heromotocorp3--dev.sandbox.lightning.force.com vidaworld--sit.sandbox.lightning.force.com vidaworld.lightning.force.com 1 default-src charlesstanley.sjv.io utt.impactcdn.com *.responsetap.com *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; script-src utt.impactcdn.com *.googleapis.com *.responsetap.com *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; connect-src 'self' charlesstanley.sjv.io *.google-analytics.com *.onetrust.com wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com https://bat.bing.com/; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com https://bat.bing.com/ * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1 default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1 frame-ancestors 'self' https://*.lovevite.com 1 default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com *.usercentrics.eu *.snitcher.com data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https: wss: 1 default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1 frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1 report-uri //report-csp-violation 1 frame-ancestors 'self' https://shopproxy.p-s-s.de ; style-src 'self' localhost:* https://fonts.googleapis.com https://test.vr-pay-ecommerce.de http://oxomi.com 'unsafe-inline' 1 frame-ancestors http://programasgratis.searchmgr.com/ 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; frame-ancestors 'self' 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com https://global.frcapi.com/; 1 default-src 'self' www.affidea.com 'unsafe-inline'; script-src 'self' www.affidea.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net hello.myfonts.net www.youtube.com www.googletagmanager.com cdnjs.cloudflare.com snap.licdn.com az416426.vo.msecnd.net connect.facebook.net www.facebook.com www.google-analytics.com px.ads.linkedin.com dc.services.visualstudio.com region1.google-analytics.com; img-src 'self' www.affidea.com; style-src 'self' www.affidea.com; script-src-elem 'elem' www.affidea.com affidea.com; style-src-elem 'self' www.affidea.com; media-src: 'self'; 1 default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com www.youtube.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; media-src www.youtube-nocookie.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors 'self' http://pudtoday http://prointnet 1 default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com apps.mypurecloud.com.au player.vimeo.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com www.google-analytics.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com staticcdn.co.nz apps.mypurecloud.com.au; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1 default-src 'none'; frame-ancestors 'self'; frame-src 'self' https://challenges.cloudflare.com/ https://forms.office.com https://www.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com/ https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' data: https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; manifest-src 'self'; base-uri 'none'; form-action 'self' 1 default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.bing.com *.clarity.ms *.tiktok.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net https://www.googletagmanager.com; connect-src * data: 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1 sandbox 1 default-src 'self'; connect-src region1.google-analytics.com 'self'; font-src fonts.gstatic.com 'self'; style-src-elem fonts.googleapis.com data: 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src lib.ocimf.org *.rackcdn.com data: self'; script-src www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src blob: 'self' *.rackcdn.com 1 base-uri 'none'; default-src 'self'; child-src https://*.yachtbuyer.com https://www.youtube.com https://www.google.com https://*.vimeo.com https://www.facebook.com https://iframe.mediadelivery.net; connect-src 'self' https://a.yachtbuyer.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://*.vimeo.com https://vimeo.com https://stats.g.doubleclick.net https://www.facebook.com https://zoom.yachtcast.net https://error.dfusion.com https://*.clarity.ms; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://www.facebook.com; frame-ancestors https://*.yachtbuyer.com; img-src 'self' https://*.yachtbuyer.com https://*.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://i.vimeocdn.com https://*.googletagmanager.com https://www.google.com https://www.bugherd.com https://www.facebook.com https://zoom.yachtcast.net https://i.ytimg.com https://img.youtube.com https://*.clarity.ms blob: data:; media-src 'self' https://*.vimeo.com https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https://*.yachtbuyer.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://*.vimeo.com https://www.youtube.com https://connect.facebook.net https://browser.sentry-cdn.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://www.bugherd.com 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1 default-src 'none'; img-src 'self'; script-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; img-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; object-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; frame-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; 1 font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1 frame-ancestors rextheme.com; 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1 default-src 'self' *.google-analytics.com *.c-budejovice.cz https://chatbot-chetty.bubbleapps.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wbtrk.net cdnjs.cloudflare.com *.gstatic.com *.google-analytics.com player.wowza.com www.googletagmanager.com *.hotjar.com *.x.com *.twitter.com https://artificialsuperlatency.blob.core.windows.net/datastore/Chetty/chettyscript.js https://geid.wbtrk.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.cloudflare.com https://artificialsuperlatency.blob.core.windows.net/datastore/Chetty/chettystyles.css; img-src 'self' cbudejovice01.webtrekk.net fbc.wcfbc.net *.googletagmanager.com; frame-src 'self' *.hotjar.com *.pesweb.cz *.c-budejovice.cz *.facebook.com *.twitter.com *.x.com *.jwplayer.com *.youtube.com https://chetty.ai; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; connect-src 'self' in.hotjar.com *.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com; 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.soundcloud.com https://forms.office.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.tiktok.com https://*.doubleclick.net https://widget.tablefever.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com https://*.google.be https://*.google.nl; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-UyHyEjm/NfnEsolcxsVZiQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1 default-src https://*.google-analytics.com https://*.googletagmanager.com; block-all-mixed-content; connect-src 'self' https://*.google.com https://*.google-analytics.com https://*.facebook.com; font-src 'self'; frame-src https://www.youtube.com https://calendly.com https://www.montareturns.com https://www.googletagmanager.com https://td.doubleclick.net https://*.facebook.com https://view.publitas.com; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://www.mollie.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.facebook.com; manifest-src 'self'; object-src https://www.youtube.com; script-src 'self' https://www.youtube.com https://*.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.net https://*.facebook.com 'nonce-cCMmkFFvrUJfJ5iKQ7oSNw=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1 frame-ancestors 'self' http://localhost:* https://localhost:* https://*.lexjet.com 1 default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1 default-src 'self'; img-src 'self'; media-src 'self' data:; 1 default-src 'self' *.timeavenue.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://mc.yandex.com https://yastatic.net *.bitrix24.ru *.bitrix24.com *.jivosite.com https://googletagmanager.com *.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://connect.facebook.net *.roistat.com https://api-maps.yandex.ru https://*.maps.yandex.net *.maps.yandex.net https://ajax.googleapis.com https://web.redhelper.ru *.google-analytics.com https://ipinfo.io https://geocode-maps.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.bitrix24.ru https://web.redhelper.ru *.roistat.com data: blob:; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https: data: https://mc.yandex.ru; frame-src 'self' blob: *.web-creator.com https://securepay.rsb.ru https://www.facebook.com https://www.youtube.com *.bitrix24.ru *.bitrix24.com https://web.redhelper.ru https://docs.google.com https://yandex.ru https://mc.yandex.com https://api-maps.yandex.ru; connect-src 'self' *.web-creator.com https://mc.yandex.ru https://bitrix.info *.bitrix24.ru *.bitrix24.com *.jivosite.com https://*.jivo.ru wss: https://www.facebook.com *.timeavenue.ru *.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.com https://api-maps.yandex.ru https://*.maps.yandex.net; object-src 'self' *.web-creator.com https://docs.google.com; frame-ancestors 'self' *.web-creator.com http://webvisor.com; 1 default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se *.bidtheatre.com chat.hotelchat.ai; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com *.cookiebot.com backend.chatbase.co; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com *.doubleclick.net chat.hotelchat.ai; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net *.chatbase.co; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://dev.visualwebsiteoptimizer.com https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://app.vwo.com https://cdn.harvest.graindata.com https://a.omappapi.com https://api-engage-eu.sitecorecloud.io https://*.cloudfront.net;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com https://a.omappapi.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://a.omappapi.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com https://static.cloud.coveo.com https://staticdev.cloud.coveo.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com https://api-engage-eu.sitecorecloud.io;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;manifest-src 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;upgrade-insecure-requests;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'self'; img-src 'self' cdnmedia.endeavorsuite.com cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com cdnmedia.endeavorsuite.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1 default-src 'self' blob:; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self' https://md-scp.kampyle.com;upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://*.worldpay.com https://*.lowell.co.uk https://lowell.co.uk https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://optimize.google.com https://*.decibelinsight.net https://*.decibelinsight.com https://pay.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://bat.bing.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://widget.trustpilot.com https://www.youtube.com api.reciteme.com events.reciteme.com linguistics.reciteme.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.lowell.co.uk https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://stats.g.doubleclick.net https://google.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com wss://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://ubt-lb.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://ubt-lb.digital-cloud.medallia.com https://uk.cc.avayacloud.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://noembed.com https://cdn.plyr.io https://api.reciteme.com https://events.reciteme.com;frame-ancestors https://*.cardinalcommerce.com https://applepay.cdn-apple.com https://*.lowell.co.uk https://lowell.co.uk https://www.fisglobal.com https://pay.google.com https://*.lowellgroup.co.uk;style-src 'self' 'unsafe-inline' https://*.lowell.co.uk https://lowell.co.uk https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://resources.digital-cloud-uk.medallia.eu https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://googletagmanager.com api.reciteme.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://*.lowell.co.uk https://lowell.co.uk https://*.google-analytics.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://www.facebook.com https://connect.facebook.net data: https://bat.bing.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://i.ytimg.com https://tools.applemediaservices.com https://toolbox.marketingtools.apple.com api.reciteme.com;object-src data: 'unsafe-eval' https://*.lowell.co.uk;frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://*.doubleclick.net https://optimize.google.com https://www.googletagmanager.com https://*.lowell.co.uk/ https://*.lowellgroup.co.uk https://pay.google.com app.vwo.com *.visualwebsiteoptimizer.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://www.youtube.com https://widget.trustpilot.com;font-src 'self' https://*.lowell.co.uk https://lowell.co.uk https://fonts.gstatic.com https://fonts.googleapis.com https://applepay.cdn-apple.com data: https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://td.doubleclick.net api.reciteme.com;worker-src 'self' https://*.decibelinsight.net wss://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.com blob:;media-src https://mpsnare.iesnare.com data: api.reciteme.com; 1 frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1 block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com https://scontent.cdninstagram.com https://*.cdninstagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tag.aticdn.net 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com/ https://v1.addthisedge.com/ https://s3.amazonaws.com/ https://*.bazaarvoice.com/ http://nexus.ensighten.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://mpsnare.iesnare.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://*.list-manage.com/ https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.paypalobjects.com/ https://s.pinimg.com/ https://assets.pinterest.com/ https://ct.pinterest.com/ https://log.pinterest.com/ https://*.stripe.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://*.pinterest.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.darigold.com/ https://*.bazaarvoice.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://*.choozle.com/ https://tags.bluekai.com/ https://match.adsrvr.org/track/ https://idsync.rlcdn.com/ https://cm.g.doubleclick.net/ https://segments.company-target.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://where-to-buy.co/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://where-to-buy.co/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; form-action 'self' data: blob: https://www.facebook.com/tr/ https://*.bazaarvoice.com/ https://darigold.us6.list-manage.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 allow ‘self’; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net dc.services.visualstudio.com oss.maxcdn.com *.fastway.org *.fastway.co.nz *.fastwayenquiries.com www.fastwayfms.com *.api.fastway.org *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.googleusercontent.com *.googleusercontent.com *.google.com googleadservices.com youtube.com *.fastway.com.au https://*.messagebird.com localhost:44399 wss://localhost:44399; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1 default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com https://www.google-analytics.com/analytics.js https://play.pod.co; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net https://www.google.com/recaptcha/api2/; img-src 'self' data: shielded.co.nz i.ytimg.com staticcdn.co.nz; style-src 'self' 'unsafe-inline'; font-src 'self' data: staticcdn.co.nz; frame-src 'self' www.youtube.com www.google.com staticcdn.co.nz https://play.pod.co https://open.spotify.com https://omny.fm https://www.rnz.co.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; https://whitelabel.2u.com; 1 default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1 frame-ancestors https://*.posylka.de 1 frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1 default-src 'self';block-all-mixed-content ;connect-src 'self' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.zopim.com *.zdassets.com wss://* 'self' *.google-analytics.com goedapotheek.zendesk.com *.doubleclick.net *.zendesk.com *.hotjar.io *.hotjar.com *.googleapis.com *.cookiehub.net zendesk-eu.my.sentry.io www.google.be maps.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com https://analytics.goed.be pagead2.googlesyndication.com goed.containers.piwik.pro goed.piwik.pro tr.outbrain.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.zopim.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.zopim.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.be *.facebook.com secure.adnxs.com *.zendesk.com *.goed.be *.hotjar.com *.outbrain.com www.surplusgezondheid.be tr.outbrain.com www.blabla.be i.ytimg.com www.thuiszorgwinkel.be www.google.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.zopim.com *.google-analytics.com *.google.com *.cookiehub.net static.zdassets.com cookiehub.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.cookiehub.net cookiehub.net;report-uri /csp/violation/report;frame-src www.youtube.com *.vimeo.com www.google.com clementineweb.azurewebsites.net *.jotform.com *.jotformeu.com optimize.google.com *.facebook.com *.actito.com *.hotjar.com *.testyourhearing.com www.goed.be www.yumpu.com form.jotformeu.com form.jotform.com submit.jotformeu.com mozbar.moz.com www3.actito.com loremipsum.io www.google.be www.hln.be eur03.safelinks.protection.outlook.com www.testyourhearing.com https://bid.g.doubleclick.net td.doubleclick.net https://my.3-dee.be/tour/goed https://share-eu1.hsforms.com;media-src static.zdassets.com *.goed.be www.goed.be;script-src-elem *.googleapis.com *.zopim.com *.zdassets.com data connect.facebook.net trk.adbutter.net *.hotjar.com *.googleoptimize.com *.cookiehub.net cookiehub.net www.googleoptimize.com players.yumpu.com static.hotjar.com amplify.outbrain.com www.youtube.com tr.outbrain.com 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.google.com static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src-elem fonts.googleapis.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline' *.google.com 1 script-src 'self' 'unsafe-eval' https://*.app.cookieinformation.com https://siteimproveanalytics.com https://*.mouseflow.com https://www.youtube.com 'nonce-730150a5104443d5a01a19427060eee6286e090a72c04a1c95ee66811e7ac0792d867b91c5ae4b17948e67809d3ec73f'; frame-ancestors *.commentor.dk https://pensure.dk https://drb.bankdata.dk https://*.bankdata.dk https://*.jyskebank.dk https://*.pension.dk *.bec.dk http://pbuapp.ngrok.io https://portal.pfa.dk https://mit.pfa.dk https://mitpfa.dk https://www.industrienspension.dk https://Pka.dk https://Pbu.dk https://Lppension.dk *.danicapension.dk *.appension.dk *.pensure.dk https://mppension.dk *.pka.dk *.pbu.dk *.lppension.dk drb://drb.jyskebank.dk https://drb.jyskebank.dk https://localhost:44337/* https://akademikerpension.dk https://*.sydbank.dk https://*.almbrand.dk drb://drb.sydbank.dk drb://drb.almbrand.dk https://staging.pengeprofilen.dk https://min.pengeprofilen.dk https://app.kreditdata.dk *.mitotium.dk *.pensure.dk https://drb.nordfynsbank.dk drb://drb.nordfynsbank.dk https://drb.skjernbank.dk drb://drb.skjernbank.dk https://drb.djurslandsbank.dk drb://drb.djurslandsbank.dk https://drb.kreditbanken.dk drb://drb.kreditbanken.dk https://drb.landbobanken.dk drb://drb.landbobanken.dk https://drb.spks.dk drb://drb.spks.dk https://netpension.velliv.dk 1 default-src 'self' data:; block-all-mixed-content; connect-src http: https: ws: blob: 'self' *.tinymce.com *.tiny.cloud blob:; font-src 'self' data: fonts.gstatic.com *.tinymce.com *.tiny.cloud *.fontawesome.com; img-src 'self' data: http: https: *.tinymce.com *.tiny.cloud data: blob:; script-src 'self' 'unsafe-inline' js-agent.newrelic.com static.zdassets.com *.zendesk.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com *.posthog.com *.tinymce.com *.tiny.cloud 'nonce-Np6IBNEEdCMsrnvC9VxjzA=='; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com *.tinymce.com *.tiny.cloud; upgrade-insecure-requests 1 default-src 'self' unpkg.com *.gstatic.com *.clarity.ms maps.googleapis.com google-analytics.com *.google-analytics.com *.analytics.google.com *.doubleclick.net www.google.com google.com delivery.clickonometrics.pl www.awin1.com static.criteo.net welovedata.go2cloud.org *.bing.com *.cookiebot.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com *.stbuttons.click *.sharethis.com *.googleapis.com maps.google.com cke4.ckeditor.com; font-src 'self' *.gstatic.com bat.bing.com *.sovendus.com data:; frame-src 'self' *.google.com google.com *.youtube.com *.cookiebot.com www.awin1.com bat.bing.com www.mainadv.com www.googletagmanager.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com data:; img-src 'self' data: *.google-analytics.com maps.gstatic.com maps.googleapis.com *.google.com *.clarity.ms www.google.pl www.awin1.com welovedata.go2cloud.org bat.bing.com www.facebook.com *.roeye.com *.cookiebot.com *.bing.com *.sovendus.com *.sharethis.com 'unsafe-inline' *.tpay.com tpay.com; media-src *; script-src 'self' www.google.com *.gstatic.com developers.google.com www.googletagmanager.com clarity.microsoft.com *.clarity.ms *.cookiebot.com delivery.clickonometrics.pl www.dwin1.com connect.facebook.net *.roeyecdn.com *.cloudflareinsights.com *.bing.com *.doubleclick.net *.sovendus.com *.sharethis.com 'unsafe-eval' 'unsafe-inline' *.googleapis.com maps.google.com cke4.ckeditor.com; style-src 'self' *.googleapis.com *.clarity.ms *.cookiebot.com *.sovendus.com bat.bing.com 'unsafe-inline' 1 default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 1 frame-ancestors https://*.geotab.com https://*.actsoft.com 'self' 1 default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1 default-src 'self' 'unsafe-inline' https://www.googleadservices.com/ https://cdn.jsdelivr.net https://*.pype.tech/ https://bam.nr-data.net/ https://*.linkedin.com/ https://measurement-api.criteo.com https://google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.launchdarkly.com/ https://*.onetrust.com https://cdn.cookielaw.org/ https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://google.com https://www.facebook.com https://my.matterport.com https://*.clarity.ms https://*.googlesyndication.com 'self' https://maps.googleapis.com/ https://business-api.tiktok.com/ https://analytics.tiktok.com/ https://*.clarity.ms/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.pype.tech https://business-api.tiktok.com/ https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://*.criteo.net https://*.vimeocdn.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://*.facebook.net https://www.googleadservices.com https://*.clarity.ms/ https://*.googlesyndication.com https://analytics.tiktok.com/ https://*.vimeo.com https://rules.quantcount.com https://secure.quantserve.com https://snap.licdn.com https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.net https://use.fontawesome.com https://*.pypest; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://related.my.salesforce-sites.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com https://www.googletagmanager.com; upgrade-insecure-requests 1 frame-ancestors https://www.facebook.com https://www.venetacucine.com 1 base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-ll6rz6yqg-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 1 default-src 'self' https://equatio.texthelp.com/client/ wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ wss://cloud.myscript.com/api/v4.0/iink/document https://*.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com https://equatio-search-proxy-eu.texthelp.com https://script.google.com/ https://idp.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/client/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/client/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://*.europe-west1.firebasedatabase.app/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/client/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/client/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1 default-src 'none'; frame-ancestors 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://webassistant.onconnect.app; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net https://webassistant.onconnect.app; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net https://webassist.onconnect.app https://webassistant.onconnect.app https://produkswebassistsignalr18.service.signalr.net wss://produkswebassistsignalr18.service.signalr.net; manifest-src 'self'; base-uri 'none'; form-action 'self'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.google-analytics.com *.msecnd.net *.brightcove.net *.twitter.com *.zencdn.net *.twimg.com *.issuu.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twitter.com *.twimg.com; font-src 'self' data:; connect-src 'self' manifest.prod.boltdns.net *.doubleclick.net *.visualstudio.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.google-analytics.com *.akamaihd.net; frame-src 'self' *.twitter.com *.issuu.com; media-src blob:; object-src 'self'; 1 base-uri 'none'; frame-ancestors 'none'; object-src 'none'; script-src https: http: 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'nonce-N1vSSs0XtoU3szyAUaSxAg=='; report-uri /nelmio/csp/report; worker-src 'none' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.sgwidget.com/; img-src 'self' data: https://secure.gravatar.com/; object-src 'self' data: ; frame-src 'self' data: ; 1 default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://consentcdn.cookiebot.com https://open.spotify.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.weezevent.com https://docs.google.com https://cdn.jsdelivr.net https://licensing.bitmovin.com https://analytics-ingress-global.bitmovin.com https://d12sgur2q2of22.cloudfront.net/ blob:; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' https://consent.cookiebot.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-IR0hnqbejXYEhlT+e0rbGQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://cdn.jsdelivr.net; upgrade-insecure-requests 1 img-src *; default-src 'self' blob: wss://*.transport.connect.eu-west-2.amazonaws.com *.cloudfront.net https://*.amazonaws.com *.one.network https://ukwest-0.in.applicationinsights.azure.com/v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.paypal.com *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com *.google-analytics.com *.analytics.google.com https://cdn-ukwest.onetrust.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: ; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.pencom.gov.ng/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.pencom.gov.ng/; 1 default-src 'self' https://*.facebook.net https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.gstatic.com https://*.youtube-nocookie.com https://*.youtube.com https://*.matterport.com https://snazzymaps.com https://*.snazzymaps.com; block-all-mixed-content; img-src 'self' data: https://placeholder.inventis.be https://*.ytimg.com https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.google.fr https://*.google.de https://*.vimeocdn.com https://*.facebook.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.vimeo.com 'nonce-bjlU56Ck7C1KMOFPk0MsVw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1 default-src 'self' data: wss://b24.sosedi.by google.com b24.sosedi.by https://www.google-analytics.com https://analytics.google.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://core-renderer-tiles.maps.yandex.net https://td.doubleclick.net https://api.mindbox.ru https://www.google.com https://www.google.by http://mc.yandex.ru https://bitrix.info; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru:* https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru/services/coverage/v2/* https://yastatic.net https://connect.facebook.net livechatv2.chat2desk.com https://b24.sosedi.by:* https://vk.com https://analytics.tiktok.com https://top-fwz1.mail.ru http://www.google-analytics.com http://maps.google.com https://bitrix.info https://api.mindbox.ru https://www.googletagmanager.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com https://*.mail.ru http://googleads.g.doubleclick.net http://cdn.voximplant.com; style-src 'self' 'unsafe-inline' b24.sosedi.by http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:*; img-src 'self' data: https:; font-src 'self' data: http://*.gstatic.com:*; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.google-analytics.com *.msecnd.net *.visualstudio.com *.vimeo.com https://vimeo.com; frame-src 'self' *.vimeo.com https://vimeo.com; font-src 'self' data:; img-src 'self' *.google-analytics.com data:; 1 frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1 default-src: none; 1 upgrade-insecure-requests; block-all-mixed-content 1 frame-src https://platform.twitter.com https://www.eucpn.org https://eucpn.org https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.youtube.com; report-uri /report-csp-violation 1 default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com https://instapi.s3.rbx.io.cloud.ovh.net *.imagino.com https://metrics.fabriquedestyles.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.pinterest.com *.pinterest.net *.pinterest.fr *.analytics.google.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1 img-src * data: 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net unpkg.com player.vimeo.com www.vimeo.com f.vimeocdn.com static.userback.io www.google.com www.gstatic.com https://www.chipta.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com fonts.googleapis.com static.userback.io; img-src data: 'self' *.vimeocdn.com *.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.vimeo.com vimeo.com www.google.com https://iframeshop.chipta.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com https://static.userback.io; connect-src 'self' api.userback.io https://*.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 1 default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/ https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru https://mod.calltouch.ru/; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru https://e-m-l.ru blob: https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:* https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://app.intric.ai/ https://cdn1.readspeaker.com/ https://connect.facebook.net/ https://prod.e-srv.se/ https://se.sms-service.dk/ https://skattekollen.se/ https://unpkg.com/ https://www.monsteras.se/ /code.jquery.com/jquery-1.10.2.js; img-src 'self' data: https://2.aerial.maps.ls.hereapi.com/ https://skattekollen.se/ https://objektvision.se/ https://media.readspeaker.com/ https://connect.facebook.net/ https://secure.gravatar.com/ https://www.monsteras.se/ https://a.basemaps.cartocdn.com/ https://b.basemaps.cartocdn.com/ https://c.basemaps.cartocdn.com/ https://d.basemaps.cartocdn.com/ https://server.arcgisonline.com/ https://i.ytimg.com/; object-src 'self' data: https://se.sms-service.dk/ https://objektvision.se/ https://recruit.visma.com/ https://export.objektvision.se/ https://connect.facebook.net/ https://www.facebook.com/ https://www.monsteras.se/ https://www.youtube.com/ https://e.issuu.com/ https://skattekollen.se/; frame-src 'self' data: https://se.sms-service.dk/ https://objektvision.se/ https://recruit.visma.com/ https://export.objektvision.se/ https://connect.facebook.net/ https://www.facebook.com/ https://www.monsteras.se/ https://www.youtube.com/ https://e.issuu.com/ https://skattekollen.se/; 1 form-action 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src 'self';iframe-src 'self';child-src 'self';report-uri /Error/ContentSecurity 1 default-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; script-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; style-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; font-src 'self' https: http://www.portaleamministrazionetrasparente.it/ 1 default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com www.googleadservices.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' *.fg.cz localhost localhost-promo;font-src 'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src 'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz *.clarity.ms;form-action 'self' *.fg.cz *.facebook.com;frame-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;worker-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;frame-ancestors 'self' *.fg.cz;img-src 'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz *.clarity.ms *.bing.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src 'self' *.fg.cz 1 allow 'self'; gtp.com.au 1 frame-ancestors https://*.fsfx.com.br 1 frame-ancestors kinmen.travel www.kinmen.travel pwa.kinmen.travel 'self' 1 frame-ancestors https://www.twoa.ac.nz 1 upgrade-insecure-requests; default-src 'self'; base-uri 'none'; connect-src 'self' *.amazonaws.com https://api.ldnfrpl.com https://api.leadinfo.com https://*.leadinfo.net wss: *.web-vision.de; font-src 'self'; form-action 'self'; frame-ancestors 'self' https://*.leadinfo.net; frame-src 'self' *.web-vision.de *.leadinfo.net *.leadinfo.com www.google.com; img-src 'self' https: data: 'unsafe-inline' https://*.leadinfo.net https://*.leadinfo.net maps.googleapis.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval' *.web-vision.de/typo3* https://*.leadinfo.net maps.googleapis.com *.web-vision.de; style-src 'self' data: https: 'unsafe-inline' https://*.leadinfo.net; worker-src blob; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1 script-src 'self' 'unsafe-inline' assets.ubembed.com go.wastequip.com *.salesforceliveagent.com f4362c3f5e8c411ab3ae398736a68fcc.js.ubembed.com *.simpli.fi googleads.g.doubleclick.net service.force.com *.googletagmanager.com pi.pardot.com *.licdn.com connect.facebook.net bat.bing.com *.google-analytics.com pixel.visitiq.io *.userway.org *.olark.com *.quantcount.com *.quantserve.com; object-src 'self'; img-src 'self' *.quantcount.com *.quantserve.com cdn.userway.org; frame-ancestors 'self'; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trusted.cdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1 default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1 connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://*.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://*.dengagecdn.com/ https://www.googletagmanager.com/ https://gtm.techcareer.net/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/ https://www.google.com.tr https://*.googlesyndication.com https://*.doubleclick.net https://cv.gcp.techcareer.net https://assets.efilli.com https://ep1.adtrafficquality.google/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://bundles.efilli.com/ https://*.doubleclick.net https://*.googlesyndication.com https://*.dengage.com https://ep2.adtrafficquality.google/sodar/sodar2.js;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self' blob:; 1 default-src 'self';script-src 'self' 'nonce-08HWZHSfRTt+B88JudgeMAD6qaVoC3A94YI/tQwXz64=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com https://*.gstatic.com https://*.google.com https://*.google.se data: ;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.se https://*.doubleclick.net;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com https://*.doubleclick.net;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com; 1 default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-2c8e617a8a0c69e8069d157d9e704460' 'nonce-323b1cbe6e7b8fdbf04ebe98a96f0854' 'nonce-fb1020f538b09f0e60f915f2c642ff7d' 'nonce-0fe817917bee8b96448c543b4101df87' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-2c8e617a8a0c69e8069d157d9e704460' 'nonce-323b1cbe6e7b8fdbf04ebe98a96f0854' 'nonce-fb1020f538b09f0e60f915f2c642ff7d' 'nonce-0fe817917bee8b96448c543b4101df87' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals ; base-uri 'self'; 1 font-src 'self' data: fonts.gstatic.com;img-src * data: ; 1 script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com blob: https://*.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.surveymonkey.com https://js.stripe.com/v3/; img-src 'self' https://nzmca.s3.ap-southeast-2.amazonaws.com https://d1o3mhf2l0m2f4.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.surveymonkey.com; frame-src *.google.com https://*.doubleclick.net youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.stripe.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.surveymonkey.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com; worker-src blob: 1 base-uri 'self'; default-src 'none'; child-src 'self'; connect-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl; font-src https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/ data:; form-action 'self' https://*.verzekeringsinzicht.nl; frame-ancestors 'self'; img-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/ https://verzekeringsinzicht.nl/images/ https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/favicon.ico data:; object-src 'none'; script-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/javascript/ https://verzekeringsinzicht.nl/vendor/ 'nonce-WU/STAAAO3DhyvBKPnFCCO+F'; style-src https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/vendor/ 'nonce-WU/STAAAO3DhyvBKPnFCCO+F'; upgrade-insecure-requests 1 base-uri 'none';child-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com;connect-src 'self' ws: wss: https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://assets.zuko.io https://api.zuko.io https://b9r8u7pkx0.execute-api.eu-west-1.amazonaws.com/v1/domains/homegroup.org.uk/forms/ https://zuko-session-replay-recordings-prod.s3.amazonaws.com/ webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com https://*.ttwstatic.com https://*.consultationonline.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://www.googletagmanager.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://*.ceros.com https://assets.zuko.io https://api.zuko.io https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://www.googletagmanager.com; 1 frame-ancestors https://*.nileyouth.net 1 base-uri 'self';child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;connect-src 'self' *.amplitude.com *.analytics.google.com *.cloud.gist.build *.cloudinary.com *.cookieyes.com/ *.customer.io *.daily.co *.datocms-assets.com *.doubleclick.net *.featuregates.org/ *.featureassets.org/ *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io *.ingest.de.sentry.io *.ingest.sentry.io *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.linkedin.com/ *.mux.com *.productfruits.com *.pusher.com *.refersion.com *.segment.com *.segment.io *.sendbird.com *.statsigapi.net/ *.trustpilot.com *.vercel-analytics.com *.vercel-insights.com *.youtube.com adservice.google.com analytics.google.com browser-intake-datadoghq.eu cdn-cookieyes.com cdn.linkedin data: embed.acuityscheduling.com featuregates.org/ featureassets.org/ prodregistryv2.org onesignal.com open.spotify.com statsigapi.net/ vercel.live/ wss://*.daily.co wss://*.intercom.io wss://*.productfruits.com wss://*.pusher.com wss://*.sendbird.com wss://ws.hotjar.com;default-src 'self';font-src 'self' *.hotjar.com *.intercomcdn.com *.typekit.net data: fonts.gstatic.com vercel.live;form-action 'self' *.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io;frame-ancestors 'self' *.flown.com;frame-src 'self' *.flown.com *.acuityscheduling.com *.daily.co *.facebook.com *.gist.build *.googletagmanager.com *.gotolstoy.com *.hotjar.com *.refersion.com *.spotify.com *.stripe.com *.trustpilot.com *.trustpilot.io *.typeform.com *.vercel *.vercel.app *.youtube.com copilot.as.me daily.flown.com intercom-sheets.com preview.daily.flown.com vercel.live;img-src 'self' *.ap-south-1.amazonaws.com *.cloudinary.com *.customer.io *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.intercomcdn.com *.intercomusercontent.com *.linkedin.com *.onesignal.com *.productfruits.com *.sendbird.com *.tenor.com *.twitter.com *.vercel.com *.ytimg.com data: blob: t.co vercel.com www.datocms-assets.com;manifest-src 'self';media-src 'self' *.mux.com blob://* www.datocms-assets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;object-src 'none';script-src 'self' 'nonce-e6a64bb228881a440249b7a1e8c3ed650293' 'sha256-+SoN4AYEO7MIojy8t+pMAZVDX7KhQzTQI+8i7LAo6HM=' 'sha256-111DY6ucUS2euDqh93ylFTnnaf+9aYuD3PJWCgYTn+w=' 'sha256-1QiKvWvaeuGeYkEbME0QclU2tCRDQDKlL0+XrFuFVmE=' 'sha256-4OZKYuOHAce0LSFazkaayEWT6JLiXt0Lgcre3+Sjuis' 'sha256-5hBVOyELPCqO/N8CikapnRXXhZz/HRHfgNRUZjqshG4=' 'sha256-BzHBoZ8xtfQm3LNTbReiluIPQRcxisgx2mdRNwpNHcU=' 'sha256-HNMk6SVD8tUFzYDasCBApUarqEuczJ8aXgX1n5N0p7Q=' 'sha256-I0qRwJzAAHaN1/K5UoQ0GuHLe7PtFhYYrrarj8PErRw=' 'sha256-IPgMRJYZUz8lznT1nRXD6HDFgXoVQQVY/3wT108wLLc=' 'sha256-L7S+VtFKJtIFUp0HP9li29GjkFAcQontRK8dW5uQsA8=' 'sha256-Y/Nm6FoRDI7eFQwN1V+6XqC4IbTg8tzyEPJSfNZBxME=' 'sha256-ccEm0GiYLjsbXK3KbKT4QFcC00OAoxtFYKLZSuMuo8k=' 'sha256-eJYOFA2XbEBxR3DHqvNKwdAh8lugXzY/fgrkbF2gzMo=' 'sha256-fApKFPeDHEwP3jIdVMBOuJMYDSkTooaFkD59Sp8RN0M=' 'sha256-grdef4AlM85kk/jkVX+XN4vPTxKfb/Kx7cURs8XZBDE=' 'sha256-l6DO/mJ8d7LuRBtvgk+eUTzCnCcJ6jXkDQ7iMTcjmmo=' 'sha256-tUnHUS+zXnbf2U7tp5cxVGi7KZn4YeMzH5kcUUtxnHc=' *.acuityscheduling.com/ *.ads-twitter.com *.amplitude.com *.cookieyes.com *.customer.io *.daily.co *.facebook.net *.gist.build/ *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.intercom.io *.intercomcdn.com *.licdn.com/ *.onesignal.com *.productfruits.com *.refersion.com *.segment.com *.stripe.com *.trustpilot.com *.youtube.com accounts.google.com blob://* cdn-cookieyes.com embed.typeform.com onesignal.com vercel.live/ vitals.vercel-analytics.com vitals.vercel-insights.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com;style-src 'self' 'unsafe-inline' *.cookieyes.com *.intercom.io *.intercomcdn.com *.productfruits.com *.typeform.com cdn-cookieyes.com fonts.googleapis.com onesignal.com vercel.live;worker-src 'self' blob:;report-to default;report-uri https://flown-reports.uriports.com/reports/report; 1 default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' https://*.kfassessment.com https://*.kfassessment.eu 1 frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fcmanrique.org https://*.fcmanrique.org https://maps.googleapis.co https://*.fontawesome.com https://*.google.com https://code.jquery.com https://*.gstatic.com/ https://pagead2.googlesyndication.com/ blob:; img-src 'self' data: blob: https://fcmanrique.org https://*.fcmanrique.org blob: https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.comlh6.ggpht.com https://cbk0.googleapis.com https://cbks0.googleapis.com https://khm0.googleapis.com https://khm1.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com; object-src 'self' data: blob: https://www.google.com; frame-src 'self' data: blob: https://www.google.com; 1 default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg www.google.mu www.google.com.tj www.google.com.kw ajax.cloudflare.com www.google.com.pe www.google.li www.google.com.gh www.google.sn www.google.bj www.google.dz www.google.com.jm www.google.com.cu www.google.cd api.wp-rocket.me; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1 base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src *; img-src * blob:; media-src *; object-src *; plugin-types *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors * gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Xj9CGQxcP2oqPedZpSS9C9L1VDAboElS5lIELwTraRokHFWJj2vKT%2FaRYqhEThBd0xQBdopjxwM%2B%2BIoVpksNNw%3D%3D; 1 report-to 'self' ; child-src 'self' 'unsafe-inline' self; connect-src 'self' 'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self' 'unsafe-inline' self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' 'unsafe-inline' self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' 'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' s.w.org; object-src 'self' ; script-src 'self' 'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self' 'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' ; worker-src 'self' 'unsafe-inline' blob:; 1 frame-ancestors 'self' https://weiterbildung.snv.ch/ 1 frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1 default-src 'self';script-src 'self'; 1 frame-ancestors https://*.ilnotiziario.net 1 default-src 'none'; block-all-mixed-content; connect-src 'self' https://api.getaddress.io https://*.google-analytics.com https://*.googletagmanager.com; font-src https://assets.nurserymilk.co.uk; frame-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; img-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/ data:; object-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; script-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' 'sha256-//t8DN+5PHt8HhW5JH2ig7gM5SCiAAJ19Gba5fqlebw='; style-src https://assets.nurserymilk.co.uk; report-uri /_csp/report 1 default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.videoamp.com *.pixel.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.monsido.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js *.cloudflare.com *.mikmak.ai *.swaven.com https://sc-static.net/sc-pixel-helper.min.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com *.typekit.net *.cloudflare.com *.monsido.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.videoamp.com *.pixel.tapad.com *.snapchat.com *.doubleclick.net *.mikmak.ai *.swaven.com *.analytics.yahoo.com *.adnxs.com *.abtasty.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/ https://img.youtube.com/ *.monsido.com; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.abtasty.com *.googletagmanager.com *.mikmak.ai *.swaven.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.abtasty.com *.typekit.net *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net https://www.facebook.com *.google.com *.googleadservices.com *.mikmak.ai *.swaven.com *.monsido.com; upgrade-insecure-requests 1 default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval' ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1 default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com *.criteo.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com *.criteo.com/* pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com *.cloudflareinsights.com unpkg.com *.greenhouse.io *.resonate.com *.reson8.com *.criteo.com *.pinimg.com *.pinterest.com *.adnxs.com; report-uri /report-csp-violation 1 connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action *.vimeocdn.com; frame-src view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src s.w.org; script-src 'self' 'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.googleapis.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; worker-src blob:; upgrade-insecure-requests; 1 frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1 allow "self" 1 default-src 'self'; script-src 'self'; connect-src 'self' 1 default-src 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com info.autobooks.co; script-src info.autobooks.co; object-src info.autobooks.co; style-src 'unsafe-inline' 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; img-src data: 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; frame-src info.autobooks.co; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none'; connect-src 'self' *.google-analytics.com *.googlesyndication.com *.google.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.typekit.net; frame-src *.google.com *.googletagmanager.com https://www.youtube-nocookie.com/; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net unpkg.com *.google.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.seznam.cz *.facebook.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net unpkg.com *.cloudflare.com *.googleapis.com *.typekit.net *.seznam.cz *.facebook.net 1 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com *.wonderlandmovies.de *.stage.sto.adacor.net ar.merci.at ar.merci.pl *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.googleadservices.com *.pricespider.com *.mapbox.com s3.us-west-2.amazonaws.com click2cart.com *.click2cart.com maps.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.pricespider.com *.wonderlandmovies.de *.stage.sto.adacor.net staebchen-designer.merci.de *.amazonaws.com *.gstatic.com attach-videos.s3.amazonaws.com *.albertsons-media.com *.media-amazon.com *.walmartimages.com click2cart.com *.click2cart.com maps.gstatic.com maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.pricespider.com *.mapbox.com click2cart.com *.click2cart.com maxcdn.bootstrapcdn.com s3.us-west-2.amazonaws.com fonts.googleapis.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mapbox.com *.iriworldwide.com click2cart.com *.click2cart.com maps.googleapis.com; font-src 'self' data: *.storck.com s3.us-west-2.amazonaws.com maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' data: ar.merci.at ar.merci.pl *.stage.sto.adacor.net staebchen-designer.merci.de blob: di.rlcdn.com; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://atal.pl https://*.atal.pl https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; img-src 'self' data: https://atal.pl https://*.atal.pl https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; object-src 'self' data: https://atal.pl https://*.atal.pl https://resimo.io https://*.resimo.io https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; frame-src 'self' data: https://atal.pl https://*.atal.pl https://resimo.io https://*.resimo.io https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; 1 default-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.postman-beta.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman-beta.com *.postman-beta.co *.cdn.postman-beta.com fonts.gstatic.com www.postman-beta.com *.postman-alpha.co fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman-beta.co desktop.postman-beta.com desktop-ent.postman-beta.com *.eu.postman-alpha.co; frame-src looker.postman-beta.co dl-preview-container.pstmn.io skills-assets.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://application.security/ https://accounts.google.com/ https://runtime-assets.pstmn-beta.io/ https://challenges.cloudflare.com/; child-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.postman-beta.com blob:; worker-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.cdn.postman-beta.com blob:; object-src 'self'; img-src https: data:; media-src 'self' * data: https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman-beta.com *.postman-beta.co *.eu.postman-alpha.co *.cdn.postman-beta.com *.pstmn.io code.jquery.com www.postman-beta.com postman-beta.com googletagmanager.com ssl.google-analytics.com google-analytics.com https://bi-beta.pst.tech https://bi.pst.tech cdnjs.cloudflare.com js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://challenges.cloudflare.com/ 'nonce-DeBSb41o5NqH/6g6Q7gUIOD7MIYjHRW1rzr8rocGBY/CRYtK'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman-beta.co *.cdn.postman-beta.com *.pstmn.io www.postman-beta.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman-beta.com *.eu.postman-alpha.co accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10505 https: wss://*.postman-beta.co wss://*.gw.postman-beta.co wss://*.gw.postman-beta.com wss://*.gw.eu.postman-alpha.co https: wss://iris-backend-beta.postman-account2009.workers.dev wss://0.peerjs.com https://0.peerjs.com wss://matrix.postman-beta.co:4000 wss://*.gw.eu.postman-alpha.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=beta 1 default-src 'self' teamwars.pro https://apival.teamwars.pro:5002 wss://apival.teamwars.pro:5002 fonts.googleapis.com; script-src 'self' https://apival.teamwars.pro:5002 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.akamaihd.net *.googleusercontent.com *.fbsbx.com data:; font-src 'self' fonts.gstatic.com; frame-src 'self' *.youtube.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.userway.org *.gstatic.com *.contextweb.com *.doubleclick.net *.googleadservices.com *.calendly.com calendly.com *.akamaihd.net *.cmsuapps.com *.typekit.net *.googletagmanager.com stats.sa-as.com *.brightcove.com *.brightcove.net *.google-analytics.com *.pardot.com stats.g.doubleclick.net go.us.medical.canon www.google.com vjs.zencdn.net *.boltdns.net *.brightcovecdn.com *.googleapis.com *.youtube.com *.twimg.com *.ytimg.com www.gstatic.com *.gravatar.com *.twitter.com *.seismic.com; frame-ancestors 'self' *.pardot.com *.salesforce.com *.seismic.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://code.jquery.com/ https://www.praha14.cz:3000/ https://www.praha14.cz/bud/hot https://npmcdn.com https://*.praha14.cz/ https://maps.google.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://schema.org https://*.hcaptcha.com/ https://hcaptcha.com/ https://mapy.cz/ https://*.mapy.cz/ https://*.seznam.cz/; img-src 'self' data: blob: https://secure.gravatar.com/ https://www.praha14.cz:3000/ https://thebridge.telenorsat.com/ https://npmcdn.com/ https://*.praha14.cz/ https://maps.google.com/ https://maps.googleapis.com/ https://server.arcgisonline.com/ https://cdnjs.cloudflare.com/ https://*.mapy.cz/ https://mapy.cz/ https://*.seznam.cz/; object-src 'self' data: blob: https://*.praha14.cz/ https://docs.google.com/ https://*.mapy.cz/ https://npmcdn.com/ https://maps.google.com/ https://maps.googleapis.com/ https://*.hcaptcha.com/ https://www.youtube.com/ https://youtu.be/ https://mapy.cz/ https://frame.mapy.cz/ https://*.seznam.cz/; frame-src 'self' data: blob: https://*.praha14.cz/ https://docs.google.com/ https://*.mapy.cz/ https://npmcdn.com/ https://maps.google.com/ https://maps.googleapis.com/ https://*.hcaptcha.com/ https://www.youtube.com/ https://youtu.be/ https://mapy.cz/ https://frame.mapy.cz/ https://*.seznam.cz/; 1 frame-ancestors 'self' https://app.signageful.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1 frame-ancestors https://*.innovatrics.com 1 frame-ancestors 'self'; report-uri /report-csp-violation 1 frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1 frame-ancestors 'self' infopoint.kastner.local infopoint.kastner.at *.kastner.at *.biogast.at 1 allow 'self' www.google-analytics.com ajax.googleapis.com; 1 default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-JglQj6PX/c3n1AtXwhS4fkUY+TTFNX3M/x4JjovL2tY=' 'sha256-gRjb7Pg9ekg78sSAQ935jMPX8YulX2dOQYx79CdC2uE=' 'nonce-DM629MxDBKU7mwwkKbzICg=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1 allow 'self'; options inline-script eval-script; frame-ancestors 'none' 1 none 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1 frame-ancestors 'self' https://*.papajohns.com.sv ; object-src 'self' *.papajohns.com.sv ; img-src 'self' *.papajohns.com.sv data: *.twimg.com *.twitter.com *.facebook.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.sv *.statcounter.com *.facebook.net *.doubleclick.net *.google.com sailplays3.cdnvideo.ru res.cloudinary.com *.digitaloceanspaces.com *.bitworks.com.sv; script-src 'self' *.papajohns.com.sv 'unsafe-inline' 'unsafe-eval' data: *.twimg.com *.googletagmanager.com *.facebook.com *.google.com *.google.com.sv *.google-analytics.com maps.googleapis.com ajax.googleapis.com *.gstatic.com *.twitter.com *.statcounter.com *.facebook.net *.hotjar.io *.hotjar.com static.hotjar.com *.googleadservices.com cdnjs.cloudflare.com sailplay.ru sailplay.net *.sailplay.net sailplays3.cdnvideo.ru cdn.jsdelivr.net cdn.pushalert.co code.jquery.com *.bitworks.com.sv l.getsitecontrol.com static.cloudflareinsights.com ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://disensa.com.ec/ https://*.disensa.com.ec; img-src 'self' data: blob: ; object-src 'self' data: blob: https://disensa.com.ec https://*.disensa.com.ec https://azurewebsites.net/ https://*.azurewebsites.net/; frame-src 'self' data: blob: https://disensa.com.ec https://*.disensa.com.ec https://azurewebsites.net/ https://*.azurewebsites.net/; 1 base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com *.olark.com trafmag.utarget.ru *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com; object-src 'none'; img-src 'self' *.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1 base-uri 'none'; default-src 'self'; child-src https://www.youtube.com https://skk.erecruiter.pl https://heyzine.com https://*.heyzine.com https://*.google.com https://www.googletagmanager.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src 'self' https://skk.erecruiter.pl https://*.seznam.cz https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com https://*.gstatic.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com https://*.gstatic.com https://skk.erecruiter.pl https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com ttps://skk.erecruiter.pl 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1 default-src 'self'; script-src 'self' https://www.googletagmanager.com https://cdn.jsdelivr.net; style-src 'self' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://gssapps.ebscohost.com/ https://forms.office.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 default-src 'self'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' blob: data: ; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; frame-src * 'self'; worker-src 'self'; frame-ancestors * 'self'; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1 default-src 'unsafe-inline' 'self' https://*.cloudflare.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.clarity.ms https://*.azureedge.net https://*.youtube.com https://*.dynamics.com https://*.azure.com https://pro.fontawesome.com; font-src 'self' data: https://pro.fontawesome.com; frame-src https://*.facebook.com https://*.google.com https://*.youtube.com https://*.doubleclick.net https://*.googletagmanager.com; img-src 'self' data: https://*.googletagmanager.com/ https://*.bing.com https://*.clarity.ms https://*.google-analytics.com/ https://*.google.com/ https://*.google.co.za https://*.facebook.com https://snap.licdn.com https://*.linkedin.com https://*.google.es https://*.dynamics.com https://*.azureedge.net https://i.ytimg.com https://*.doubleclick.net; 1 default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://pay.google.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://*.ggpht.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua; frame-src 'self' 'unsafe-inline' https://*.doubleclick.net 1 script-src 'self'; object-src 'self' 1 block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee *.suvekeskus.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com www.googletagmanager.com embed.figma.com www.figma.com; report-uri /csp/report 1 default-src 'self'; style-src 'unsafe-inline' 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/; img-src 'self' data: http://*; object-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/; frame-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/; 1 block-all-mixed-content; report-uri /nelmio/csp/report 1 default-src 'self' https://chat.shellfire.de https://www.google.de https://maps.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.analytics.google.com https://*.googleapis.com https://*.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.google.com https://optimize.google.com https://www.sandbox.paypal.com https://www.paypal.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://*.sitegpt.ai https://cdn.jsdelivr.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.shellfire.de https://www.google.com https://maps.google.com https://www.google.net https://connect.facebook.net https://www.google.com https://www.google.net https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.googletagmanager.com https://static.ads-twitter.com https://analytics.twitter.com https://*.analytics.twitter.com https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.paypal.com https://cdn.cookie-script.com https://report.cookie-script.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://sitegpt.ai https://*.sitegpt.ai https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.facebook.net https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; img-src data: * ; 1 base-uri 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com; child-src 'none'; connect-src 'self' 'unsafe-inline' *.backblazeb2.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com search.redballoon.work analytics.redballoon.work api.honeybadger.io secure.safewebservices.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa api.hubapi.com forms.hscollectedforms.net tags.srv.stackadapt.com cdn.getkoala.com api.getkoala.com api.hubspot.com webpack://*; default-src 'self'; font-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com fonts.gstatic.com; form-action 'self'; frame-ancestors www.youtube.com test.redballoon.dev *.redballoon.work; frame-src 'unsafe-inline' hemsync.clickagy.com www.youtube.com player.vimeo.com www.youtube-nocookie.com calendly.com iframe.cloudflarestream.com secure.safewebservices.com *.redballoon.work app.hubspot.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com; img-src 'self' https://www.idibu.com blob: assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: https://px.ads.linkedin.com https://t.co/1/i/adsct https://analytics.twitter.com/1/i/adsct track.hubspot.com forms.hsforms.com tags.srv.stackadapt.com; manifest-src 'self'; object-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com; script-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com www.youtube.com f.vimeocdn.com embed.cloudflarestream.com analytics.redballoon.work secure.safewebservices.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com snap.licdn.com static.ads-twitter.com px4.ads.linkedin.com js.hs-scripts.com js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.hs-analytics.net js.usemessages.com tags.srv.stackadapt.com cdn.getkoala.com api.getkoala.com www.idibu.com static.hsappstatic.net ; style-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: fonts.googleapis.com secure.safewebservices.com tags.srv.stackadapt.com 'unsafe-inline'; 1 default-src 'self'; frame-src 'self' https://www.careopinion.org.uk/ https://www.patientopinion.org.uk/ *.nhs.uk/ *.facebook.com/ https://www.youtube-nocookie.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://graph.facebook.com/ https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' https://video.cdninstagram.com/ 1 default-src 'self' https://dev.shop.bioeg.de https://shop.bioeg.de https://shop.bzga.de; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://dev.shop.bioeg.de https://shop.bioeg.de https://shop.bzga.de data: https://piwik.bzga.de https://www.bioeg.de https://service.bzga.de https://www.bzga.de; frame-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/; 1 default-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; script-src 'self' data: 'unsafe-inline' northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com nvlt.co *.nvlt.co; object-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com nvlt.co *.nvlt.co; style-src 'self' data: 'unsafe-inline' northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; img-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; media-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; frame-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; font-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; connect-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com nvlt.co *.nvlt.co sentry.io *.sentry.io 1 frame-ancestors 'self' *.gvmp.de; 1 default-src 'self' ; script-src 'self' 'unsafe-inline' www.legiscomex.com www.googletagmanager.com www.google.com code.jquery.com static.addtoany.com pautas.legis.com.co prepautas.legis.com.co js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net https://cdn.dxpr.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.legiscomex.com use.fontawesome.com lablegis.azurewebsites.net legislab.legis.com.co www.googletagmanager.com www.google.com code.jquery.com static.addtoany.com pautas.legis.com.co prepautas.legis.com.co js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.googleapis.com https://cdn.dxpr.com; img-src 'self' blob: https://www.legiscomex.com cdn2.iconfinder.com is1-ssl.mzstatic.com lh3.googleusercontent.com cdn3.iconfinder.com lablegis.azurewebsites.net px.ads.linkedin.com www.facebook.com googleads.g.doubleclick.net www.linkedin.com track.hubspot.com forms.hsforms.com www.google.com.co data: www.google.com www.google-analytics.com pautas.legis.com.co www.googletagmanager.com prepautas.legis.com.co legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net https://www.legiscomex.com https://cdn.dxpr.com https://teachlikeachampion.com https://teachlikeachampion.org; media-src 'self' https://www.legiscomex.com https://teachlikeachampion.org; frame-src 'self' https://www.legiscomex.com static.addtoany.com widget.spreaker.com www.googletagmanager.com platform.twitter.com *.youtube.com es.surveymonkey.com https://www.facebook.com/ td.doubleclick.net legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net https://formulariocontactenos.legis.com.co https://web.facebook.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' https://www.legiscomex.com use.fontawesome.com lablegis.azurewebsites.net stackpath.bootstrapcdn.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.gstatic.com; connect-src 'self' https://www.legiscomex.com lablegis.azurewebsites.net pautas.legis.com.co bam.nr-data.net www.google.com analytics.google.com www.google-analytics.com px.ads.linkedin.com forms.hscollectedforms.net www.google.com forms.hubspot.com prepautas.legis.com.co legislab.legis.com.co www.google.com stats.g.doubleclick.net www.facebook.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net vc.hotjar.io wss: https://www.legiscomex.com https://cdn.dxpr.com https://api.segment.io; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; img-src _; media-src _ data:; script-src 'self' https://sc.lfeeder.com https://www.googletagmanager.com https://ws.zoominfo.com https://cdnjs.cloudflare.com; object-src 'none'; 1 default-src 'self'; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://optimize.google.com https://*.decibelinsight.net https://*.decibelinsight.com; connect-src 'self' https://www.google-analytics.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://*.egain.cloud https://optimize.google.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.co.uk https://www.facebook.com https://connect.facebook.net https://optimize.google.com data:; object-src data: 'unsafe-eval'; frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://bid.g.doubleclick.net https://optimize.google.com https://cdn.yoshki.com; font-src 'self' https://cdn.yoshki.com/ https://fonts.gstatic.com https://fonts.googleapis.com data:; 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/; frame-src 'self' https://datawrapper.dwcdn.net/ 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src http: https: data:; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1 default-src https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com res.cloudinary.com code.jquery.com cdnjs.cloudflare.com 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:;; connect-src * 1 font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1 default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.monsido.com *.https://s.pinimg.com/ct/core.js *.pinimg.com *.pinterest.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js https://sc-static.net/sc-pixel-helper.min.js https://cdn.cookielaw.org *.mikmak.ai *.swaven.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.ad.doubleclick.net *.monsido.com *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.typekit.net; img-src 'self' *.adsrvr.org *.doubleclick.net *.monsido.com *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.ipredictive.com https://di.rlcdn.com https://nova.collect.igodigital.com https://cdn.cookielaw.org *.mikmak.ai *.swaven.com; media-src 'self'; frame-src 'self' *.youtube.com *.pinterest.com *.youtube-nocookie.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.flashtalking.com *.googletagmanager.com *.mikmak.ai *.swaven.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.typekit.net *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.pinterest.com *.facebook.com *.onetrust.com *.tiktok.com *.google-analytics.com *.monsido.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com https://cdn.cookielaw.org *.analytics.google.com *.google.com *.mikmak.ai *.swaven.com; upgrade-insecure-requests 1 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1 default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://maps.googleapis.com https://maps.gstatic.com data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://www.googletagmanager.com https://imgsct.cookiebot.com https://forms.hsforms.com https://perf-eu1.hsforms.com https://26706590.fs1.hubspotusercontent-eu1.net https://www.google.de https://www.google.com; object-src data:; frame-src 'self' mailto: tel: *.krone-dev.cybob-one.com *.krone-agriculture.com https://*.mykrone.green https://mykrone.green https://*.krone.de *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com https://my.matterport.com https://forms-eu1.hsforms.com https://td.doubleclick.net https://www.googletagmanager.com ; script-src 'self' 'unsafe-inline' https://www.google.com https://forms-eu1.hubspot.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hsforms.net/forms/embed/v2.js https://js-eu1.hsforms.net https://js-eu1.hubspot.com *.clarity.ms https://www.youtube.com; connect-src 'self' https://pagead2.googlesyndication.com https://www.googleadservices.com *.clarity.ms https://www.googletagmanager.com https://region1.analytics.google.com https://www.google.de https://www.google.com https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hubspot.com https://cta-eu1.hubspot.com https://f.clarity.ms https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1 obj-src 'none'; 1 default-src 'self' 'unsafe-inline'; img-src https://* 1 default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1 frame-src https://www.olisnet.com/ https://olisnet.com/ https://www.fa.olisnet.com/ https://www.tableau.olisnet.com/ https://www.edr.olisnet.com/ https://ebanking-auth.edmond-de-rothschild.eu/ 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1 default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.googleadservices.com *.usercentrics.eu connect.facebook.net snap.licdn.com *.google.com *.linkedin.com *.doubleclick.net cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.docksal.site:* *.ddev.site:* *.gstatic.com chosen.js *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com *.usercentrics.eu cdn.jsdelivr.net cdnjs.cloudflare.com chosen.css; img-src 'self' data: *.google.com *.google.be *.facebook.com *.linkedin.com *.typekit.net *.icons8.com *.usercentrics.eu www.googletagmanager.com *.doubleclick.net *.hubspot.com; media-src 'self'; frame-src 'self' *.usercentrics.eu app.powerbi.com *.youtube.com *.google.com www.googletagmanager.com *.spotify.com *.apple.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com; connect-src 'self' *.google-analytics.com *.usercentrics.eu *.linkedin.com *.facebook.com *.google.com; report-uri /report-csp-violation 1 connect-src 'self' translate.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' blob: www.google.com www.youtube.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self' 'unsafe-inline' data: ts.w.org s.w.org ps.w.org translate.googleapis.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org; script-src 'self' 'unsafe-inline' sidebar.bugherd.com cdn.jsdelivr.net www.bugherd.com translate.googleapis.com translate-pa.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' sidebar.bugherd.com cdn.jsdelivr.net www.bugherd.com translate.googleapis.com translate-pa.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; upgrade-insecure-requests; 1 default-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com recognitionapi.asdastars.com; img-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com recognitionapi.asdastars.com data:; object-src 'none'; frame-ancestors ; base-uri 'self'; 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-apac.purina.in; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-apac.purina.in 1 default-src 'self' 'unsafe-inline' wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;style-src * 'unsafe-inline' https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*; 1 frame-src 'self' https://ep2.adtrafficquality.google https://cdn.affinipay.com https://calendly.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://tpc.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://images.tryascend.com https://www.youtube.com; img-src * 'self' blob: data:; 1 font-src 'self'; 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; connect-src 'self' *.commerce-connector.com https://privacyportal-de.onetrust.com https://www.google.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1 default-src 'self' data:;font-src 'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src 'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com *.seznam.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com;form-action 'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com;worker-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk *.leady.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz www.googletagmanager.com;object-src 'self' 1 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; 1 frame-ancestors https://pannonkincstar.hu 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.spotify.com/ https://open.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://*.google.com https://*.google.be; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-8g16VyRvwLk88sMifPBr8g=='; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' www.googletagmanager.com cdn.jsdelivr.net 'unsafe-inline' www.google-analytics.com cdn.datatables.net www.google.com www.gstatic.com cmp.osano.com phyins.actonservice.com actonservice.com tattle.api.osano.com blob: https://js-agent.newrelic.com; object-src 'self'; style-src 'self' fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' cdn.datatables.net; img-src 'self' www.google-analytics.com www.googletagmanager.com phyins.actonservice.com data:; media-src 'self'; frame-src 'self' www.google.com demowebsitelink.com player.vimeo.com youtube.com www.youtube.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net tattle.api.osano.com bam.nr-data.net; report-uri /report-csp-violation 1 default-src 'self'https://www.osmo.com; style-src 'self' 'unsafe-inline' https://www.osmo.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' https://www.osmo.com https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://*.googleapis.com; frame-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.youtube.com; connect-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.youtube.com https://*.googlevideo.com; img-src 'self' data: https://tze982.saas.contentserv.com https://www.osmo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://*.gstatic.com https://*.ggpht.com https://*.googleapis.com https://imgsct.cookiebot.com; font-src 'self' https://www.osmo.com https://*.gstatic.com https://*.googleapis.com 1 font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.productreview.com.au https://fonts.yieldify-production.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com https://sdk.giftflick.com.au https://libraries.unbxdapi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://ib.adnxs.com https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.eventbrite.com.au https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://bat.bing.com https://sdk.giftflick.com.au https://www.clarity.ms https://googleads.g.doubleclick.net https://cdn.taboola.com https://trc.taboola.com https://wave.outbrain.com https://secure.quantserve.com https://rules.quantcount.com *.retargeted.co https://wisepops.net https://cdn.wisepops.com https://cdn.wisepops.net https://app.getwisp.co https://loader.wisepops.com https://script.crazyegg.com https://ct.pinterest.com https://libraries.unbxdapi.com https://search.unbxdapi.com *.amazonaws.com https://gateway.pmnts.io https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://static.elfsight.com https://cdn.pmnts.io https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://static.klaviyo.com https://static-tracking.klaviyo.com; default-src 'self' https://images.wineselectors.com.au https://vars.hotjar.com https://www.google.com https://www.facebook.com https://notifications.wisepops.com https://wisepops.net; connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://c.flx1.com wss://ws1.hotjar.com https://bacon.section.io https://in.hotjar.com https://www.facebook.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://tr.outbrain.com https://stats.g.doubleclick.net https://t.clarity.ms https://cds.taboola.com https://pips.taboola.com https://maps.googleapis.com *.retargeted.co https://cdn.giftflick.com.au/ https://wisepops.net https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://search.unbxd.io https://www.pinterest.com https://*.unbxd.io https://*.s3.amazonaws.com https://tracking.popsplot.com.au https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://www.google.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://centinelapistag.cardinalcommerce.com https://writer.cardinalcommerce.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://gateway.pmnts.io https://centinelapi.cardinalcommerce.com https://*.execute-api.us-east-1.amazonaws.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://a.klaviyo.com; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au https://phosphor.utils.elfsightcdn.com; object-src 'self' https://images.wineselectors.com.au; child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://www.instagram.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://www.google.com.au https://wineselectors.ipscape.com.au https://www.ojrq.net https://tracking.gopsjump.com.au https://*.yieldify.com https://ct.pinterest.com https://ct.pinterest.com https://td.doubleclick.net https://cdn.taboola.com https://wisepops.net https://tracking.popsplot.com.au https://www.googletagmanager.com https://geostag.cardinalcommerce.com https://*.elf.site/ https://geo.cardinalcommerce.com https://www.rsa3dsauth.co.uk https://centinelapi.cardinalcommerce.com https://mycardsecure.com https://secure7.arcot.com https://authentication.cardinalcommerce.com; 1 frame-ancestors 'self' *.giornaledellalibreria.it ; 1 default-src 'self'; object-src 'none'; script-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://structor.mynewsdesk.com; img-src 'self' data: https://structor.mynewsdesk.com https://resources.mynewsdesk.com https://*.cdninstagram.com/; object-src 'self' data: https://structor.mynewsdesk.com https://*.vimeo.com/; frame-src 'self' data: https://structor.mynewsdesk.com https://*.vimeo.com/; 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be 1 base-uri 'self'; default-src 'self'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com https://metrics.mehrwert.de https://api.usercentrics.eu https://app.usercentrics.eu https://graphql.usercentrics.eu https://consents.usercentrics.eu https://uct.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu; style-src https: 'unsafe-inline' https://www.junited-autoglas.de p-su0yn5.project.space https://www.youtube-nocookie.com https://metrics.mehrwert.de; frame-ancestors https://www.junited-autoglas.de https://p-su0yn5.project.space https://metrics.mehrwert.de; frame-src 'self' https://www.youtube-nocookie.com https://p-su0yn5.project.space https://metrics.mehrwert.de; form-action 'self'; font-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://fonts.gstatic.com; img-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com https://i.ytimg.com https://metrics.mehrwert.de; media-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com; object-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space; connect-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://metrics.mehrwert.de; 1 frame-ancestors 'self' https://librairie-bayard.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1 default-src 'self'; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com; script-src-elem 'self' https://*.googletagmanager.com 'unsafe-inline' blob: https://cdn-cookieyes.com https://*.bing.com https://*.licdn.com https://*.clarity.ms https://*.ariasystems.com https://*.jobscore.com https://vimeo.com https://*.vimeo.com https://*.sendbird.com https://cdn-cookieyes.com https://*.twitter.com https://*.zi-scripts.com https://*.quantserve.com https://*.tctm.co https://*.dealtale.com https://*.g.doubleclick.net https://*.pardot.com https://*.quantcount.com https://*.ads-twitter.com https://*.clickagy.com https://*.adsrvr.org; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://*.bing.com https://*.ads.linkedin.com https://*.googletagmanager.com https://*.truste.com https://*.gravatar.com https://*.vimeocdn.com https://*.sendbird.com https://s3.us-west-2.amazonaws.com https://*.clarity.ms https://*.ml-attr.com https://cdn-cookieyes.com https://*.bing.com https://*.adnxs.com https://*.ml-api.io https://*.google.com https://*.google.co.uk https://*.quantserve.com https://t.co https://*.twitter.com https://*.clickagy.com https://*.g.doubleclick.net https://*.sitescout.com https://*.demdex.net https://*.rlcdn.com https://*.openx.nen https://*.agkn.com; script-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; connect-src 'self' https://*.ads.linkedin.com https://*.clarity.ms https://*.bing.com https://*.plyr.io https://*.sendbird.com wss://*.sendbird.com https://cdn-cookieyes.com https://*.cdn-cookieyes.com https://*.cookieyes.com https://*.google.com https://*.analytics.google.com https://*.zi-scripts.com https://*.quantcount.com https://*.zoominfo.com https://*.clickagy.com; frame-src 'self' https://*.vimeo.com https://*.jobscore.com https://*.ariasystems.com https://*.googletagmanager.com https://*.doubleclick.net https://*.adsrvr.org; font-src 'self' data: https://*.gstatic.com; 1 default-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://static.digitalchargingsolutions.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; frame-src 'self' https://pay.sandbox.datatrans.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; img-src 'self' https: data: https://cpo-logo.digitalchargingsolutions.com https://static.digitalchargingsolutions.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com ; style-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; font-src 'self' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; 1 default-src data: 'self' https://*.hsforms.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.hsadspixel.net https://wisembly-content.s3.amazonaws.com/ https://js-eu1.hsforms.net/ https://appvizer.one/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://*.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.usemessages.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://region1.analytics.google.com https://forms.hscollectedforms.net https://www.google.fr https://api.hubspot.com https://appvizer.one https://ariadne.appvizer.one https://bat.bing.com https://forms.hsforms.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://fg.cdn.mediactive-network.net https://cta-eu1.hubspot.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://api-eu1.hubspot.com/livechat-public/v1/message/public; font-src data: 'self' https://fonts.gstatic.com; img-src data: 'self' https://wisembly-content.s3.amazonaws.com/ https://avada.studio https://s.w.org https://ps.w.org https://*.linkedin.com https://bat.bing.com https://blog.wisembly.com https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://fg.cdn.mediactive-network.net; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-src 'self' https://td.doubleclick.net/ https://*.liveboutique.io https://avada.studio https://static.hsappstatic.net https://app.hubspot.com https://forms.hsforms.com https://vars.hotjar.com https://www.youtube.com https://cta-eu1.hubspot.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com maps.googleapis.com *.polyfill.io *.google.com *.unpkg.com *.gstatic.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: maps.gstatic.com maps.googleapis.com imgsct.cookiebot.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com slant.co data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: region1.google-analytics.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' *.business.qld.gov.au 1 default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1 default-src 'self' https://www.advanzia.com https://app.usercentrics.eu https://api.usercentrics.eu https://uct.service.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://fonts.googleapis.com https://fonts.gstatic.com https://www.universign.eu https://app.universign.com https://www.google-analytics.com https://*.yieldify.com https://d33wq5gej88ld6.cloudfront.net https://dwmvwp56lzq5t.cloudfront.net https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.de https://www.google.com 'unsafe-inline' 'unsafe-eval' 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1 connect-src * 'unsafe-inline' 'unsafe-eval'; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://o419240.ingest.sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com/ https://maps.googleapis.com https://maps.googleapis.com https://www.facebook.com/ cdn.datatables.net https://analytics.google.com/; font-src 'self' fonts.gstatic.com; frame-src https://www.youtube.com https://www.facebook.com https://web.facebook.com/ https://www.google.com/ https://youtube.com/ https://td.doubleclick.net/; img-src 'self' facebook.com flickr.com https://maps.gstatic.com/ https://maps.googleapis.com/ data: https://www.google.com https://www.google.rs https://i.ytimg.com https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' connect.facebook.net https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com 'nonce-3fxtPMKeSvajAcHWlamkBw=='; style-src 'self' fonts.googleapis.com/css 'unsafe-inline' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ep2.adtrafficquality.google/ https://www.instagram.com/; img-src 'self' data: blob: https://*.fna.fbcdn.net/ https://ep1.adtrafficquality.google/; object-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://sverigesradio.se/ https://www.sverigesradio.se/ https://www.instagram.com/ https://open.spotify.com/; frame-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://sverigesradio.se/ https://www.sverigesradio.se/ https://www.instagram.com/ https://open.spotify.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://www.clarity.ms/ https://*.clarity.ms/; img-src 'self' data: blob: https://*.tile.openstreetmap.org/ https://*.clarity.ms/ https://*.clarity.ms/ https://secure.gravatar.com/ https://*.bing.com/ https://*.google.se/ https://s.w.org/; object-src 'self' data: blob: https://www.googletagmanager.com; frame-src 'self' data: blob: https://www.googletagmanager.com; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com https://www.jquery.com https://www.jqueryui.com;style-src 'self' *bootstrap.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com; img-src 'self' data: https://*.wp.com; object-src 'self' data: https://*.wp.com; frame-src 'self' data: https://*.wp.com; 1 default-src 'self' ; connect-src 'self' wss: * ; font-src 'self' fonts.gstatic.com use.fontawesome.com webshop.abahn.net ccchat.estpak.ee embed.tawk.to data: ; img-src blob: data: http: https: 'self' ; script-src 'self' cdn.modera.org *.salesfront.eu modera-serverless-microservices-assets.s3.eu-north-1.amazonaws.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.youtube.com www.gstatic.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com static.zdassets.com cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com ajax.googleapis.com maps.googleapis.com maps.google.com webshop.abahn.net banners.adnetmedia.lt mediabrands.containers.piwik.pro services.digitalmatter.ai scdn.cxense.com id.cxense.com track.adform.net s2.adform.net static.hotjar.com script.hotjar.com cdn.visitor.chat ccchat.estpak.ee snap.licdn.com cdn-cookieyes.com analytics.tiktok.com pagead2.googlesyndication.com embed.tawk.to plausible.io www.redditstatic.com delfilt.adocean.pl 'unsafe-inline' 'unsafe-eval' ; style-src data: 'self' cdn.modera.org *.salesfront.eu fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net webshop.abahn.net use.fontawesome.com ccchat.estpak.ee embed.tawk.to 'unsafe-inline' ; media-src http: https: 'self' ; base-uri 'self' ; object-src 'none' ; frame-src http: https: 'self'; upgrade-insecure-requests ; block-all-mixed-content; 1 base-uri 'self'; child-src 'self'; frame-src 'self'; connect-src 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=UYDac%2FzCqWtTcA2wKQxOBzqAx7YHSQRt21jlFBNjs4%2BTzsG%2BYfe48fXs3%2ByIlBkfzAQ7s4n51sB4qvxaqqTNew%3D%3D; 1 default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-mPIMVlFL_bYALltkVMSBvA'; style-src 'self' https://apis.google.com/* 'nonce-mPIMVlFL_bYALltkVMSBvA'; img-src * data: 1 frame-ancestors 'self' *.myhotelschool.nl ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; img-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; object-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; frame-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; 1 default-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.datatables.net https://analytics.pcagrade.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com wss://localhost:8181 wss://localhost:8282 wss://localhost:8383 wss://localhost:8484 wss://localhost.qz.io:8181 wss://localhost.qz.io:8282 wss://localhost.qz.io:8383 wss://localhost.qz.io:8484 https://www.sandbox.paypal.com https://www.paypal.com https://graph.facebook.com https://in.hotjar.com https://cdn360.orbitvu.cloud; block-all-mixed-content; connect-src 'self' wss://localhost:8181 wss://localhost:8282 wss://localhost:8383 wss://localhost:8484 wss://localhost.qz.io:8181 wss://localhost.qz.io:8282 wss://localhost.qz.io:8383 wss://localhost.qz.io:8484 https://graph.facebook.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src https://www.youtube-nocookie.com https://www.youtube.com https://vars.hotjar.com https://www.google.com https://js.stripe.com https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com/ https://calendly.com https://platform.twitter.com https://connect.facebook.net https://accounts.google.com https://www.facebook.com; img-src * data: blob:; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.hotjar.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://static.doubleclick.net https://cdn.datatables.net https://unpkg.com https://graph.facebook.com https://polyfill.io https://analytics.pcagrade.com https://script.hotjar.com https://www.paypal.com https://www.paypalobjects.com https://assets.calendly.com https://platform.twitter.com https://ipinfo.io https://cdn.orbitvu.co 'nonce-BWj3eJhh0WsEu/rd87vAFg=='; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.datatables.net https://unpkg.com https://assets.calendly.com https://cdn.orbitvu.co; report-uri /csp/report 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1 allow 'self'; font-src 'self'; media-src *; img-src * 'self'; script-src 'self' https://*.gravatar.com https://ajax.googleapis.com; https://*.google.com; style-src 'self'; 1 default-src pagead2.googlesyndication.com *.google.com *.googleapis.com; base-uri 'self' local.pokevalue.fr; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.nr-data.net bam.eu01.nr-data.net pagead2.googlesyndication.com fundingchoicesmessages.google.com; font-src 'self' local.pokevalue.fr pagead2.googlesyndication.com fonts.gstatic.com fundingchoicesmessages.google.com; frame-src googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com; img-src 'self' local.pokevalue.fr data: cnyskjyfya.cloudimg.io pokevalue.fr www.pokevalue.fr pokevalue.be www.pokevalue.be pokevalue.ch www.pokevalue.ch m.media-amazon.com pagead2.googlesyndication.com *.googleusercontent.com; script-src 'self' local.pokevalue.fr pagead2.googlesyndication.com 'nonce-GUqzpLRI1OmUC6bywo90Jg=='; style-src 'self' local.pokevalue.fr pagead2.googlesyndication.com fonts.googleapis.com fundingchoicesmessages.google.com; report-uri /csp/report 1 default-src 'self' https://cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 base-uri 'self'; child-src 'self' gap:; frame-src 'self' gap:; connect-src 'self'; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=iK2q5dQF5X92NyMKeg5Nh8TI2kef4j1ZjUl0M%2BV97GSg683LMLyEzhiGxjpr2Umx9w%2BydTMWt25ywQCLEtc1CA%3D%3D; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ http://www.njuskalo.hr/ https://www.njuskalo.hr/; 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1 default-src 'none'; block-all-mixed-content; connect-src 'self' google.com www.google.com *.analytics.google.com nr-data.net *.nr-data.net *.smartsuppchat.com *.clarity.ms *.smartsuppcdn.com bat.bing.com consentcdn.cookiebot.com wss://websocket-visitors.smartsupp.com cdn.jsdelivr.net googlesyndication.com *.googlesyndication.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net manager.eu.smartlook.cloud google.cz www.google.cz *.seznam.cz; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net; img-src 'self' w3.org data: xdigr.cz facebook.com *.facebook.com bat.bing.com *.seznam.cz *.cookiebot.com www.google.com www.google.cz files.smartsuppcdn.com c.clarity.ms *.bing.com www.googletagmanager.com *.cdninstagram.com *.fbcdn.net; media-src 'self' *.smartsuppcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google.com www.gstatic.com js-agent.newrelic.com consent.cookiebot.com consentcdn.cookiebot.com smartsuppchat.com *.smartsuppchat.com clarity.ms www.clarity.ms smartlook.com *.smartlook.com seznam.cz *.seznam.cz bing.com *.bing.com www.smartsuppchat.com facebook.net *.facebook.net *.smartsuppcdn.com googleads.g.doubleclick.net www.googleadservices.com ajax.cloudflare.com www.ajax.cloudflare.com static.cloudflareinsights.com www.static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.smartsuppcdn.com; worker-src 'self' blob: 1 frame-ancestors 'self'; script-src 'nonce-ee10bb325fe8bb6260109af38c4ebc84' https://www.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.google-analytics.com/ profile.line-scdn.net data: https://cdnjs.cloudflare.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://cbks0.googleapis.com/ https://geo0.ggpht.com/; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; form-action 'self'; manifest-src 'self'; object-src 'self'; media-src 'self'; 1 default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data: http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1 default-src 'self'; frame-src 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://widgets.ebscohost.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolbar.speechstream.net/ *.cloudfront.net/ https://www.googletagmanager.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ http://cdnjs.cloudflare.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://plus.browsealoud.com/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cloudfront.net/ http://cdnjs.cloudflare.com/ https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.google-analytics.com/ https://speech.speechstream.net/ https://pronunciation.speechstream.net/ *.doubleclick.net/ https://www.google-analytics.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ https://translate.googleapis.com https://feeds.trac.jobs/ 1 default-src 'self'; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' blob: data:; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google.se *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com *.redditstatic.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com *.reddit.com ; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com *.googletagmanager.com *.doubleclick.net *.issuu.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com *.reddit.com *.redditstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1 default-src https: https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io; frame-src https://bid.g.doubleclick.net https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/ https://bettercollect.elucidity.com.au https://tiktok.com https://gstatic https://googletagmanager; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://cdn.curator.io/ https://use.typekit.net/; font-src 'self' data: https://cdn.curator.io/ https://use.typekit.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.googletagmanager.com https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js https://player.vimeo.com https://bettercollect.elucidity.com.au; connect-src 'self' https://www.google-analytics.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://prod-apim-auseast-001.azure-api.net https://api.compassion.com.au https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com/g/ https://*.googletagmanager.com https://api.quickstream.westpac.com.au https://compassionau.force.com https://compassionau.my.site.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.hotjar.io https://*.doubleclick.net/ https://api.curator.io/ https://vimeo.com https://bettercollect.elucidity.com.au https://www.googleadservices.com; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ https://*.google-analytics.com https://*.googletagmanager.com https://bettercollect.elucidity.com.au 1 default-src 'self'; img-src 'self'; 1 frame-ancestors 'self' https://neocon.com 1 default-src 'self' 'unsafe-inline'; img-src https://carletto.ch/ data:; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 1 default-src 'none'; block-all-mixed-content; connect-src 'self' https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://login.microsoftonline.com https://*.google-analytics.com https://*.analytics.google.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.venturonet.com; font-src 'self' cdnjs.cloudflare.com https://fonts.gstatic.com data: https://*.venturonet.com; frame-src 'self' https://*.google.com/recaptcha https://*.google.com https://google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.venturonet.com; img-src 'self' data: https://*.disabledholidays.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.venturonet.com; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.google.com https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://*.venturonet.com 'nonce-GTfvPCZePGpUO09d2u/n5g=='; style-src 'self' unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://*.venturonet.com 1 default-src 'self'; connect-src 'self' https://webgate.ec.europa.eu https://intracomm.ec.europa.eu https://intragate.ec.europa.eu https://webgate.ec.testa.eu https://ecas.ec.europa.eu https://ecas.cc.cec.eu.int:7002 https://www.cc.cec https://ecas.ec.testa.eu; font-src 'self'; frame-ancestors 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; img-src https:; manifest-src 'none'; media-src 'self'; object-src 'self'; script-src 'self'; style-src 'self'; block-all-mixed-content; 1 default-src https://ipara.com;https://ipara.com.tr 1 default-src 'unsafe-inline' 'self' data: *.eru.cz *.eru.gov.cz *.googleapis.com nia.identitaobcana.cz app.powerbi.com fonts.gstatic.com cdn.jsdelivr.net *.youtube.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz unpkg.com datawrapper.dwcdn.net; report-uri /report-csp-violation 1 frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1 default-src 'self' https://performance.typekit.net youtube.com www.youtube.com player.vimeo.com *.google.com; block-all-mixed-content; connect-src 'self' *.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net data:; img-src 'self' data: https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://p.typekit.net *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://use.typekit.net https://js-agent.newrelic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; report-uri /nelmio/csp/report 1 default-src 'none'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://*.vimeo.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://*.youtube.com https://*.vimeocdn.com; img-src data: 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be https://*.ytimg.com https://i.vimeocdn.com/ https://www.facebook.com/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://snapchat.com https://*.snapchat.com https://*.google.com https://*.google.be https://fonts.gstatic.com https://www.googletagmanager.com; manifest-src 'self'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js 'nonce-vcbna2f7y69tSzeiplbnIg=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1 default-src 'self'; img-src *; media-src * data:; frame-src *; 1 default-src 'self';frame-src 'self' https://*.cookiebot.com https://streamio.com;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'nonce-NYXJWVXQiZEsPKcAke4+sSd4eSQ7T4VHMIqrhSZ6U1w=' 'strict-dynamic';connect-src 'self' https://*.optimizely.com https://*.cookiebot.com https://matomo.analys.cloud;img-src 'self' data: https://app.optimizely.com https://cdn.optimizely.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com/ https://www.paypalobjects.com/ https://t.paypal.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://www.google.com https://*.paypal.com/; frame-src 'self' data: https://www.google.com https://*.paypal.com/; 1 default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gumlet.com/; img-src 'self' data: https://www.gumlet.com/; object-src 'self' data: https://www.gumlet.com/ https://video.gumlet.io https://play.gumlet.io; frame-src 'self' data: https://www.gumlet.com/ https://video.gumlet.io https://play.gumlet.io; 1 frame-ancestors 'self' https://device.mobilitysignage.com http://device.mobilitysignage.com 1 default-src 'self' * 'unsafe-inline' data: blob: 1 base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-oygs55fy2-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 1 default-src 'self' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.fonts.gstatic.com *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b2clogin.com *.cookiescanportal.b2clogin.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.clickdimensions.com *.analytics-eu.clickdimensions.com *.gstatic.com *.fonts.gstatic.com *.google.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.cookiescan.azureedge.net *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net https://px.ads.linkedin.com *.ads.linkedin.com *.typekit.net googlesyndication.com data:;style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.clickdimensions.com *.fonts.gstatic.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.typekit.net *.cookiescan.azureedge.net *.azureedge.net https://px.ads.linkedin.com data:;connect-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net *.linkedin.com *.typekit.net googlesyndication.com data:;font-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.typekit.net data:;img-src 'self' 'unsafe-inline' https://c5alliance.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net data:;frame-src 'self' 'unsafe-inline' *.gstatic.com *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.b2clogin.com *.cookiescanportal.b2clogin.com ; 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://hcaptcha.com https://*.hcaptcha.com https://*.mailjet.com https://clicky.com https://*.clicky.com https://getclicky.com https://*.getclicky.com https://cloudflare.com https://*.cloudflare.com; img-src 'self' data: https://*.youtube.com https://hcaptcha.com https://*.hcaptcha.com https://*.mailjet.com https://clicky.com https://*.clicky.com https://getclicky.com https://*.getclicky.com https://cloudflare.com https://*.cloudflare.com; object-src 'self' data: https://*.youtube.com https://hcaptcha.com https://*.hcaptcha.com https://*.mailjet.com https://*.mjt.lu https://clicky.com https://*.clicky.com https://getclicky.com https://*.getclicky.com https://cloudflare.com https://*.cloudflare.com; frame-src 'self' data: https://*.youtube.com https://hcaptcha.com https://*.hcaptcha.com https://*.mailjet.com https://*.mjt.lu https://clicky.com https://*.clicky.com https://getclicky.com https://*.getclicky.com https://cloudflare.com https://*.cloudflare.com; form-action 'self' data: https://hcaptcha.com https://*.hcaptcha.com https://*.mailjet.com https://clicky.com https://*.clicky.com https://getclicky.com https://*.getclicky.com https://cloudflare.com https://*.cloudflare.com; 1 base-uri 'none';child-src 'none';connect-src 'self' https://storage.googleapis.com/ https://sgvsbws.mycontent.ch https://maps.googleapis.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api-produkte.www.sabag.ch https://cmsv2-admin.sabag.ch.ufirst.io https://api-ecommerce.sabag.ch.ufirst.io;default-src 'self';font-src 'self' https://fonts.gstatic.com/;form-action 'self';frame-ancestors 'none';frame-src 'self' https://www.youtube.com;img-src 'self' https://static.produkte.sabag.ch https://sgvsbws.mycontent.ch https://storage.googleapis.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://*.google-analytics.com https://*.googletagmanager.com data: maps.gstatic.com *.googleapis.com *.ggpht.com https://cmsv2-admin.sabag.ch.ufirst.io;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://*.googletagmanager.com/ 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;worker-src 'self'; 1 default-src 'self' *.typekit.net *.doubleclick.net *.google.com.tr *.google.com google.com *.googletagmanager.com blob: data: tacirlerprotfoy.com.tr fxtcr.com 'unsafe-inline' 'unsafe-eval' *.tacirlermenkul.com.tr tacirlermenkul.com.tr tacirlermenkul.com.tr:8080 31.145.122.66 www.google-analytics.com www.youtube.com 1 allow *; options inline-script eval-script; 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-apac.purina.co.id; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-apac.purina.co.id 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://* https://www.cpp.ca/; img-src 'self' data: blob: https://*; object-src 'self' data: blob: https://*; frame-src 'self' data: blob: https://*; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.reachmee.com/; img-src 'self' data: blob: ; object-src 'self' data: blob: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; frame-src 'self' data: blob: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; 1 object-src 'none'; base-uri 'none'; 1 object-src none; frame-src *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com https://pagead2.googlesyndication.com; frame-ancestors *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com https://pagead2.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none'; script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1 default-src 'self' https://*.dev-constructor.dev https://*.test-constructor.dev https://*.stage-constructor.dev https://*.constructor.app https://academy.datarockstars.ai https://learn.constructor.university https://learn.acronis.com https://dummy-tenant-for-prod.alemira.dev https://lms.constructor.school https://learn.bpsme.com https://training.acronis.com https://acb806367890429f8b15bb6cb469f10a.constructor.pro https://certification.ardanlabs.training https://lms.learn.testing.stackfuel.com https://training-new.virtuozzo.com; object-src 'none'; frame-ancestors https://*.dev-constructor.dev https://*.test-constructor.dev https://*.stage-constructor.dev https://*.constructor.app https://academy.datarockstars.ai https://learn.constructor.university https://learn.acronis.com https://dummy-tenant-for-prod.alemira.dev https://lms.constructor.school https://learn.bpsme.com https://training.acronis.com https://acb806367890429f8b15bb6cb469f10a.constructor.pro https://certification.ardanlabs.training https://lms.learn.testing.stackfuel.com https://training-new.virtuozzo.com; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistik.eurowig.de https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.google.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 1 frame-ancestors 'self' piwik.betaalvereniging.nl; 1 default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.addtoany.com polyfill.io *.google-analytics.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com *.jsdelivr.net *.typekit.net; img-src 'self' 'unsafe-inline' cdnjs.cloudflare.com data: *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.hsforms.com *.hubspot.com; media-src 'self' *.vimeo.com *.youtube.com; frame-src 'self' *.vimeo.com *.youtube.com *.addtoany.com; font-src *.googleusercontent.com *.gstatic.com 'self' cdnjs.cloudflare.com *.typekit.net; connect-src ws://127.0.0.1:* 'self' *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.hubspot.com *.addtoany.com; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1 default-src 'self'; connect-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.googleapis.com https://*.acsbapp.com https://acsbapp.com https://*.analytics.google.com; font-src 'self' https://kit.fontawesome.com https://ka-p.fontawesome.com https://acsbapp.com https://*.acsbapp.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://online.flippingbook.com https://*.googletagmanager.com https://www.google.com; img-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://acsbapp.com https://*.acsbapp.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://kit.fontawesome.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://acsbapp.com https://*.acsbapp.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://tagmanager.google.com https://acsbapp.com https://*.acsbapp.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee arensburg.ee www.iaa.ie kliimaministeerium.ee konkurents.ee laaneharju.ee images.marinetraffic.com www.konkurents.ee www.google.com.af www.lngconference.eu www.upf-group.dk www.cruiseeurope.com tentea.ec.europa.eu www.google.as www.google.com.et www.google.cf www.google.com.tj www.google.com.om www.google.co.ck www.google.co.zm; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' blob: * https:; connect-src * blob:; 1 default-src 'self' https://*.sfg.at wss://*.sfg.at wss://ws.pusherapp.com https://cdn.datatables.net; font-src 'self' data: https://*.sfg.at http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.sfg.at https://fonts.googleapis.com https://cdn.datatables.net; frame-src 'self' https://*.sfg.at https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.sfg.at:8443 https://api.ipify.org https://www.google.com; img-src 'self' data: *; media-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.sfg.at https://api.ipify.org https://cdn.datatables.net https://vjs.zencdn.net 1 allow 'self' data: blob; 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com www.creativecomputerconsulting.ca *.tiktok.com *.ttwstatic.com; 1 default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:* *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com https://*.youtube.com https://*.ytimg.com cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com https://i.vimeocdn.com https://i.ytimg.com ; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com *.google-analytics.com vimeo.com; 1 base-uri 'self'; form-action 'self' data: *.mucf.se trk.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com *.mucf.se *.cloudnet.cloud *.vimeo.com *.webserviceaward.com *.clarity.ms; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.mucf.se unpkg.com *.webserviceaward.com; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net *.ytimg.com *.webserviceaward.com; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.mediaflowpro.com blob: stats.mucf.se stats.c4223.cloudnet.cloud *.ungidag.se ungidag.se *.mucf.se mucf.varbi.com use-mucf.sitevision-cloud.se ; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.ungidag.se ungidag.se *.mucf.se use-mucf.sitevision-cloud.se ; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob: *.mucf.se *.ungidag.se ungidag.se use-mucf.sitevision-cloud.se ; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com *.ungidag.se *.webserviceaward.com *.clarity.ms; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri https://idsrv.conveyweb.co.uk/identity/csp/report 1 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 1 default-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.be https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.youtube.be https://*.youtu.be https://www.youtube-nocookie.com https://*.snapchat.com https://*.vimeo.com https://*.spotify.com; block-all-mixed-content; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; img-src data: 'self' https://placeholder.inventis.be https://*.googletagmanager.com https://*.google-analytics.com https://fonts.gstatic.com https://*.google.com https://*.google.be https://*.ytimg.com https://i.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.scdn.co https://*.youtube.com https://*.youtube.be https://*.snapchat.com https://i.vimeocdn.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js 'nonce-dNFDTyPpA+GP2A+Lg7x8Yg=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1 frame-ancestors 'self' http://clients.pensoagency.com; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline'; img-src https://carletto.de/ data:; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 1 default-src 'self'; connect-src 'self' https://matomo.tdoescher.de; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://www.logbuch-bremerhaven.de https://www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.tdoescher.de https://connect.facebook.net; style-src 'self' 'unsafe-inline' 1 default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://portal.jerseyfinance.com google.com google.je google.co.uk https://www.googletagmanager.com *.analytics.google.com *.jsdelivr.net *.jerseyfinance.com *.unpkg.com *.doubleclick.net https://cdn.userway.org https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://algolia.net *.algolia.net https://invt.io https://maps.googleapis.com https://player.vimeo.com https://sidebar.bugherd.com https://snap.licdn.com https://sst.jerseyfinance.com https://tags.srv.stackadapt.com https://www.bugherd.com https://www.buzzsprout.com https://www.clarity.ms wasm-eval; style-src 'report-sample' 'self' 'unsafe-inline' https://portal.jerseyfinance.com google.com google.je google.co.uk https://www.googletagmanager.com *.analytics.google.com *.jsdelivr.net *.jerseyfinance.com *.unpkg.com *.doubleclick.net https://cdn.userway.org https://fonts.googleapis.com https://tags.srv.stackadapt.com https://algolia.net *.algolia.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://portal.jerseyfinance.com https://ik.imagekit.io google.com google.je google.co.uk *.analytics.google.com https://www.googletagmanager.com https://notify.bugsnag.com https://notify.bugsnag.com https://cdn.userway.org https://*.litix.io https://*.wistia.com https://*.wistia.net https://adservice.google.com *.jsdelivr.net *.unpkg.com *.doubleclick.net *.jerseyfinance.com *.googlesyndication.com https://algolia.net *.algolia.net https://sockjs.pusher.com https://api.sejda.com https://api.userway.org https://assets.jerseyfinance.com https://cdn.userway.org https://cdn77.api.userway.org https://consentcdn.cookiebot.com https://iihmbgdppz-dsn.algolia.net https://invt.io https://maps.googleapis.com https://portal.jerseyfinance.com https://px.ads.linkedin.com https://sessions.bugsnag.com https://sst.jerseyfinance.com https://tags.srv.stackadapt.com https://unpkg.com https://www.google.com; font-src 'self' data: https://portal.jerseyfinance.com google.com google.je google.co.uk *.analytics.google.com https://www.googletagmanager.com https://cdn.userway.org https://algolia.net *.algolia.net https://fonts.gstatic.com; frame-src 'self' https://portal.jerseyfinance.com google.com google.je google.co.uk *.analytics.google.com https://www.googletagmanager.com https://cdn.userway.org *.userway.org https://*.litix.io https://*.wistia.com https://*.wistia.net cdn.userway.org *.youtube.com *.doubleclick.net *.cookiebot.com *.vimeo.com *.bugherd.com https://algolia.net *.algolia.net *.jerseyfinance.com https://go.jerseyfinance.com https://sst.jerseyfinance.com https://www.buzzsprout.com https://www.googletagmanager.com; img-src 'self' blob: data: https://portal.jerseyfinance.com google.com google.je google.co.uk *.analytics.google.com https://www.googletagmanager.com *.vimeocdn.com https://sidebar.bugherd.com https://ik.imagekit.io *.youtube.com https://adservice.google.com *.doubleclick.net *.imagekit.io *.googlesyndication.com https://algolia.net *.algolia.net https://ad.doubleclick.net *.doubleclick.net https://assets.jerseyfinance.com https://cdn.userway.org https://d2iiunr5ws5ch1.cloudfront.net https://go.jerseyfinance.com https://imgsct.cookiebot.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://www.facebook.com; manifest-src 'self'; media-src 'self' https://portal.jerseyfinance.com google.com google.je google.co.uk *.analytics.google.com https://www.googletagmanager.com *.userway.org https://*.litix.io https://*.wistia.com https://*.wistia.net https://player.vimeo.com *.vimeocdn.com *.doubleclick.net *.youtube.com; worker-src 'self' blob:; form-action 'self' https://portal.jerseyfinance.com google.com google.je google.co.uk *.analytics.google.com https://www.googletagmanager.com *.userway.org *.bugherd.com *.algolia.net *.jerseyfinance.com https://go.jerseyfinance.com https://sst.jerseyfinance.com https://www.googletagmanager.com; 1 base-uri 'self'; default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; style-src https: 'unsafe-inline' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; frame-ancestors https://*.mehrwert.de; frame-src 'self' https://*.mehrwert.de; form-action 'self'; font-src data: 'self' https://*.mehrwert.de; img-src data: 'self' https://*.mehrwert.de; media-src data: 'self' https://*.mehrwert.de; object-src data: 'self' https://*.mehrwert.de; connect-src data: 'self' https://*.mehrwert.de; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://xscore.cc https://cdn.jsdelivr.net https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.googletagmanager.com; img-src 'self' data: https://xscore.cc https://img.youtube.com https://secure.gravatar.com https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://s.w.org; object-src 'self' data: https://xscore.cc https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' data: https://xscore.cc https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://south-warwickshire-university-nhs.cloud.opendialog.ai/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://south-warwickshire-university-nhs.cloud.opendialog.ai/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://*.opendialog-webchat.pages.dev/ https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-apac.nestlehealthscience-th.com https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://siteintercept.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-apac.nestlehealthscience-th.com https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; report-uri /report-csp-violation 1 allow 'self'; frame-ancestors dev.togostanza.org 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://walkinto.in/ https://*.twitter.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com/ https://cdn.askem.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdn.askem.com https://*.typekit.net https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feedback.askem.com https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 default-src 'self' *.optimizely.com https: s.webtrends.com *.mycliplister.com; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src www.bosch-professional.com bosch-professional.com 'self' https:; frame-ancestors 'self' www.bosch-professional.com bosch-professional.com https: 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.smithwicksexperience.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.myfonts.net *.hotjar.com *.facebook.net; object-src 'self' https: *.smithwicksexperience.com ; style-src 'self' 'unsafe-inline' https: *.smithwicksexperience.com fonts.googleapis.com footer.diageohorizon.com *.myfonts.net; img-src 'self' data: https: *.smithwicksexperience.com *.googleapis.com *.gstatic.com analytics.twitter.com d.adroll.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.ie *.hotjar.com *.facebook.com *.google-analytics.com *.analytics.google.com; frame-src 'self' https: *.smithwicksexperience.com *.worldnettps.com www.youtube.com *.hotjar.com; font-src 'self' https: *.smithwicksexperience.com data: *.myfonts.net *.gstatic.com *.hotjar.com; connect-src 'self' https: *.smithwicksexperience.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com *.google-analytics.com *.analytics.google.com; media-src 'self' https: *.smithwicksexperience.com 1 frame-ancestors 'self' eventmobi.com experience.eventmobi.com *.eventmobi.com * 1 default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1 default-src 'self' *.optimizely.com https:; media-src 'self'*.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https:; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 upgrade-insecure-requests; base-uri 'self'; object-src 'none'; frame-ancestors punchoutcommerce.com nasa.sharepoint.com ariba.com *.ariba.com sciquest.com *.sciquest.com jaggaer.com *.jaggaer.com punchout2go.com *.punchout2go.com google.com *.google.com apple.com *.apple.com colamco.com *.colamco.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.technoform.com technoform.matomo.cloud cdn.matomo.cloud cdnjs.cloudflare.com *.hrmdirect.com https://www.youtube.com/iframe_api; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; img-src 'self' data: *.technoform.com technoform.global.ssl.fastly.net https://fonts.gstatic.com; media-src 'self' *.technoform.com technoform.global.ssl.fastly.net; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.google.com technoform.matomo.cloud *.hrmdirect.com; font-src 'self' data: *.technoform.com technoform.global.ssl.fastly.net https://fonts.gstatic.com; connect-src 'self' technoform.matomo.cloud technoform.global.ssl.fastly.net *.technoform.com; report-uri /report-csp-violation 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://translate.google.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://*.typekit.net https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1 default-src 'none'; frame-ancestors 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-access.limbic.ai/ https://cdn.ebo.ai/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' data: https://limbic-web-bot.s3.eu-west-2.amazonaws.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' *.sentry.io *.mixpanel.com *.limbic.ai *.postcodes.io *.getaddress.io *.gov.uk *.nhs.uk *.ipify.org http://icanhazip.com/ wss://directline.botframework.com https://directline.botframework.com https://midlands-configuration.ebo.ai https://midlands-conversation.ebo.ai https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net; manifest-src 'self'; base-uri 'none'; form-action 'self' https://search.ebscohost.com/login.aspx; 1 frame-ancestors DENY 1 default-src 'none'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://use.typekit.net https://ajax.googleapis.com; object-src 'none'; style-src 'self' https://maxcdn.bootstrapcdn.com; img-src 'self' data: www.google-analytics.com; media-src 'none'; frame-src 'none'; font-src 'self' https://maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com 1 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 1 default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.videoamp.com *.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.monsido.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js https://sc-static.net/sc-pixel-helper.min.js *.nprapps.org *.mikmak.ai *.swaven.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.monsido.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com *.typekit.net; img-src 'self' *.adsrvr.org *.google-analytics.com *.monsido.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.videoamp.com *.tapad.com *.snapchat.com *.doubleclick.net *.analytics.yahoo.com *.adnxs.com *.abtasty.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/ *.mikmak.ai *.swaven.com; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net *.googletagmanager.com *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.abtasty.com *.bluetriton.com *.mikmak.ai *.swaven.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.abtasty.com *.typekit.net *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.google.com *.facebook.com *.googletagmanager.com *.mapbox.com *.monsido.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net *.google-analytics.com *.mikmak.ai *.swaven.com; upgrade-insecure-requests 1 img-src 'self' *.norma.fr https://piwik.norma-online.de https://captcha.liveidentity.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma.fr https://piwik.norma-online.de www.youtube.com blob:; object-src 'none'; font-src 'self' *.norma.fr; 1 frame-ancestors 'self' https://admin.yallastore.co.il; 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1 default-src 'self'; frame-src 'self' *.youtube-nocookie.com https://sway.office.com *.webspellchecker.net/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com *.webspellchecker.net/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://use.typekit.net/ *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://use.typekit.net/ *.webspellchecker.net/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com *.webspellchecker.net/ https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net 1 allow 'self' *.ceca.es; 1 default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com piwik.itzbund.de matomo03.itzbund.de; img-src 'self' data: demografie-portal.de *.demografie-portal.de 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de matomo03.itzbund.de; frame-ancestors 'self'; 1 default-src 'self' *.instagram.com *.cookiebot.com *.facebook.net *.googleadservices.com *.google.com *.youtube.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net; img-src * data:; script-src 'unsafe-inline' 'self' *.instagram.com *.cookiebot.com *.facebook.net *.googleadservices.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com; style-src 'unsafe-inline' *; font-src 'self' fonts.gstatic.com; frame-src 'self' *.google.com *.cookiebot.com *.facebook.net *.googleadservices.com *.google.com *.youtube.com 1 connect-src 'self' https://*.paypal.com wss://*.paypal.com wss://*.upscope.io https://*.upscope.io https://sjmvgfnyja.execute-api.us-west-2.amazonaws.com https://mig-prod-connect-p-storg-bkt.s3.us-west-2.amazonaws.com https://d1lz30fckg5qs2.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://*.transport.connect.us-west-2.amazonaws.com https://analytics.google.com https://www.google.com https://www.google-analytics.com https://google.com https://googleads.g.doubleclick.net https://forms.hscollectedforms.net https://stats.g.doubleclick.net https://*.cloudfront.net https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com https://*.segment.com https://*.segment.io https://*.px-cdn.net https://*.pxchk.net https://*.px-cloud.net https://*.mercuryinsurance.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.cloudflare.com unpkg.com google.com mdbootstrap.com google-analytics.com *.googletagmanager.com tagmanager.google.com *.google.com static.ads-twitter.com *.hs-scripts.com *.facebook.net *.clarity.ms googleads.g.doubleclick.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.fw-cdn.com fw-cdn.com *.gstatic.com *.licdn.com *.freshchat.com *.newrelic.com *.youtube.com nonce-{SERVER-GENERATED-NONCE}; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.googleapis.com unpkg.com *.fontawesome.com mdbootstrap.com *.freshchat.com *.youtube.com; img-src 'self' data: https: googletagmanager.com; frame-src 'self' *.doubleclick.net *.freshchat.com *.flowpaper.com *.youtube.com *.google.com *.facebook.com; font-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com *.doubleclick.net; connect-src 'self' 'unsafe-inline' *.hscollectedforms.net *.google.com *.hubapi.com *.ads.linkedin.com *.doubleclick.net *.fwusercontent.com *.clarity.ms *.nr-data.net *.facebook.com googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cdn.prismic.io prismic.io use.typekit.net https://html2canvas.hertzen.com/dist/html2canvas.min.js *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com *.paypal.com www.paypalobjects.com static.klaviyo.com static-tracking.klaviyo.com connect.facebook.net;frame-src 'self' https://edenbotanicals.prismic.io/ *.google.fr *.doubleclick.net www.paypalobjects.com *.paypal.com static.klaviyo.com static-tracking.klaviyo.com *.googletagmanager.com *.facebook.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net tagmanager.google.com static.klaviyo.com static-tracking.klaviyo.com *.facebook.com;img-src 'self' data: https://images.prismic.io/edenbotanicals/ https://edenbotanicals.prismic.io/ p.typekit.net www.googletagmanager.com *.google.fr *.google.fr *.google.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com www.paypalobjects.com *.paypal.com static.klaviyo.com static-tracking.klaviyo.com *.facebook.com;font-src 'self' data: fonts.gstatic.com https://use.typekit.net *.facebook.com;connect-src 'self' https://docs.edenbotanicals.com/ *.google.com *.doubleclick.net *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne *.googleadservices.com www.paypalobjects.com static.klaviyo.com static-tracking.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com *.facebook.com;base-uri 'self';media-src 'self' data:;report-uri /csp/report 1 default-src 'self' www.fotoprofi.de img.fotoprofi.de https://pc-cdn.fra1.cdn.digitaloceanspaces.com/ rmail.fotoprofi.de c.emailsys2a.net cdn.pay1.de d.ratepay.com d.ratepay.de secure.pay1.de https://www.youtube-nocookie.com img.youtube.com i.ytimg.com analytics.google.com *.analytics.google.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com tagmanager.google.com *.tagmanager.google.com apis.google.com *.apis.google.com www.gstatic.com bat.bing.com bat.bing.net connect.facebook.net facebook.com *.facebook.com facebook.net *.facebook.net *.etrusted.com *.trustedshops.com *.saal-digital.net *.fotodiensteservice.de https://s3.eu-central-1.amazonaws.com/fra-webresources/ https://s3.eu-central-1.amazonaws.com/fra-webpages.shop.saal-digital.net/ fra-webresources.s3.eu-central-1.amazonaws.com photoservice.cloud https://*.loadbee.com/ availability.loadbee.com/v3/EAN/ https://cdn.loadbee.com https://content.syndigo.com/asset/ https://content.syndigo.com/page/ https://content.syndigo.com/site/ https://scontent.webcollage.net https://syndi.webcollage.net/site/xenudo-de-de/tag.js https://*.joomag.com/res_mag/ https://www.gravatar.com media.flixcar.com media.flixfacts.com *.flix360.com media.flixsyndication.net *.flix360.io syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com analytics.webgains.io api.webgains.io 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report.php; upgrade-insecure-requests 1 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.com *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1 default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.videoamp.com *.pixel.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js https://sc-static.net/sc-pixel-helper.min.js *.mikmak.ai *.swaven.com https://app-script.monsido.com/v2/monsido-script.js https://heatmaps.monsido.com/v1/heatmaps.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.videoamp.com *.pixel.tapad.com *.snapchat.com *.doubleclick.net *.analytics.yahoo.com *.adnxs.com *.abtasty.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/ *.mikmak.ai *.swaven.com https://tracking.monsido.com; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net *.googletagmanager.com *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.abtasty.com *.mikmak.ai *.swaven.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.abtasty.com *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.facebook.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net *.google.com *.mikmak.ai *.swaven.com http://tr.snapchat.com/p https://heatmaps.monsido.com; upgrade-insecure-requests 1 default-src 'none'; block-all-mixed-content; connect-src https://www.google-analytics.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com 'self'; frame-ancestors 'none'; img-src https://www.google-analytics.com 'self'; script-src https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com 'self' 'unsafe-inline' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css *.googletagmanager.com https://cdn.jsdelivr.net *.googleapis.com https://unpkg.com https://unpkg.com/@drupal/once https://unpkg.com/@drupal/ https://translate.googleapis.com https://translate.google.com *.gstatic.com *.google-analytics.com *.mailchimp.com *.google.com unpkg.com:* modernizr.min.js *.recaptcha.net https://www.recaptcha.net/recaptcha/api.js?hl=en ; script-src 'self' 'unsafe-inline' 'unsafe-eval' inline unsafe-inline https://cdn.jsdelivr.net https://unpkg.com/* www.google.com https://unpkg.com/@drupal/once https://translate-pa.googleapis.com/* https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback https://www.gstatic.com https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2 https://unpkg.com/@drupal/* https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://www.googletagmanager.com/gtag/js?id=G-9PM51GMPMT https://www.google-analytics.com https://www.recaptcha.net https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.qM_bOxanD0k.O/am=AAAB/d=1/exm=el_conf/ed=1/rs=AN8SPfoaAYNIviFe2jgsckcbZFpIHUzUwQ/m=el_main https://ssl.google-analytics.com https://www.recaptcha.net/recaptcha/api.js?hl=en https://unpkg.com/@drupal/once; media-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' *.onetrust.com *.cookielaw.org 'unsafe-inline' 'unsafe-eval' tagmanager.google.com/ www.googletagmanager.com/ s.webtrends.com statse.webtrendslive.com maps.googleapis.com www.google.com www.gstatic.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; img-src 'self' data: * ssl.gstatic.com/; media-src 'self' data: blob: embedwistia-a.akamaihd.net embed-fastly.wistia.com *.podbean.com; frame-src 'self' *.onetrust.com *.cookielaw.org *.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net *.hotjar.com *.doubleclick.net *.ceros.com *.cloudfront.net *.adsrvr.org *.visme.co *.ipipeline.com *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com *.fast.wistia.com www.google.com; font-src 'self' *.typekit.net fonts.gstatic.com *.hotjar.com data:; connect-src 'self' *.onetrust.com *.cookielaw.org *.google-analytics.com *.addthis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embed-fastly.wistia.com embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com maps.googleapis.com; report-uri /report-csp-violation 1 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self'; connect-src https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com 'self'; 1 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.ins-netz-gehen.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* https://*.cstindustries.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://code.tidio.co/ https://apis.google.com/ https://*.salesforce.com/ https://static.ads-twitter.com/ https://widget-v4.tidiochat.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js-na1.hs-scripts.com/; img-src 'self' data: https://* https://*.cstindustries.com/ https://secure.gravatar.com/ https://t.co/ https://cdnjs.cloudflare.com/ https://analytics.twitter.com/ https://s.w.org/ https://forms.hsforms.com/ https://track.hubspot.com/; object-src 'self' data: https://tanks.applicantstack.com/; frame-src 'self' data: https://tanks.applicantstack.com/; 1 default-src 'self' ; media-src 'self' *.mycliplister.com mycliplister.com ; font-src 'self' https: ; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-eu1.hsforms.net https://forms-eu1.hsforms.com; img-src 'self' data: https://forms-eu1.hsforms.com; object-src 'self' data: https://forms-eu1.hsforms.com; frame-src 'self' data: https://forms-eu1.hsforms.com; 1 default-src 'self'; style-src 'self'; img-src 'https://user46430.clients-cdnnow.ru 1 default-src *; connect-src *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1 default-src 'self' https://*.nhs.uk; frame-ancestors 'self' https://*.nhs.uk https://www.surreydrugandalcohol.com/; frame-src 'self' https://*.nhs.uk https://*.justgiving.com/ https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.justgiving.com/ https://analytics.silktide.com/ https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://www.sabp.nhs.uk; font-src 'self' 'unsafe-inline' https://online.flippingbook.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net https://www.sabp.nhs.uk; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://www.justgiving.com/ https://widgets.justgiving.com/ https://a.eu.silktide.com/ https://fbo-b.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-HCwrX4F684ycWSHrMGYn5kh3ETTq8peM' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://cdn.mxpnl.com; img-src 'self' data: https://api.adorable.io https://chart.googleapis.com https://cdn.mxpnl.com; connect-src 'self' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com wss://triggers.hawkeye.care; font-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1 worker-src 'self' 'unsafe-inline' blob: https://www.datadoghq-browser-agent.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://na5.cdn.thunderhead.com *.thunderhead.com *.cdn.thunderhead.com https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://cdn.userway.org https://consent.trustarc.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com https://mfh-prod.azureedge.net/assurantrenters/home/js/scripts.min.js https://www.datadoghq-browser-agent.com https://cdn-servicing.azureedge.net https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net *.facebook.com https://connect.facebook.net https://www.googletagmanager.com *.inmoment.com https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://consent.trustarc.com https://submit-irm.trustarc.com https://cdn.userway.org https://mfh-prod.azureedge.net https://cdn-servicing.azureedge.net https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com https://optimize.google.com; img-src * 'self' data: https:; child-src https://mfhcms.assurant.com https://www.datadoghq-browser-agent.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://cdn.userway.org https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://consent.trustarc.com https://cdn.userway.org https://submit-irm.trustarc.com https://mfhcms.assurant.com; frame-src https://consent-pref.trustarc.com https://cdn.userway.org https://submit-irm.trustarc.com/ https://optimize.google.com https://dispawsusva.inmoment.com https://na5.cdn.thunderhead.com *.thunderhead.com *.cdn.thunderhead.com 1 default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' *.webspellchecker.net/ https://fnk-main-prd-zsa-uploads.s3.eu-west-1.amazonaws.com/ https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.webspellchecker.net/ https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/ *.hotj blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.webspellchecker.net/ *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://maps.google.com https://maps.googleapis.com https://cdn1.readspeaker.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bioeg.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com; 1 default-src 'self' 'unsafe-inline' https://www.google.com https://www.facebook.com https://*.krxd.net https://*.adsrvr.org https://download-video.akamaized.net/ https://www.googletagmanager.com https://*.addthis.com https://www.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://vod-progressive.akamaized.net https://*.myfonts.net https://*.callrail.com https://*.vimeo.com https://connect.facebook.net https://*.doubleclick.net https://*.crazyegg.com https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.vimeocdn.com https://js-agent.newrelic.com https://bam.nr-data.net; img-src 'self' blob: data: https://www.googletagmanager.com https://*.adsrvr.org https://*.demdex.net https://*.krxd.net https://insight.adsrvr.org https://www.google.com https://www.facebook.com https://www.google-analytics.com https://*.doubleclick.net https://cdn.cookielaw.org 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-vieA+SL7beTsv8rx' js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js bat.bing.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net bat.bing.net adservice.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.* bat.bing.net ad.doubleclick.net adservice.google.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl www.googletagmanager.com player.springcast.app;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:; 1 child-src 'self' blob: js.stripe.com; connect-src 'self' wss://*.scribbletogether.com https://*.scribbletogether.com https://o194327.ingest.sentry.io https://www.google-analytics.com https://com-scribble-documents-serverdev.s3.amazonaws.com https://com-scribble-documents.s3.amazonaws.com https://com-scribble-temporarydocuments.s3.amazonaws.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; default-src 'self' https://static.scribbletogether.com https://com-scribble-documents-serverdev.s3.amazonaws.com https://com-scribble-documents.s3.amazonaws.com https://com-scribble-temporarydocuments.s3.amazonaws.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; font-src data: 'self' https://static.scribbletogether.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; img-src * data: blob:; script-src 'self' 'unsafe-eval' https://static.scribbletogether.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com 'nonce--PseaBKK0uCLVmLm5pmhDg'; style-src 'self' 'unsafe-inline' https://static.scribbletogether.com https://com-scribbletogether-staging-static.s3.amazonaws.com https://static.scribbletogether.com.s3.amazonaws.com; worker-src 'self' blob: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.equalweb.com/ https://login.equalweb.com/ https://login.equalweb.com/custom-button.taf https://access.equalweb.com https://cdn.equalweb.com https://cdn.equalweb.com/core/5.0.0/accessibility.js http://equalweb.com https://vimeo.com/ https://anythingllm.cloudygenome.com; img-src 'self' data: https://yt3.ggpht.com/ https://secure.gravatar.com/ https://www.equalweb.com/ https://login.equalweb.com/ https://login.equalweb.com/custom-button.taf https://access.equalweb.com https://cdn.equalweb.com https://cdn.equalweb.com/core/5.0.0/accessibility.js http://equalweb.com https://vimeo.com/ https://anythingllm.cloudygenome.com; object-src 'self' data: https://apntech.io/ https://www.iheart.com/ https://open.spotify.com/ https://www.equalweb.com/ https://login.equalweb.com/ https://login.equalweb.com/custom-button.taf https://access.equalweb.com https://cdn.equalweb.com https://cdn.equalweb.com/core/5.0.0/accessibility.js http://equalweb.com https://vimeo.com/ https://anythingllm.cloudygenome.com; frame-src 'self' data: https://apntech.io/ https://www.iheart.com/ https://open.spotify.com/ https://www.equalweb.com/ https://login.equalweb.com/ https://login.equalweb.com/custom-button.taf https://access.equalweb.com https://cdn.equalweb.com https://cdn.equalweb.com/core/5.0.0/accessibility.js http://equalweb.com https://vimeo.com/ https://anythingllm.cloudygenome.com; 1