Values for x-content-security-policy: allow 'self'; 171 frame-ancestors 'self' 53 default-src 'self'; frame-src 'none'; img-src 'self' *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 37 32 report-uri /report-csp-violation 30 default-src 'self' 29 report-uri //report-csp-violation 25 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; font-src 'self' data: https:; form-action *; 18 upgrade-insecure-requests 17 upgrade-insecure-requests; 17 frame-ancestors 'none' 14 self 14 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 11 referrer origin 11 default-src 'self'; 10 default-src 'self'; script-src 'self' 'unsafe-inline' 9 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 9 default-src 'self'; base-uri 'self'; 8 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; worker-src blob:; 8 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; media-src 'self' data: blob: https:; font-src 'self' data: https:; form-action *; 8 frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com 7 default-src *; frame-ancestors 'self' https://optimize.google.com; block-all-mixed-content; base-uri 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.sndcdn.com https://*.soundcloud.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com https://*.soundcloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.optimizely.com https://code.jquery.com https://*.googletagmanager.com https://*.episerver.net https://*.msecnd.net https://*.getsitecontrol.com https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com https://*.sndcdn.com; img-src 'self' data: https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://pixel.newscred.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.googletagmanager.com https://*.marketo.com https://grant-thornton.vuturevx.com https://*.youtube.com https://stats.g.doubleclick.net https://*.grantthornton.sg; style-src 'self' https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.marketo.com 'unsafe-inline' https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; font-src 'self' data: https://*.gstatic.com https://*.getsitecontrol.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; frame-src https://*.google.com https://*.optimizely.com https://*.googletagmanager.com https://*.marketo.com https://*.getsitecontrol.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; 7 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 7 frame-ancestors 'self' http://customer--hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 6 allow 'self' 6 frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com ;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 5 frame-ancestors https://*.marketo.com 5 child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://cdn.snax.one https://api.steem-engine.com https://scot-api.steem-engine.com https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 5 default-src 'self'; script-src 'self'; 4 default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://cf.talpa.network https://cf-staging.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com www.google-analytics.com 4 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 4 script-src 'self'; object-src 'self' 4 frame-ancestors 'self' ; 3 object-src https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com; report-uri /report-csp-violation 3 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 3 connect-src * 'self' 3 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 3 ;frame-ancestors 'self' 3 frame-ancestors https://*.dondominio.com/ https://*.mrdomain.com; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 3 frame-ancestors 'self'; 3 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 3 script-src 'self'; 3 frame-ancestors 'self' https://*.salesforce.com 3 frame-ancestors scvr.co *.scvr.co 3 frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 2 frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellhealth.com *.qa.aws.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 default-src 'self' blob:; img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: optimize.google.com *.google-analytics.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com; connect-src 'self' optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com; child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 2 connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com 2 frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 2 frame-ancestors *.splunk.com *.touchcast.com, frame-ancestors *.splunk.com *.touchcast.com 2 script-src 'self' 2 frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2 default-src 'self' data: gap: https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://c.go-mpulse.net https://s.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com; img-src 'self' data: https://*.maersk.com https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://www.weborama.com https://adv.solution.weborama.fr https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://tr.outbrain.com https://fo-api.omnitagjs.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com; font-src 'self' data: https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co https://rc.sageintacct.com; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://*.optimizely.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://forecast.io https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 2 frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2 upgrade-insecure-requests; default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2 script-src 'self' maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 2 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 2 default-src 'self' blob:; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.metartnetwork.com *.google-analytics.com *.doubleclick.net; style-src 'self' blob: 'unsafe-inline' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com *.fontawesome.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com; worker-src 'self' data: blob: wss:; object-src 'none' 2 frame-ancestors https://www.bharatpetroleum.com https://*.bpcl.in 2 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru api-maps.yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 2 default-src 'self'; connect-src https:; font-src 'self' data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2 form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://checkout.stripe.com https://www.paypal.com https://www.paypalobjects.com https://cdn.paddle.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'self' 2 frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2 default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com; report-uri /admin/config/system/seckit/csp-report 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; 2 ; 2 default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://fullstory.com https://*.fullstory.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net *.ngpvan.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com tagmanager.google.com; img-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com fonts.googleapis.com;connect-src 'self' https://*.fullstory.com https://fullstory.com; report-uri https://accounts.ngpvan.com/oidc/csp/report 2 frame-ancestors 'self' *.iza.org; 2 default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://s3.amazonaws.com/trk.cetrk.com/f/t.js https://tagmanager.google.com/ https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com http://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://tagmanager.google.com/debug/css.css https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 2 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; 2 default-src 'self'; frame-src avsecure.dev; img-src 'self' *.florastatic.com https://*.florastatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 2 default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2 frame-ancestors 'self' http://mash-5101648.hs-sites.com https://app.hubspot.com https://www.mash.com 2 frame-ancestors 'self' weleda.sabio.de 2 frame-ancestors 'self' https://*.spotify.com https://*.spotify.net 1 frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.lifewire.com *.qa.aws.lifewire.com atlas.lifewire.com atlas.local.lifewire.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancecareers.com *.qa.aws.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thoughtco.com *.qa.aws.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1 frame-ancestors http://b2b.cnyes.com https://b2b.cnyes.com 1 policy-uri /parivahan/'self' 1 block-all-mixed-content 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalance.com *.qa.aws.thebalance.com atlas.thebalance.com atlas.local.thebalance.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.tripsavvy.com *.qa.aws.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancesmb.com *.qa.aws.thebalancesmb.com atlas.thebalancesmb.com atlas.local.thebalancesmb.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruce.com *.qa.aws.thespruce.com atlas.thespruce.com atlas.local.thespruce.com 1 default-src 'self'; block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-866dbb92224505bd89ff994062d07791b61877ba' https://*.zopim.com https://*.zopim.io https://api-na.geetest.com https://api.geetest.com https://beta.binance.com https://bin.bnbstatic.com https://cdn.ampproject.org https://ex.bnbstatic.com https://monitor.geetest.com https://resource.binance.com https://static.geetest.com https://static.zdassets.com https://translate.google.com https://translate.googleapis.com https://www.binance.com https://www.google-analytics.com https://www.google.com preprodbin.bnbstatic.com; style-src 'self' 'unsafe-inline' https://beta.binance.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://resource.binance.com https://static.geetest.com https://translate.googleapis.com https://www.binance.com https://www.gstatic.com preprodbin.bnbstatic.com; font-src 'self' data: https://at.alicdn.com https://beta.binance.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://www.binance.com preprodbin.bnbstatic.com; connect-src 'self' *.fdgahl.cn https://*.zopim.com https://beta.binance.com https://bin.bnbstatic.com https://binance.zendesk.com https://ekr.zdassets.com https://ex.bnbstatic.com https://frontend-m.binance.cloud/monitor/v1/log https://jpush.binance.im:5000 https://pre-jpush.fdgahl.cn:5000 https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://ss.datasconsole.com https://translate.googleapis.com https://www.binance.com https://www.google.com preprodbin.bnbstatic.com wss://*.zopim.com wss://binance.com.zendesk.com wss://jpush.binance.im:5000 wss://margin-stream.binance.com:9443 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' *.fdgahl.cn data: https://beta.binance.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://public.bnbstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://static.geetest.com https://translate.google.com https://translate.googleapis.com https://v2assets.zopim.io https://v2uploads.zopim.io https://www.binance.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com preprodbin.bnbstatic.com; media-src 'self' *.fdgahl.cn https://bin.bnbstatic.com https://public.bnbstatic.com https://static.zdassets.com https://v2.zopim.com; frame-src 'self' https://bin.bnbstatic.com https://static.zdassets.com https://www.google.com; object-src 'none'; base-uri 'self' 1 allow 'self' 'self' https://lastpass.com wss://*.lastpass.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com ; img-src 'self' https://lastpass.com data: https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com https://a.company-target.com/ https://www07.clicktale.net/; object-src 'self' http://*.googlevideo.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; frame-src 'self' https://ssl.gstatic.com https://www.google.com https://www.youtube.com https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com; options inline-script eval-script; worker-src https://*.lastpass.com blob: 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellmind.com *.qa.aws.verywellmind.com atlas.verywellmind.com atlas.local.verywellmind.com https://specials.verywellmind.com 1 frame-ancestors https://www.maisonmargiela.com/ https://www.maisonmargiela.com/ ; 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.credit-du-nord.fr *.banque-courtois.fr *.banque-kolb.fr *.banque-laydernier.fr *.banque-nuger.fr *.banque-rhone-alpes.fr *.banque-tarneaud.fr *.smc.fr 1 frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.liveabout.com *.qa.aws.liveabout.com atlas.liveabout.com atlas.local.liveabout.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfit.com *.qa.aws.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 1 frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1 frame-ancestors 'self' hhs.gov *.hhs.gov 1 default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1 frame-ancestors https://*.settour.com.tw; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://payments.amazon.co.jp/ https://payments.amazon.co.uk https://*.amazon.de https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://payments.amazon.co.jp https://payments-jp.amazon.com https://*.amazon.de https://payments-de.amazon.com https://cdn.aws.training; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de; 1 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruceeats.com *.qa.aws.thespruceeats.com atlas.thespruceeats.com atlas.local.thespruceeats.com 1 default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com *.howsmyssl.com; img-src * data:; frame-src *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.foresee.com *.sce.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.foresee.com *.sce.com; connect-src 'self' 'unsafe-inline' *.sce.com *.foresee.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.serving-sys.com 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors *; form-action *; reflected-xss block; upgrade-insecure-requests; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com www.bpost2.be bpaid.unfyd.com; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de embedwistia-a.akamaihd.net data: blob: *.avm.de 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucecrafts.com *.qa.aws.thesprucecrafts.com atlas.thesprucecrafts.com atlas.local.thesprucecrafts.com 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfamily.com *.qa.aws.verywellfamily.com atlas.verywellfamily.com atlas.local.verywellfamily.com https://specials.verywellfamily.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.byrdie.com *.qa.aws.byrdie.com atlas.byrdie.com atlas.local.byrdie.com 1 default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1 child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-int.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net request.czilladx.com csi.gstatic.com c.pub.network d.pub.network display.bfmio.com ib.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be request-global.czilladx.com nym1-ib.adnxs.com tps10228.doubleverify.com request-global.czilladx.com d9.flashtalking.com tps10246.doubleverify.com; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 default-src blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.aboutespanol.com *.qa.aws.aboutespanol.com atlas.aboutespanol.com atlas.local.aboutespanol.com 1 frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com; report-uri /report-csp-violation 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 1 default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; img-src 'self' https://anycast.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 1 default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ok-cloud.net:* *.openbank.es:* https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tags.tiqcdn.com *.google-analytics.com:* *.tealiumiq.com:* https://tealium.hs.llnwd.net https://*.g.doubleclick.net *.amazonaws.com *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net *.adnxs.com *.ytimg.com api-ob.nd.nudatasecurity.com https://js-agent.newrelic.com https://cdnssl.clicktale.net *.googletagmanager.com *.wbtrk.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com *.openbank.es api-ob.nd.nudatasecurity.com; img-src 'self' data: 'unsafe-inline' *.amazonaws.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com data: *.iconfinder.com *.google-analytics.com *.doubleclick.net *.openbank.es *.google.com *.google.com.co *.google.es *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com https://aax-eu.amazon-adsystem.com https://openbanklive01.wt-eu02.net; media-src 'self' 'unsafe-inline' *.amazonaws.com *.openbank.es *.youtube.com; frame-src https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es; child-src https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es; font-src 'self' data: https://fonts.gstatic.com *.openbankwealth.com api-ob.nd.nudatasecurity.com; connect-src *.ok-cloud.net:* *.openbank.es:* openbank-dev pub-local.ok-cloud.net openbank.ci openb.mockable.io *.tealiumiq.com api-ob.nd.nudatasecurity.com 1 frame-ancestors 'self' http://*.sharecare.com https://*.sharecare.com http://*.qualityhealth.com https://*.qualityhealth.com 1 img-src *; 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' * 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.learnreligions.com *.qa.aws.learnreligions.com atlas.learnreligions.com atlas.local.learnreligions.com 1 default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/ http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com 'unsafe-inline' 'unsafe-eval' data: blob: 1 default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 1 default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com; script-src 'self' static.integromat.com www.google-analytics.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com; object-src 'self' static.integromat.com 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 frame-ancestors 'self' *.force.com *.salesforce.com; 1 frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1 default-src 'self' api.segment.io api.mixpanel.com www.google-analytics.com api.amplitude.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com platform.twitter.com assets.sendinblue.com www.google.com sibforms.com 'unsafe-inline'; img-src *; media-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 1 frame-ancestors 'self' eon.de *.eon.de 1 frame-ancestors https://www.marni.com/ https://www.marni.com/ https://www.optimizely.com; 1 frame-ancestors www.red-gate.com; 1 default-src 'self'; script-src 'self' *.boost.ai *.episerver.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com'unsafe-inline'; connect-src 'self' https://*.boost.ai https://chat.puzzel.com wss:;form-action 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' data: www.google-analytics.com *.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://mts.googleapis.com https://dl.episerver.net; object-src 'self'; frame-ancestors 'self'; frame-src https: 1 frame-ancestors 'none'; connect-src 'self' *.google-analytics.com *.stripe.com *.braintreegateway.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net www.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.stripe.com *.braintreegateway.com *.chase.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com optimize.google.com maps.googleapis.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.fbsbx.com *.gravatar.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com www.gstatic.com *.doubleclick.net *.googletagmanager.com; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com optimize.google.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com *.chase.com www.facebook.com optimize.google.com connect.facebook.net www.google.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 1 default-src 'self'; img-src 'self'; style-src 'self' #'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self' 1 default-src data: https: 'unsafe-inline'; frame-ancestors 'none' 1 default-src 'self' live-aclu-d7.pantheonsite.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aclu.org live-aclu-d7.pantheonsite.io *.documentcloudBLOCK.org squizlabs.github.io js-agent.newrelic.com bam.nr-data.net aclu.tt.omtrdc.net cdn.tt.omtrdc.net www.youtube.com/iframe_api s.ytimg.com static.chartbeat.com static2.chartbeat.com www.paypalobjects.com www.paypal.com cdn.heapanalytics.com heapanalytics.com *.chartbeat.com; object-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io; style-src 'self' 'unsafe-inline' *.aclu.org live-aclu-d7.pantheonsite.io squizlabs.github.io cdn.tt.omtrdc.net heapanalytics.com; img-src 'self' 'unsafe-inline' data: *.aclu.org live-aclu-d7.pantheonsite.io *.xip.io img.youtube.com s3.amazonaws.com smetrics.aclu.org squizlabs.github.io aclu.org omnitureengineering.d1.sc.omtrdc.net heapanalytics.com *.chartbeat.net; media-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io; frame-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io *.youtube-nocookie.com *.facebook.com *.youtube.com *.newsbound.com *.vote411.org https://fora.tv *.ted.com *.storify.com *.mtvnservices.com *.thinglink.com *.theguardian.com filestorage.aclu.org *.omniture.com georgejosephmapping.carto.com w.soundcloud.com www.paypal.com www.sandbox.paypal.com chartbeat.com *.chartbeat.com; font-src 'self' data: *.aclu.org live-aclu-d7.pantheonsite.io heapanalytics.com; connect-src 'self' live-aclu-d7.gotpantheon.com graph.facebook.com phone.reverehq.com https://action.aclu.org live-aclu-d7.pantheonsite.io https://aclu.tt.omtrdc.net www.paypal.com heapanalytics.com mab.chartbeat.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 1 frame-ancestors 'self' cmsv2.zebrix.net 1 default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com js.hs-analytics.net static.hotjar.com cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com js.braintreegateway.com assets.braintreegateway.com www.google.com *.hotjar.com www.google-analytics.com *.vo.msecnd.net dc.services.visualstudio.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com *.fotorama.io adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net assets.braintreegateway.com *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net media.licdn.com; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com assets.braintreegateway.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net *.hotjar.com; font-src * https: data:; 1 frame-ancestors 'self' https://portal-interactiv.com *.iberostar.com *.olehotels.com icrs.visitus-inc.com *.iberostarpro.com *.iberostartheclub.com *.grandiberostar.com kayak.com webvisor.com *.wannabot.io 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucepets.com *.qa.aws.thesprucepets.com atlas.thesprucepets.com atlas.local.thesprucepets.com 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.nsandi.com nsandi.com https://img.youtube.com img.youtube.com https://img.youtube.com https://www.youtube.com www.youtube.com youtube.com js-agent.newrelic.com bam.nr-data.net hm.webtrends.com https://hm.webtrends.com s.webtrends.com nsandi.klick2contact.com statse.webtrendslive.com cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com https://track.adform.net https://track.adform.net https://c1.adform.net/ c1.adform.net https://google.com https://www.google.com https://nsandi.klick2contact.com/ https://nsandihowdidwedo.eu.qualtrics.com/ errors.client.optimizely.com https://www.gov.uk;; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.nsandi.com nsandi.com https://img.youtube.com img.youtube.com youtube.com js-agent.newrelic.com bam.nr-data.net hm.webtrends.com https://hm.webtrends.com s.webtrends.com https://nsandi.klick2contact.com nsandi.klick2contact.com statse.webtrendslive.com https://cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://track.adform.net https://c1.adform.net;; object-src 'self'; img-src 'self' data: https://statse.webtrendslive.com https://nsandi.klick2contact.com https://server.seadform.net https://hm.webtrends.com https://cdn.optimizely.com;; report-uri /csp/csp-report 1 frame-ancestors https://*.mybigcommerce.com 1 base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io wss://*.crisp.chat https://*.crisp.chat *.payline.com *.youtube.com; img-src 'self' data: *.zopim.com *.crisp.chat *.google-analytics.com *.gstatic.com *.googleapis.com; font-src 'self' data: *.zopim.com *.crisp.chat *.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 1 child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 frame-ancestors tags.tiqcdn.com survey.hlb.com.my www.hlb.com.my apps.facebook.com www.facebook.com *.vivocha.com *.youtube.com *.facebook.com staticxx.facebook.com www.googletagmanager.com gateway.hlb.com.my www.ecloan.com.my aem-preprod.hlb.com.my aem-preprod.hlisb.com.my www.hlisb.com.my https://www.google.com www.google.com optimize.google.com hongleongbank.sc.omtrdc.net dpm.demdex.net 1 img-src 'self' https://www.images-home.com http://www.pages06.net https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://googleads.g.doubleclick.net https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co data:;connect-src 'self' https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sport360.com;font-src 'self' https://fonts.gstatic.com http://fonts.googleapis.com https://cdn.joinhoney.com data:;object-src 'self';media-src 'self';child-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://sport360.com https://4268196.fls.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://connect.facebook.net https://cse.google.com https://www.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;form-action 'self' https://rakbankonline.ae https://connect.facebook.net https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;report-uri https://revamp.rakbank.ae/security/csp-report; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.brides.com *.qa.aws.brides.com atlas.brides.com atlas.local.brides.com 1 frame-ancestors www.flygresor.se secure.rentalcars.com brands.datahc.com hyrbil.flygresor.se 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sharethis.com *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.newrelic.com secure-ds.serving-sys.com *.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com stats.g.doubleclick.net *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com *.doubleclick.net static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.brightcove.com *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com ajax.googleapis.com *.serving-sys.com *.twimg.com *.gm *.sharethis.com *.pages05.net *.googletagmanager.com *.google-analytics.com *.ubembed.com *.brightcove.com *.gstatic.com *.google.com *.brightcove.net *.serving-sys.com *.googleadservices.com secure-ds.serving-sys.com stats.g.doubleclick.net *.demandbase.com *.userzoom.com googleads.g.doubleclick.net vjs.zencdn.net *.facebook.net; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors *.windstream.net 1 default-src https:; script-src https://ewww.io https://ewww-io.exactdn.com 'unsafe-inline' 'unsafe-eval' https://checkout.stripe.com https://js.stripe.com https://api.carthook.com https://api.r.carthook.com https://code.jquery.com https://beacon-v2.helpscout.net https://cdn.sucuri.net https://js-agent.newrelic.com https://bam.nr-data.net; style-src https://ewww.io https://fonts.googleapis.com https://cdn.sucuri.net 'unsafe-inline'; img-src https://ewww.io https://ewww-io.exactdn.com https://ewww-io.exactdn.com https://example.exactdn.com https://secure.gravatar.com https://ps.w.org https://q.stripe.com https://s.w.org https://referoo.co data:; font-src 'self' https://ewww-io.exactdn.com https://fonts.gstatic.com data:; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalanceeveryday.com *.qa.aws.thebalanceeveryday.com atlas.thebalanceeveryday.com atlas.local.thebalanceeveryday.com 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1 default-src 'unsafe-inline' 'unsafe-eval' data: *.princesspolly.com princesspolly.com aws-staging.princesspolly.com *.google.com b24c55b04577edcff120-ee732677a7df0f7e6b24d56d54ebab21.ssl.cf4.rackcdn.com *.google.com.au tr.snapchat.com d3qiwpvx49u195.cloudfront.net static.olark.com static.barilliance.com www.barilliance.net *.gstatic.com cdn.bronto.com *.google-analytics.com *.adsrvr.org www.facebook.com log.olark.com so.rlcdn.com *.tribalfusion.com *.yotpo.com *.googleadservices.com *.googlefontapis.com *.googleapis.com bacon.section.io cdn.nextopia.net sc-static.net *.g.doubleclick.net connect.facebook.net static.secure-afterpay.com.au p.bm23.com js-agent.newrelic.com www.googlecommerce.com *.gosquared.com intljs.rmtag.com www.ist-track.com *.olark.com *.creativecdn.com 17a8228ae99605dda31b-ee732677a7df0f7e6b24d56d54ebab21.r9.cf4.rackcdn.com t.cfjump.com *.hotjar.com www.googletagmanager.com x.skimresources.com r.dlx.addthis.com ocsp.digicert.com status.geotrust.com *.linksynergy.com *.gleam.io gleam.io vc.hotjar.io www.google.ae dsum-sec.casalemedia.com bam.nr-data.net *.criteo.net dn3y71tq7jf07.cloudfront.net d1l6p2sc9645hc.cloudfront.net d2jjzw81hqbuqv.cloudfront.net *.criteo.com www.youtube.com s.ytimg.com pixel.tapad.com nypi.dc-storm.com *.pinterest.com cx.atdmt.com vector.nextopiasoftware.com princesspolly.ecomm-nav.com www.google.com.ph prf.hn www.polyvore.com barilliance.net www.talkable.com live-cdn.me-tail.net buy.monypayments.com www.secure-afterpay.com.au portal.afterpay.com anaytics.nextopia.net *.afterpay.com *.afterpay.com.au pay.secure-monypayments.com princesspolly-embedded.myunidays.com *.myunidays.com ln-rules.rewardstyle.com ddcfq0gxiontw.cloudfront.net *.braintree-api.com *.braintreegateway.com; 1 frame-ancestors 'self' www.clicktripz.com www.clicktripz.co rates.shermanstravel.com compare.lastminute.com compare.liligo.com http://www.checkfelix.com http://www.kayak.com http://www.kayak.ch http://www.kayak.de http://www.kayak.dk http://www.kayak.es http://www.kayak.fr http://www.kayak.ie http://www.kayak.it http://www.kayak.nl http://www.kayak.no http://www.kayak.pl http://www.kayak.pt http://www.kayak.ru http://www.kayak.co.uk http://www.momondo.at http://www.momondo.de http://www.momondo.dk http://www.momondo.es http://www.momondo.fr http://www.momondo.ie http://www.momondo.it http://www.momondo.nl http://www.momondo.no http://www.momondo.pl http://www.momondo.co.uk http://www.swoodoo.at http://www.swoodoo.com http://checkfelix.com http://kayak.com http://kayak.ch http://kayak.de http://kayak.dk http://kayak.es http://kayak.fr http://kayak.ie http://kayak.it http://kayak.nl http://kayak.no http://kayak.pl http://kayak.pt http://kayak.ru http://kayak.co.uk http://momondo.at http://momondo.de http://momondo.dk http://momondo.es http://momondo.fr http://momondo.ie http://momondo.it http://momondo.nl http://momondo.no http://momondo.pl http://momondo.co.uk http://swoodoo.at http://swoodoo.com https://amoma.blog 1 default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce 1 frame-ancestors http://www.lativ.com https://www.lativ.com; 1 report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors https://www.coolinarika.com 1 default-src 'self'; img-src 'self'; style-src 'self'; 'unsafe-inline'; font-src 'self'; script-src 'self'; 'unsafe-inline'; connect-src 'self'; 1 script-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; form-action 'none'; frame-src 'none'; frame-ancestors 'none' 1 frame-ancestors 'self' bcit.ca *.bcit.ca 1 default-src dica.gov.mm www.dica.gov.mm dev.dica.demo10.inspiralcreative.net 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.doubleclick.net *.nr-data.net *.addthis.com *.addthisedge.com *.jquery.com *.google.com *.youtube.com *.gstatic.com; report-uri /en/report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://avd.innity.com https://aw.dw.impact-ad.jp https://ssl-avd.innity.net https://as.innity.com https://cdn.innity.net https://sgp-spvapro-01.teleperformanceusa.com https://cdnjs.cloudflare.com https://avd.innity.net http://ajax.googleapis.com https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://singpost.widget.custhelp.com https://fonts.googleapis.com https://google.com https://www.rnengage.com https://maps.googleapis.com https://snap.licdn.com https://www.google-analytics.com https://px.ads.linkedin.com https://developers.google.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com http://www.google-analytics.com http://singpost.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com http://singpost.widget.custhelp.com https://www.linkedin.com; img-src 'self' https://optimize.innity.com https://avd.innity.com https://ib.adnxs.com http://www.google-analytics.com http://www.specommerce.com.s3.amazonaws.com http://d2vqszxem296au.cloudfront.net https://www.mysam.sg https://stats.g.doubleclick.net http://cdn.feedbackify.com http://s3.amazonaws.com https://maps.gstatic.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://maps.googleapis.com http://www.w3.org data: http://cx.atdmt.com https://www.linkedin.com https://www.googletagmanager.com; frame-src 'self' https://www.facebook.com https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com http://www.google-analytics.com https://fonts.gstatic.com; connect-src 'self' http://www.google-analytics.com https://maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1 default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src 'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.parnassys.net/; connect-src 'self'; font-src 'self'; child-src 'self'; frame-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://ajax.googleapis.com/ https://maps.google.com/ https://maps.googleapis.com/ https://weatherwidget.io/; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://tripura.gov.in; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com https://tripura.gov.in https://cbpssubscriber.mygov.in https://w.bookcdn.com https://maps.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://tripura.gov.in/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com; media-src 'self' https://www.youtube.com/ ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com http://164.100.127.45 https://weatherwidget.io; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com http://fonts.googleapis.com; connect-src 'self' ; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' https://*.etracker.com 1 frame-ancestors https://www.dsquared2.com/ https://www.dsquared2.com/ ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.com https://*.heatmap.it https://coincap.io wss://ws.wallex.market wss://ws.coincap.io https://*.purechatcdn.com; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com https://*.fontawesome.com https://*.customsearch.ai;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-fb879e07e0b621a04231edbabaf82aa4' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1 default-src 'self'; img-src 'self' data: https://www.google-analytics.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dap.digitalgov.gov https://www.google-analytics.com https://www.google-analytics.com/analytics.js; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'self'; report-uri https://telemetry.consumersentinel.gov/api/contentsecuritypolicy 1 frame-ancestors 'self' http://*.webtradecenter.com https://*.webtradecenter.com 1 img-src blob: * android-webview-video-poster: data:; media-src * data:; connect-src 'self'; worker-src blob: 'self'; font-src * data:; default-src player.vimeo.com *.yourmoney.ch *.newsbox.ch *.cashgate.ch 'unsafe-eval' *.gstatic.com *.issuu.com *.tkb.ch 'self' tagmanager.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.adform.net 'unsafe-inline' 1 allow 'self'; frame-ancestors dev.togostanza.org 1 script-src 'unsafe-inline' 'self' maps.google.com maps.googleapis.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.iubenda.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com *.facebook.net *.facebook.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com; img-src 'self' data: *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jquery.com *.iubenda.com *.facebook.com http://live.europasilvella.it; frame-src 'self' *.google.com *.iubenda.com *.youtube-nocookie.com *.vimeo.com *.sgs-software.com *.flipsnack.com; font-src 'self' *.gstatic.com *.fontawesome.com *.bootstrapcdn.com; connect-src 'self' *.google-analytics.com *.g.doubleclick.net *.iubenda.com api.openweathermap.org servizi.sgs-software.com 1 upgrade-insecure-requests; frame-ancestors zismo.biz 1 default-src 'self' https://player.vimeo.com https://9169248.fls.doubleclick.net https://burgess.theatro360.com https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com; img-src 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com; connect-src 'self' wss://ws2.hotjar.com https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:; media-src 'self' https://gcs-vimeo.akamaized.net https://skyfire.vimeocdn.com https://fpdl.vimeocdn.com https://video-dev.github.io https://player.vimeo.com blob:; report-uri https://burgessyachts.report-uri.com/r/d/csp/reportOnly; frame-src 'self' https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com; 1 style-src 'self' 'unsafe-inline' widget.cloud.opta.net stackpath.bootstrapcdn.com fonts.googleapis.com cdn.theoplayer.com cdn-nwsl.video.aetnd.com qa-cdn-nwsl.video.aetnd.com dev-cdn-nwsl.video.aetnd.com secure.widget.cloud.opta.net www.google.com platform.twitter.com ton.twimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-nwsl.video.aetnd.com qa-cdn-nwsl.video.aetnd.com dev-cdn-nwsl.video.aetnd.com widget.cloud.opta.net secure.widget.cloud.opta.net platform.twitter.com cse.google.com calendarx.com www.youtube.com www.google.com www.google-analytics.com cdn.theoplayer.com cdn.syndication.twimg.com www.instagram.com api.performfeeds.com; worker-src blob: 1 connect-src 'self' 1 script-src: http://*.tbmm.gov.tr https://*.tbmm.gov.tr unsafe-inline; 1 default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de https://www.betterplace.org https://betterplace-assets.betterplace.org https://i.vimeocdn.com https://raw.githubusercontent.com *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://okfde.github.io https://www.betterplace.org https://betterplace-assets.betterplace.org https://player.vimeo.com https://www.youtube-nocookie.com https://media.ccc.de https://challonge.com https://www.foodwatch.org/de/iframe/ https://js.stripe.com https://hooks.stripe.com https://www.paypal.com;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' https://static.frag-den-staat.de https://media.frag-den-staat.de https://api.betterplace.org/ https://sentry.okfn.de https://api.stripe.com;child-src blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu fragdenstaat://authorize https://hooks.stripe.com https://stripe.com https://r.girogate.de;frame-ancestors *;report-uri https://sentry.okfn.de/api/4/csp-report/?sentry_key=b0305966ad35428b88f611c796792749; 1 default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1 allow 'self' 'unsafe-inline' 'unsafe-eval' https://jako-dev.ivp.co.jp https://jako-staging.ivp.co.jp https://jako-mobile.ivp.co.jp https://jako-refactor.ivp.co.jp https://jako-vex.ivp.co.jp https://p-bandai.jp https://auctions.yahooapis.jp https://webservices.amazon.co.jp https://mws.amazonservices.jp https://shopping.yahooapis.jp https://accounts.google.com https://googleapis.com https://pt01.mul-pay.jp https://api-robot.com https://amazon.co.jp https://yahoo.co.jp https://auctions.c.yimg.jp https://wing-auctions.c.yimg.jp https://item-shopping.c.yimg.jp https://thumbnail.image.rakuten.co.jp https://www.googletagmanager.com/ https://www.google-analytics.com/ https://translate.google.com/ https://translate.googleapis.com/ https://j.wovn.io/ https://uh.nakanohito.jp/ https://*.rakuten.co.jp https://*.facebook.com https://*.sandbox.paypal.com https://*.api-robot.com https://*.amazon.co.jp https://*.yahoo.co.jp img-src * 'self' 1 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 1 default-src 'self'; script-src 'self' cdn.rollerdigital.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src * 'self' data:; font-src fonts.gstatic.com; report-uri http://api.rollerdigital.com/identity/csp/report 1 frame-ancestors 'self' *.finq.com 1 child-src 'self' http://staticxx.facebook.com https://staticxx.facebook.com http://www.facebook.com https://www.facebook.com https://accounts.google.com http://headway-widget.net https://headway-widget.net https://connect.facebook.net https://web.facebook.com blob:; connect-src *; default-src 'self'; img-src 'self' data: * https://www.facebook.com http://lorempixel.com http://gravatar.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com http://fonts.gstatic.com; object-src 'self'; media-src *; manifest-src 'self'; script-src 'self' 'unsafe-inline' http://cdn.polyfill.io https://cdn.polyfill.io http://connect.facebook.net http://apis.google.com https://connect.facebook.net https://apis.google.com https://web.facebook.com http://cdn.headwayapp.co https://cdn.headwayapp.co https://www.google-analytics.com/ https://www.googletagmanager.com http://static.ads-twitter.com https://analytics.twitter.com https://cdn.amplitude.com https://rum-static.pingdom.net https://cdn.ravenjs.com http://tagmanager.google.com https://tagmanager.google.com https://maps.googleapis.com https://fullstory.com https://ajax.googleapis.com https://www.redditstatic.com http://localhost:* blob:; style-src 'self' 'unsafe-inline' blob: https://npmcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com cdn.polyfill.io http://cdn.headwayapp.co/ https://cdn.headwayapp.co/ https://tagmanager.google.com 1 default-src 'self' blob: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com *.seedanddew.com; style-src 'self' data: 'unsafe-inline' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com; font-src https: data: about:; img-src data: https: 1 upgrade-insecure-requests;,frame-ancestors 'self' https://*.optimizely.com https://optimizely.com 1 allow 'self' default-src 'self' 'unsafe-inline' www.google-analytics.com *.twitter.com *.facebook.com *.facebook.net *.google.com 1 frame-ancestors 'self' https://*.adventhealth.com 1 allow 'self'; options inline-script; img-src 'self' data: 1 frame-ancestors 'none'; 1 default-src 'self' data: wss://*.altilly.com:2053 wss://*.altilly.com:2083 *.geetest.com *.tokenoftrust.com *.qredit.cloud *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com; script-src 'self' 'nonce-546648949b3bb912cdf6bb8ffaedf4e7' *.geetest.com *.qbox.me *.google.com *.googleusercontent.com *.altilly.com *.tokenoftrust.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.geetest.com *.qbox.me *.tokenoftrust.com *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com *.googleapis.com 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kalibrr.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ; 1 default-src 'self'; img-src 'self'; script-src 'self'; source-src 'self'; object-src 'self'; child-src 'self'; form-action 'self'; 1 default-src 'self'; img-src 'self' data: ; 1 default-src data: https: http:; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'unsafe-inline' https: http: blob: 1 frame-ancestors 'self' https://*.advisorservices.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com 1 frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1 frame-ancestors 'self' localhost:* *.tason.com 1 default-src=self 1 frame-ancestors 'self' https://corp.millenniumbim.co.mz https://ind.millenniumbim.co.mz https://inst.millenniumbim.co.mz 1 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1 frame-ancestors https://www.armaniexchange.com/ https://www.armaniexchange.com/ ; 1 default-src 'self' http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net ;frame-ancestors http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src http://*.iwplay.com.tw http://*.iwan.com.tw fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw ; 1 frame-ancestors https://scstatehouse.gov http://scstatehouse.gov https://*.scstatehouse.gov http://*.scstatehouse.gov https://*.schouse.gov http://*.schouse.gov https://*.scsenate.gov http://*.scsenate.gov 1 default-src 'self'; connect-src 'self' https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' http://*.amegybank.com https://*.amegybank.com https://*.issuu.com https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.doubleclick.net https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.amegybank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1 default-src 'self'; script-src 'self' v1.addthisedge.com munchkin.marketo.net qoo.ly use.fontawesome.com www.austinregionalclinic.com mychart.austinregionalclinic.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' rawgithub.com blob: www.youtube.com *.linkedin.com ajax.aspnetcdn.com cdn.syndication.twimg.com sjs.bizographics.com connect.facebook.net use.typekit.net maxcdn.bootstrapcdn.com arc.mymedicalme.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.twitter.com m.addthisedge.com *.addthis.com hummsystems.appspot.com; style-src 'self' use.fontawesome.com mychart.austinregionalclinic.com 'unsafe-inline' www.youtube.com platform.twitter.com *.addthis.com *.googleapis.com maxcdn.bootstrapcdn.com arc.mymedicalme.com stats.g.doubleclick.net ton.twimg.com blob:; font-src 'self' use.fontawesome.com use.typekit.net maxcdn.bootstrapcdn.com fonts.gstatic.com g.static.com; img-src 'self' qoo.ly stats.g.doubleclick.net data: *.googlecode.com p.typekit.net i.ytimg.com *.gstatic.com www.google.com www.google-analytics.com *.googleapis.com www.facebook.com *.twitter.com *.twimg.com ajax.aspnetcdn.com match.adsrvr.com; object-src 'self'; frame-src 'self' mychart.austinregionalclinic.com www.youtube.com *.addthis.com *.twitter.com arcwebsecure.com arc.mymedicalme.com www.google.com maps.google.com; connect-src 'self' m.addthis.com stats.g.doubleclick.net hummsystems.appspot.com blob:; 1 default-src 'self'; block-all-mixed-content; connect-src 'self' *.algolia.net *.algolianet.com; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https: http://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ 1 base-uri 'self'; default-src 'none'; connect-src 'self' https://*.animebytes.tv; font-src 'self' data:; form-action 'self' https://*.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://*.animebytes.tv https://www.youtube-nocookie.com https://*.soundcloud.com; img-src 'self' https://*.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri /xhr/csp; report-to /xhr/csp; upgrade-insecure-requests; options inline-script eval-script; xhr-src 'self' https://*.animebytes.tv; 1 style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.twitter.com; script-src 'self' 'unsafe-inline' *.googleapis.com:* *.google.com *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com:* *.highcharts.com cdn.jsdelivr.net:* *.twitter.com *.twimg.com data:; style-src 'self' 'unsafe-inline' *.googleapis.com:* cdn.jsdelivr.net:* *.twitter.com; img-src 'self' *.bootstrapcdn.com:* *.googleapis.com:* *.googleusercontent.com:* *.google-analytics.com *.twitter.com *.twimg.com *.gstatic.com data: ; frame-src 'self' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com * data:; child-src 'self' 'unsafe-inline' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.twimg.com; report-uri /report-csp-violation 1 default-src 'self' *.bossa.pl www.google.com; script-src 'self' 'unsafe-eval' *.bossa.pl www.salesmanago.pl www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.gstatic.com maps.googleapis.com www.google.com 'unsafe-inline'; style-src 'self' *.bossa.pl www.gstatic.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' bossa.pl *.bossa.pl www.salesmanago.pl www.google-analytics.com stats.g.doubleclick.net google.com www.google.com google.pl www.google.pl www.google.de maps.gstatic.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' data:; media-src 'self' *.bossa.pl 'unsafe-inline'; font-src 'self' *.bossa.pl themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; connect-src 'self' *.bossa.pl www.salesmanago.pl www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1 frame-ancestors 'self' corning.com *.corning.com *.siteworx.com 1 default-src 'self'; allow 'self'; img-src * 1 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-ad4748712f09e30be523e184f6157a12fbc31e12b2bd8468f49d623745ba1a19' 'nonce-6CF39DEF463CA2129AB469A32FAB6CCDDBDEA696190AE9EC51F2CEABBBFC241C' 'nonce-39413E715903D54BE4F21BCDA39277EF8FB746C4DD03C6400499595E19043F88' 'sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=' 'sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm'; 1 frame-ancestors http://* 1 default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer origin-when-cross-origin; 1 frame-src 'self' mailto: blob: *.qualaroo.com *.simpli.fi *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com http://clinicfinder.cochlear.com *.linkedin.com http://www.cvent.com http://cochlearevents.cvent.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net http://clinicfinder.cochlear.com *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' localhost:8080 *.cvent.com *.linkedin.com http://clinicfinder.cochlear.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.google-analytics.com ; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com http://test-iwh-de.cochlear.com http://test.cochlear.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.qualaroo.com *.simpli.fi *.yahoo.com *.yimg.com *.adnxs.com *.swiftype.com *.googletagmanager.com *.google.com *.leadspediatrack.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com http://go.cochlear.com *.mktoweb.com *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com medialead.de *.salesforceliveagent.com *.amazonaws.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.etracker.com *.etracker.de ; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com; font-src *; img-src data: *; frame-ancestors 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; frame-src 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; object-src 'self'; media-src *; 1 default-src 'self'; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1 default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de www.econda-monitor.de connect.facebook.net www.googleadservices.com maps.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'self' 'unsafe-inline'; style-src tagmanager.google.com fonts.googleapis.com c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net *.google.com maps.googleapis.com *.gstatic.com www.google-analytics.com *.google.de stats.g.doubleclick.net 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de www.econda-monitor.de www.google-analytics.com 'self'; report-uri /backend/csp 1 default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de 'unsafe-inline' 'unsafe-eval' 1 default-src 'self';object-src 'none';object-src allow-forms allow-same-origin allow-scripts;base-uri 'self';upgrade-insecure-requests;frame-ancestors 'none';script-src 'self' 'unsafe-inline' ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' ajax.aspnetcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com;font-src font-src 'self' ajax.aspnetcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com data:;img-src data: 'self'; 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.campsaver.com 1 default-src https://www.sanmanuel.com:443 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: www.booking.com *.holland.com *.bstatic.com blob: *.mailplus.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: cdn.blueconic.net *.holland.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com *.google-analytics.com www.booking.com *.crowdriff.com *.bstatic.com blob:; connect-src https: wss: *.hotjar.com; img-src 'self' data: *.leisure-group.net *.holland.com *.bstatic.com blob: *.cloudfront.net *.google-analytics.com tag.yieldoptimizer.com www.googletagmanager.com img.youtube.com secure.adnxs.com *.doubleclick.net www.facebook.com idsync.ricdn.com *.blueconic.com *.twimg.com *.twitter.com script.hotjar.com *.blueconic.net; 1 defaul-src 'self'; 1 default-src 'self' script-src 'self' google-analytics.com 1 default-src 'self'; script-src 'self' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src fonts.googleapis.com fonts.gstatic.com https://sso.xerius.be;frame-src 'self' login.sdworx.com www.sd.be; report-uri https://sso.xerius.be/csp/report 1 font-src 'self' static.flatfy.com *.gstatic.com; frame-src 'self' www.google.com/recaptcha/ *.hotjar.com; script-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.google.com/ads/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hotjar.com; style-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com fonts.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.google-analytics.com *.hotjar.com wss:; default-src 'self' static.flatfy.com *.gstatic.com *.hotjar.com 1 default-src 'self'; frame-src 'none'; img-src 'self' *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com www.fqtag.com https://www.fqtag.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1 default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com 1 default-src 'unsafe-inline' https://fonts.googleapis.com https://surfly.io https://maxcdn.bootstrapcdn.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; 1 default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1 allow 'self'; options inline-script eval-script; frame-ancestors 'self' 1 default-src *.sanayi.gov.tr; script-src 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sanayi.gov.tr *.youtube.com *.google-analytics.com *.ytimg.com *.twitter.com *.twimg.com; style-src 'unsafe-inline' *.googleapis.com *.sanayi.gov.tr *.twitter.com *.twimg.com; img-src data: *.sanayi.gov.tr *.ytimg.com *.google-analytics.com *.twitter.com *.twimg.com; media-src *.ytimg.com *.youtube.com *.twitter.com; connect-src *.sanayi.gov.tr; child-src twitter.com *.youtube.com *.google.com *.sanayi.gov.tr *.twitter.com; 1 allow 'self'; frame-ancestors 'self' 1 default-src 'self' data: blob: *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.webspellchecker.net *.cetrk.com s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.marketo.net *.marketo.com *.google.com *.webspellchecker.net; frame-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; frame-ancestors 'self' *.guidewire.com; child-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; font-src * data:; connect-src 'self' *.mktoresp.com *.listenloop.com *.bugsnag.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.addthis.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.crazyegg.com *.webspellchecker.net; report-uri /report-csp-violation 1 base-uri 'self'; child-src 'self' https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; frame-src 'self' https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; connect-src 'self' https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.youtube.com/ https://device.clearsale.com.br; default-src 'self' https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://accounts.google.com/ https://www.google-analytics.com/ https://www.youtube.com/ gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://*.gstatic.com https://*.hotjar.com/; img-src 'self' data: https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://*.googleusercontent.com https://*.fbsbx.com https://*.geotrust.com https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.com.br/ https://www.youtube.com/; script-src 'self' https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ https://*.facebook.net https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.google.com/ https://accounts.google.com/ https://www.googletagmanager.com/ https://apis.google.com/ https://seal.geotrust.com/ https://www.youtube.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ 'unsafe-inline'; frame-ancestors 'self' https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://*.hotjar.com/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ gap:; referrer origin-when-cross-origin; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=hDomXxYbZZNKCpAKHEWneyETH19yyklZFJpzP8sCOscchGhudgUMPyYUT4wKPIO0kAUtLWS2k1qjVFIDv50qI9ae5RC4J1jH1jqvKEGeA%2b3D0TaktZBVNWGxUwgDMtXY; 1 frame-ancestors http://*.stumbleupon.com 1 child-src 'self' blob:; connect-src 'self' https://cdn.polyfill.io facebook.com google-analytics.com; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is t.co *.gstatic.com *.googleapis.com *.ytimg.com https://islandsbanki-res.cloudinary.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src 'none'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.prismic.io maps.googleapis.com https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-eval' https://fill.dropandsign.is https://*.infogram.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com https://fill.dropandsign.is; frame-src https://*.islandsbanki.is https://gamli.islandsbanki.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://fill.dropandsign.is https://*.isb.is https://*.infogram.com; worker-src 'self' blob: 1 frame-ancestors 'self' intertops.eu www.intertops.eu sblp.intertops.eu sports.intertops.eu poker.intertops.eu casino.intertops.eu classic.intertops.eu lobby.intertops.eu:2072 account.intertops.eu 1 base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1 allow 'self'; img-src * ; script-src www.gstatic.com 'self' ajax.googleapis.com www.google.com browser-update.org ; font-src 'self' application ; style-src fonts.googleapis.com 'self' netdna.bootstrapcdn.com ; 1 frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1 frame-ancestors 'self 1 default-src https: 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors 'self' piwik.currence.nl; 1 default-src 'self';font-src 'self' fonts.gstatic.com;connect-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz www.google.com;form-action 'self';frame-src 'self' www.youtube.com www.facebook.com;child-src 'self' www.youtube.com www.facebook.com;frame-ancestors 'self';img-src 'self' data: blob: www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'self' 1 allow ‘self’ 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 1 default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1 default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com msig.zumata.com https://cdn.rawgit.com staging-msig.zumata.com http://tagmanager.google.com www.recaptcha.net d16fk4ms6rqz1v.cloudfront.net s.salecycle.com connect.facebook.net d.turn.com msig-web-chat-plugin.zumata.com cdn.polyfill.io console.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com msig.zumata.com https://cdn.rawgit.com staging-msig.zumata.com http://tagmanager.google.com s.salecycle.com console.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com msig.zumata.com http://tagmanager.google.com insight.adsrvr.org s.salecycle.com d22j4fzzszoii2.cloudfront.net www.facebook.com msig-web-chat-plugin.zumata.com console.turn.com; frame-src 'self' www.youtube.com sp.zalo.me www.google.com bid.g.doubleclick.net http://tagmanager.google.com s.salecycle.com *.fls.doubleclick.net; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com d22j4fzzszoii2.cloudfront.net; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in http://tagmanager.google.com staging-msig.zumata.com msig.zumata.com *.salecycle.com stats.g.doubleclick.net wss://msig-web-chat-plugin.zumata.com msig-web-chat-plugin.zumata.com console.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org; report-uri /report-csp-violation 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' whaleshares.io pubrpc.whaleshares.io rpc.whaleshares.io api.whaleshares.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com jobs.nga.net.au; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au jobs.nga.net.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline' jobs.nga.net.au; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 1 allow 'self'; media-src *; img-src *; script-src 'self' https://avisite.com.br; style-src 'self'; 1 default-src https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1 upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1 default-src 'self' '*.youtu.be' '*.youtube.com' '*.sgul.ac.uk' '*.google.com' '*.hotjar.com' '*.schema.org' '*.googletagmanager.com' 1 frame-ancestors 'self' *.transbank.cl *.portaltransbank.cl 1 frame-ancestors 'self' goplus.localhost *.goplus.localhost; 1 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * blog:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'; 1 default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com googletagmanager.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.emlgrid.com *.salesmanago.pl *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com static.ads-twitter.com analytics.twitter.com app.humdash.com analytics.zortrax.com cf.zortrax.com ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com data.zortrax.com *.gravatar.com *.ggpht.com *.emlgrid.com *.salesmanago.pl *.ssl.gstatic.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com t.co/i/adsct app.humdash.com cf.zortrax.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' data.zortrax.com *.luckyorange.net ws://localhost:3000 *.emlgrid.com *.salesmanago.pl *.google-analytics.com *.tagmanager.google.com app.humdash.com ;media-src 'self' *.youtube.com *.youtube-nocookie.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1 default-src 'self'; child-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.google.com *.google.gr; frame-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.youtube.com *.google.com *.google.gr *.paypal.com *.paymentwall.com; connect-src 'self' *:888; font-src 'self' data:; form-action 'self' store.payproglobal.com secure.avangate.com; frame-ancestors 'self'; img-src 'self' trust.zone data: *.google.com *.google.gr *.trustzoneurl.com trustzonepost.xyz *.g.doubleclick.net *.facebook.com syndication.twitter.com seal.digicert.com www.google-analytics.com *.cartocdn.com *.paypalobjects.com; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustzoneurl.com google.com a.trust.zone platform.twitter.com connect.facebook.net www.gstatic.com www.googleadservices.com *.google-analytics.com seal.digicert.com *.paypalobjects.com *.paypal.com paypal.com; report-uri https://trust.zone/_csp_log 1 default-src 'self' https://static.hellogrove.com; base-uri 'self' https://optimize.google.com; form-action 'self' https://*.facebook.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' blob https://fonts.googleapis.com https://optimize.google.com https://intercomcdn.com https://tagmanager.google.com/ http://localhost:8080 blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://tagmanager.google.com https://cdn.amplitude.com http://localhost:8080 https://*.segment.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com http://*.google-analytics.com https://*.googlesyndication.com https://*.googleapis.com https://*.facebook.com https://*.facebook.net https://*.googleadservices.com https://*.doubleclick.net https://*.intercomcdn.com https://*.intercom.io https://js.stripe.com https://cdn.inspectlet.com https://calendly.com https://*.licdn.com https://*.ads.linkedin.com https://*.linkedin.com https://*.sentrydsn.com; connect-src 'self' https://api.amplitude.com http://localhost:8080 ws://localhost:8080 https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com http://*.google-analytics.com https://www.facebook.com https://dc.ads.linkedin.com https://*.segment.io https://*.intercomcdn.com https://*.intercom.io wss://*.intercomcdn.com wss://*.intercom.io https://api.stripe.com http://*.inspectlet.com https://*.inspectlet.com wss://*.inspectlet.com https://sentry.io; media-src 'self' https://youtube.com; font-src 'self' https://static.hellogrove.com data: http://localhost:8080 https://fonts.gstatic.com https://*.intercomcdn.com https://*.intercom.io; img-src 'self' data: http: https: https://www.google-analytics.com https://optimize.google.com; frame-src 'self' https://calendly.com https://www.youtube.com https://js.stripe.com https://www.facebook.com https://*.doubleclick.net https://optimize.google.com; frame-ancestors 'self'; block-all-mixed-content; report-uri https://sentry.io/api/199902/csp-report/?sentry_key=f13682fa65bb4d0ca2179a4dc55d79b8 1 frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://360.articulate.com https://articulateusercontent.com 1 frame-ancestors 'self' *.charbroil.com 1 frame-ancestors http://*.viewlift.com 1 frame-ancestors 'self' http://view.ceros.com http://*.mccarthy.com http://*.digcastle.com https://view.ceros.com https://*.mccarthy.com https://*.digcastle.com 1 default-src 'self' *.google-analytics.com *.newrelic.com stats.g.doubleclick.net *.googleapis.com *.tbe.taleo.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.twitter.com *.googleapis.com static.addtoany.com *.disqus.com *.youtube.com *.gstatic.com *.disquscdn.com *.mollom.com *.hostedpci.com bam.nr-data.net maps.google.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com static.addtoany.com *.disqus.com *.youtube.com *.disquscdn.com *.mollom.com *.hostedpci.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.youtube.com data: *.gstatic.com *.googleapis.com *.google.com *.google.co.* stats.g.doubleclick.net *.disqus.com *.disquscdn.com *.mollom.com *.prod.acquia-sites.com *.hostedpci.com *.google-analytics.com gravatar.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.youtube.com *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' static.addtoany.com *.youtube.com *.gstatic.com *.disqus.com *.mollom.com *.hostedpci.com *.mapbox.com *.policymap.com disqus.com *.tbe.taleo.net *.tbe.taleo.net/chu03/ats/careers/apply.jsp d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com data: d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.googleapis.com *.g.doubleclick.net *.disqus.com *.hostedpci.com *.google-analytics.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-kyt2tVfnW/Im7LvpC1Dv8j+sjyNt8kPlOQpQV+g8WQ4=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 default-src *; 1 frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1 default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com cache.bureauveritas.com pr.globenewswire.com www.globenewswire.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 1 default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com 1 frame-src https://*; child-src https://*; default-src 'unsafe-inline' 'self' data: https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://masterpass.com https://www.google-analytics.com https://*.alpha.gr 1 default-src 'self' https: *.acurian.com data: 'unsafe-inline' 'unsafe-eval' script-src: 'self' 1 default-src data: wss://*.kambicdn.com:* wss://*.kambicdn.net wss://*.kambicdn.org wss://*.kambi.com:* wss://*.7777.bg:* wss://7777.bg:* 'self' 'unsafe-eval' 'unsafe-inline' https://*.cdn.bg https://www.youtube.com/ https://youtube.com/ https://7777.bg https://*.7777.bg https://www.google.bg https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://stats.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://*.casinomodule.com https://casinomodule.com https://kambi.com https://*.kambi.com https://*.kambicdn.com https://kambicdn.com https://*.kambicdn.org https://kambicdn.org https://*.kambicdn.net https://kambicdn.net https://d26335rno3m71y.cloudfront.net/ https://d1fqgomuxh4f5p.cloudfront.net/ https://lob.egcvi.com https://play-web-nl.e-devel.eu https://website.e-devel.eu https://ogs-gl-mt1p16.nyxop.net https://*.casinarena.com https://s7.egtmgs.com:8181 https://s7.egtmgs.com https://free.egtmgs.com:9998 https://free.egtmgs.com https://cdrs.netentcdn.com blob: https://*.7777.bg/ https://7777.bg; frame-ancestors 'self' *.7777.bg 1 default-src 'self';img-src *; script-src *; 1 default-src 'self'; script-src 'self'; img-src 'self' 1 script-src 'self' * www.googletagmanager.com download.zohopublic.com use.fontawesome.com www.googleadservices.com fontawesome.com connect.facebook.net stats.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net www.google.com www.youtube.com i.ytimg.com www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';style-src 'self' download.zohopublic.com salesiq.zohopublic.com css.zohostatic.com dyjgaef5vuq51.cloudfront.net fontawesome.com ping.typekit.net www.youtube.com i.ytimg.com p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' download.zohopublic.com salesiq.zoho.com img.zohostatic.com salesiq.zohopublic.com fontawesome.com www.googleadservices.com www.youtube.com i.ytimg.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com fontawesome.com az732725.vo.msecnd.net data:;object-src 'self' fontawesome.com ping.typekit.net p.typekit.net www.youtube.com i.ytimg.com use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; 1 allow 'self'; options inline-script; frame-ancestors 'none' 1 allow 'self' http://*.googlesyndication.com https://*.googlesyndication.com; options inline-script eval-script; img-src *; script-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com http://*.googlesyndication.com http://*.doubleclick.net https://*.simplemachines.org https://*.simplemachinesweb.com https://*.googlesyndication.com https://*.doubleclick.net; style-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com https://*.simplemachines.org https://*.simplemachinesweb.com; frame-ancestors none; 1 frame-src http://webvisor.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.ampproject.org counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1 frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1 frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://tags.tiqcdn.com https://static.ads-twitter.com https://t.co https://di.rlcdn.com https://connect.facebook.net https://www.facebook.com https://d.agkn.com https://2530996.fls.doubleclick.net https://sb.scorecardresearch.com https://www.googletagmanager.com https://s.yimg.com https://sp.analytics.yahoo.com https://px.airpr.com https://dpx.airpr.com https://secure.adnxs.com https://schwab.demdex.net https://googleads.g.doubleclick.net https://adservice.google.com https://schwab.tt.omtrdc.net https://smetric.schwab.com https://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com; report-uri /report-csp-violation 1 connect-src 'self' https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1 default-src 'self' data:; script-src 'self' data: 'unsafe-inline' *.google-analytics.com *.googleadservices.com *.google.com googleads.g.doubleclick.net connect.facebook.net *.hotjar.com cdnjs.cloudflare.com *.branch.io branch.io *.link *.doubleclick.net *.licdn.com *.linkedin.com *.netverify.com *.zdassets.com *.googletagmanager.com *.zopim.com *.mxpnl.com mxpnl.com *.marketo.net bat.bing.com pixel.mathtag.com cdn.bizible.com www.everestjs.net cdn.oribi.io d31y97ze264gaa.cloudfront.net st1.dialogtech.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.google.com *.zdassets.com; img-src * data:; media-src *; frame-src 'self' *.flyxo.com *.doubleclick.net youtube.com *.hotjar.com *.facebook.net *.facebook.com *.netverify.com *.zdassets.com *.googletagmanager.com pixel.mathtag.com *.jobvite.com; font-src 'self' data: flyxo.com fonts.googleapis.com fonts.gstatic.com *.zdassets.com; connect-src *; report-uri https://flyxo.com/api/v1/forms/csp-report/ 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com maps.googleapis.com use.typekit.net cdnjs.cloudflare.com www.google-analytics.com bam.nr-data.net connect.facebook.net platform.twitter.com gmc.lingotek.com pixel.mathtag.com platform.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fast.fonts.net gmc.lingotek.com; frame-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com; child-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com; report-uri /report-csp-violation 1 upgrade-insecure-requests; frame-ancestors 'self' https://secure.blooom.com; form-action 'self' https://api.blooom.com; object-src 'none'; base-uri 'self' https://optimize.google.com; report-uri /api/log_csp_event 1 script-src 'self' www.papara.com papara.com api.instagram.com az416426.vo.msecnd.net maps.googleapis.com mc.yandex.ru www.googletagmanager.com tagmanager.google.com www.googleadservices.com graph.facebook.com staticxx.facebook.com connect.facebook.net stats.g.doubleclick.net www.google.com www.google-analytics.com ajax.googleapis.com www.google.com.tr www.gstatic.com apis.google.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fonts.googleapis.com tagmanager.google.com az732725.vo.msecnd.net 'unsafe-inline' 'unsafe-eval';img-src 'self' www.papara.com papara.com s3-eu-west-1.amazonaws.com scontent.cdninstagram.com cdninstagram.com mc.yandex.ru lookaside.facebook.com platform-lookaside.fbsbx.com csi.gstatic.com maps.gstatic.com maps.googleapis.com graph.facebook.com scontent.xx.fbcdn.net www.googleadservices.com staticxx.facebook.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com www.google.com ssl.gstatic.com data:;object-src 'self';options eval-script 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com.au *.google.com *.google-analytics.com *.nr-data.net *.newrelic.com *.investsmart.com.au disqus.com *.disquscdn.com *.xg4ken.com wss: *.cloudfront.net *.googletagmanager.com *.intercomcdn.com *.kissmetrics.com *.scorecardresearch.com *.intercom.io *.segment.io *.disqus.com *.typekit.net *.segment.com *.quantserve.com *.fullstory.com *.googleadservices.com *.yimg.com *.yahoo.com *.doubleclick.net *.zoho.com *.webspellchecker.net *.vimeo.com *.twitter.com *.twimg.com ii-uploads.s3.amazonaws.com *.youtube.com *.intercomcdn.com *.intercom-sheets.com; img-src * 'self' data:; font-src 'self' *.typekit.net data: *.intercomcdn.com; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com 1 default-src 'self' www.facebook.com www.google-analytics.com data maps.googleapis.com: 'unsafe-inline' 'unsafe-eval' www.google.com ajax.aspnetcdn.com web.bankingly.com ws://web.bankingly.com rum-static.pingdom.net rum-collector.pingdom.net rum-collector-2.pingdom.net connect.facebook.net www.google-analytics.com www.googletagmanager.com seal.websecurity.norton.com detectca.easysol.net www.gstatic.com cdn.ywxi.net maps.googleapis.com logo.prismasystems.com.ar js.hs-scripts.com js.hscollectedforms.net js.usemessages.com js.hsadspixel.net js.hs-analytics.net api.hubspot.com forms.hubspot.com api.hubapi.com track.hubspot.com app.hubspot.com; 1 default-src 'self'; script-src 'self' 'sha256-fTL9xoZj9iXVRXeDUf/iFrC95+mfPVDkMkeK3PYi8MM=' 'sha256-gXwKknVYvveSJRLsiIwMriGOXDM18PjHgRkZo2C42f8=' 'sha256-HZBsmPK87FAAACOaR7r5uQwRyHv+s6gJZa1uUlA/hvE=' 'sha256-CqTSy+VCu6p5BctLcPA3DoMM5b2NTmVrmmv06iedwDs=' 'sha256-El8KV0RbhBreno4AiWvJ6i9iW0v0M9ERUqgqK8gzbx0=' 'sha256-L4W0PIB79kWcgDlKVkehwWIKtP3WwOdNJfNJTPfHRLE=' 'sha256-sIEHhhkBQySsTeaQyiprlJF+Pb+dmoAIz27PwT40ngA=' 'sha256-odRe49vra7bXuneQz8ANywtlo1g1sDI9R7KpVV4jP8I=' 'sha256-6sj2CH5QgRXHcZ+kH4fhF4Te3pDSMcUCpFjECSaQxgE=' 'sha256-yZ5Pm3I4CJM38Idls91NM2mJdRMNn6JKgskWgBZSGpo=' 'sha256-xrBUghFWlzUXi5enooDiMvbkrIY1aqy0RV1I7cwfC+c=' 'sha256-PiXx5xN8iw/QhsGSSZJvL/89kaGxkHuAK67lqUMXW5I=' 'sha256-BMxBgZ0r6Aj6SlfNTs/+4WHuA1kWlgfnmakeu6eFLJA=' https://www.googletagmanager.com www.google-analytics.com https://snap.licdn.com px.ads.linkedin.com www.linkedin.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: stats.g.doubleclick.net da-wbs-uploads.s3.eu-central-1.amazonaws.com www.google-analytics.com secure.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://www.google.com; 1 default-src 'none'; connect-src 'self'; font-src 'self'; frame-src https://www.google.com/recaptcha/; img-src 'self' https://www.gstatic.com/recaptcha/ https://www.google-analytics.com; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' 1 frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com; 1 child-src 'self' https://*.cloudfront.net https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://heapanalytics.com https://maps.googleapis.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net wss://*.hotjar.com; default-src 'self' https://*.sigfig.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com; 1 frame-ancestors *.scaledrone.com 1 frame-ancestors https://*.hole19golf.com 1 allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src *; media-src *; frame-src 'self' 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: 1 unsafe-inline 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io *.googletagmanager.com *.google.com *.casa.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.casa.gov.au *.googleapis.com *.gstatic.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.hotjar.io *.googletagmanager.com *.google.com *.casa.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.casa.gov.au *.googleapis.com *.webspellchecker.net *.gstatic.com; object-src 'none'; style-src 'self' * 'unsafe-inline' ; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://chat.casa.gov.au https://www.casa.gov.au *.hotjar.com *.youtube.com *.inq.com casa.inq.com https://media-aus.inq.com https://casa.inq.com; font-src 'self' * 'unsafe-inline' ; connect-src 'self' * 'unsafe-inline' ; report-uri /report-csp-violation 1 policy-uri /'unsafe-inline' 1 default-src 'self' https://fonts.gstatic.com; img-src *; script-src 'self' https://maps.googleapis.com/ https://ipirani.ir/ https://www.google-analytics.com/ https://cdn.zarinpal.com/ 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com:* *.addthisedge.com:* *.googleanalytics.com:* *.google-analytics.com:* *.googleapis.com:* *.googletagmanager.com:* *.google.com:* *.gstatic.com:* *.boroondara.vic.gov.au:* *.newrelic.com:* *.nr-data.net:* *.readspeaker.com:* *.loop11.com:* *.eyesdecide.com:* *.beaglex.com:* *.loggly.com:* siteimproveanalytics.com:* *.betterhealth.vic.gov.au:* *.addtoany.com:* *.freshmarketer.com:*; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com:*; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.addthis.com:* wss://api.beaglex.com:* *.beaglex.com:* *.loggly.com:* *.betterhealth.vic.gov.au:* *.freshmarketer.com:*; report-uri /report-csp-violation 1 default-src 'self' *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.euro-area-statistics.org *.ims-cms.net; 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://azure.mhiaa.com.au https://*.googleadservices.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.mhiaa.com.au https://*.googletagmanager.com https://static.addtoany.com https://*.zopim.com 1 child-src 'self' www.youtube.com accounts.google.com; connect-src *; default-src 'self'; img-src 'self' * storage.googleapis.com maps.googleapis.com images.pexels.com *.amazonaws.com www.localsearch.com.au maps.googleapis.com maps.gstatic.com *.localsearch.cloud *.googleusercontent.com *.facebook.com googleads.g.doubleclick.net pagead2.googlesyndication.com ssl.gstatic.com dev.visualwebsiteoptimizer.com data:; font-src 'self' data: fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' * cdn.polyfill.io maps.googleapis.com connect.facebook.net/en_US/sdk.js *.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com tagmanager.google.com googletagmanager.com dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' blob: dev.visualwebsiteoptimizer.com tagmanager.google.com fonts.googleapis.com cdn.rawgit.com/milligram/milligram/master/dist/milligram.min.css fonts.googleapis.com/css; frame-src *.facebook.com *.google.com *.youtube.com *.gstatic.com googleads.g.doubleclick.net pagead2.googlesyndication.com dev.visualwebsiteoptimizer.com 1 upgrade-insecure-requests default-src 'self' *.alacrity.net; 1 frame-ancestors www.bps.ac.uk 1 'nosniff'; 1 default-src 'self' *.scumware.org http://static.scumware.org; script-src 'self' *.scumware.org; options inline-script eval-script; 1 upgrade-insecure-requests; default-src 'self' https; connect-src 'self' plus.browsealoud.com babm.texthelp.com https://*.speechstream.net stats.g.doubleclick.net www.google-analytics.com m.addthis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com plus.browsealoud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com maps.googleapis.com www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com s7.addthis.com m.addthisedge.com m.addthis.com plus.browsealoud.com www.browsealoud.com fonts.googleapis.com apis.google.com www.youtube.com s.ytimg.com v4in1-si.click4assistance.co.uk az416426.vo.msecnd.net; img-src 'self' maps.gstatic.com maps.googleapis.com www.google-analytics.com prod3si.click4assistance.co.uk stats.g.doubleclick.net plus.browsealoud.com v4in1-si.click4assistance.co.uk data:; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; frame-src 'self' s7.addthis.com www.youtube.com v4in1-ti.click4assistance.co.uk; media-src 'self' https://*.speechstream.net; 1 default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *; font-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation 1 reflected-xss block 1 frame-ancestors https://*.devpleno.com 1 frame-ancestors 'self' https://*.divessi.com https://*.head-test.com 1 default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com *.whisbi.com; script-src 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com; object-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com *.orange.be optimize.google.com fonts.googleapis.com *.netdna-ssl.com *.whisbi.com; img-src * data: optimize.google.com; media-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com *.orange.be cdn.livechatinc.com themes.googleusercontent.com fonts.gstatic.com *.netdna-ssl.com *.whisbi.com; connect-src 'self' *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com *.orange.be *.mousestats.com secure.comparecycle.com *.whisbi.com; report-uri /admin/config/system/seckit/csp-report 1 base-uri 'self'; frame-ancestors 'none'; default-src 'self'; form-action 'self'; img-src 'self' data: https://mp-prod-cdn.azureedge.net; font-src 'self' data: https://mp-prod-cdn.azureedge.net; script-src 'self' 'unsafe-inline' https://mp-prod-cdn.azureedge.net https://*.getclicky.com https://*.vo.msecnd.net https://widget.prefinery.com https://i.prefinery.com https://*.googleapis.com https://www.youtube.com https://*.ytimg.com; frame-src 'self' https://mp-prod-cdn.azureedge.net https://www.youtube-nocookie.com; child-src 'self' https://mp-prod-cdn.azureedge.net; style-src 'self' 'unsafe-inline' https://mp-prod-cdn.azureedge.net; connect-src 'self' https://mp-prod-cdn.azureedge.net https://maps.googleapis.com https://dc.services.visualstudio.com; 1 default-src 'self'; connect-src https://*.revo.com https://*.thelabnyc.com https://*.myshopify.com localhost:* *.hotjar.com *.hotjar.io facebook.com sentry.io *.yotpo.com storerocket.io *.mapbox.com www.google-analytics.com www.facebook.com wss://ws2.hotjar.com https://widget.us.criteo.com http://siteblock.exeloncorp.com adservice.google.com stats.g.doubleclick.net; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data:; frame-src 'self' *.doubleclick.net *.hotjar.com *.criteo.com *.criteo.net optimize.google.com www.googletagmanager.com connect.facebook.net www.facebook.com www.yahoo.com *.yahoo.com; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com connect.facebook.net *.hotjar.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.criteo.net *.criteo.com *.criteotilt.com *.experticity.com *.storerocket.io *.yotpo.com *.doubleclick.net *.jsdelivr.net *.mapbox.com tagmanager.google.com optimize.google.com *.list-manage.com z.moatads.com https://l.facebook.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.yotpo.com tagmanager.google.com optimize.google.com fonts.googleapis.com; child-src blob:; report-uri https://sentry.io/api/1388394/security/?sentry_key=05cf1ae732d54995bff9b1d4ab1dfc07&sentry_environment=production 1 default-src 'self'; font-src * data:; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' frame-src https://*.youtube.com/ https://*.oxy.com https://*.youtube-nocookie.com http://*.corporate-ir.net https://occidentalpetroleum.gcs-web.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; frame-src 'self' https:; frame-ancestors 'self' data: blob:; 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamlogin.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1 default-src ; script-src https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data:; media-src *; child-src *.youtube.com *.vimeo.com; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de; connect-src 'self' entrecode.de *.entrecode.de localhost:7777 https://www.google-analytics.com; manifest-src 'self' 1 default-src 'self' *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ad.edugram.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com platform-cdn.sharethis.com use.fontawesome.com; script-src 'self' 'unsafe-inline' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ad.edugram.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com platform-cdn.sharethis.com use.fontawesome.com; style-src 'self' 'unsafe-inline' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ad.edugram.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com platform-cdn.sharethis.com use.fontawesome.com; img-src 'self' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ad.edugram.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com platform-cdn.sharethis.com use.fontawesome.com; media-src 'self' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ad.edugram.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com platform-cdn.sharethis.com use.fontawesome.com; 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri https://cloudmanagerportal.com/oidc/csp/report 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com tech-connect.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src * 'unsafe-inline' cdn.ckeditor.com 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' https://*.gstatic.com; script-src 'self' https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://an.yandex.ru https://yandex.st https://yastatic.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com nonce-RAND 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' nonce-RAND http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net; img-src 'self' http://localhost:97/ https://localhost:97/ https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://avatars-fast.yandex.net https://favicon.yandex.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com; media-src 'self' https://*.google.com https://*.google.ru https://*.yandex.net https://yandex.st https://yastatic.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io http://localhost:97 https://s0.2mdn.net; frame-src 'self' https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io http://localhost:* https://s0.2mdn.net https://px.adhigh.net http://webvisor.com; font-src https://*.gstatic.com https://s0.2mdn.net 'self'; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://localhost http://localhost https://s0.2mdn.net 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 frame-ancestors https://www.redvalentino.com/ https://www.redvalentino.com/ ; 1 default-src 'self'; script-src 'self' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net ajax.googleapis.com; style-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; img-src 'self'; font-src cdnjs.cloudflare.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.ytimg.com *.vimeo.com *.audioeye.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com https://cdn.knightlab.com; report-uri /report-csp-violation 1 img-src 'self' data: http://feather.aviary.com/ http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ http://www.algomi.com/ http://1.tl813.com/ http://maps.googleapis.com http://www.algomi.com.php56-25.ord1-1.websitetestlink.com/ http://m.algomi.com/ http://eu8.heatmap.it http://algomi.com/ https://tracking.leadlander.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://feather.aviary.com/ https://dme0ih8comzn4.cloudfront.net/js/feather.js https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://api.carehome.co.uk http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js http://code.jquery.com/jquery-1.11.3.min.js https://code.jquery.com/jquery-2.2.0.min.js https://postcodes.io/postcodes/ https://code.jquery.com/ui/1.12.1/jquery-ui.js https://code.jquery.com/ui/1.12.1/jquery-ui.js http://u.heatmap.it/ http://www.algomi.com/ http://www.efvrgb12.com/ http://t.sf14g.com/ http://code.jquery.com/ http://1.tl813.com/ http://s7.addthis.com/ http://m.addthis.com/ http://m.addthisedge.com/ http://graph.facebook.com/ http://www.linkedin.com/ https://formalyzer.com/ https://snap.licdn.com https://px.ads.linkedin.com/ https://v1.addthisedge.com/ https://v1.addthis.com/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://api.carehome.co.uk/assets/css/widget.css https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css http://feather.aviary.com/ http://www.algomi.com/ https://f.vimeocdn.com/ http://cloud.typography.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://www.algomi.com/; connect-src 'self' http://cd.aviary.com/ https://api-ag.aviary.com/ https://feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com/ http://featherservices.aviary.com/ http://www.algomi.com/ http://m.addthis.com https://login.cmadvantage.co.uk https://v1.addthis.com/; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://www.algomi.com/; media-src 'self'; object-src 'self'; frame-ancestors none 1 default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: https://players.brightcove.net https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: https://a.idio.co/ https://i.idio.co; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ https://s.idio.co/ia.js https://js.idio.co/1473.js https://s.idio.co/ip.js https://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/; style-src * 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mikescourtside.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mikescourtside.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; 1 default-src *; script-src 'unsafe-inline''unsafe-eval'; img-src *.oktacdn.com; 1 default-src 'self'; base-uri 'none'; form-action 'self' https://www.pcuonline2.org; frame-ancestors 'none'; script-src 'unsafe-inline' 'self' https://www.pcu.org https://www.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://onlineaccess.pcu.org https://www.pcuonline2.org https://pcu.staging.wpengine.com https://www.pcu.org https://pcu.dev https://secure.gravatar.com https://www.google-analytics.com https://www.pcu.org https://maps.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google.com https://connect.facebook.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.pcu.org https://fonts.googleapis.com https://code.ionicframework.com; img-src 'self' https://www.pcu.org https://www.googletagmanager.com https://i0.wp.com https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; media-src 'none'; frame-src 'self' https://www.google.com/; font-src 'self' data: https://www.pcu.org https://fonts.gstatic.com https://code.ionicframework.com; connect-src 'self' 1 frame-src 'none' 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com static.addtoany.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io s3.amazonaws.com sshs-web.s3.amazonaws.com *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com stats.g.doubleclick.net *.google-analytics.com; frame-src 'self' 'unsafe-inline' static.addtoany.com *.doubleclick.net *.google.com add auntbertha.com *.auntbertha.com players.brightcove.net *.youtube.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com sshs-web.s3.amazonaws.com; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com stats.addtoany.com *.google-analytics.com; report-uri //report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com/ https://dl.episerver.net/ https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://rum-static.pingdom.net https://maps.googleapis.com https://googleads.g.doubleclick.net https://8316073.fls.doubleclick.net https://www.googleadservices.com https://tagmanager.google.com https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://js.hs-scripts.com https://js.hs-analytics.net https://snap.licdn.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://static.ads-twitter.com https://az416426.vo.msecnd.net https://static.hotjar.com https://connect.facebook.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://dl.episerver.net/ https://fonts.googleapis.com https://tagmanager.google.com https://js.hs-scripts.com https://js.hs-analytics.net https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://snap.licdn.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://static.ads-twitter.com https://az416426.vo.msecnd.net https://static.hotjar.com https://connect.facebook.net https://bat.bing.com https://8316073.fls.doubleclick.net 1 script-src 'self' 'unsafe-inline' adservice.google.com *.doubleclick.net *.googleadservices.com *.googleanalytics.com *.google-analytics.com apis.google.com https://maps.googleapis.com https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.5.10/angular.min.js https://code.angularjs.org/1.5.10/angular-sanitize.min.js https://www.google.com/js/maia.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.googletagmanager.com tagmanager.google.com https://www.google.co.uk https://www.google.com/insights/consumersurveys/gk/static/hats-integration-release.js https://support.google.com/inapp/api.js https://www.gstatic.com/feedback/js/help/prod/service/screenshot.min.js http://www.google.com/tools/feedback/metric/report 'nonce-bl5L8OTitCjl'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com https://feedback.googleusercontent.com/resources/annotator.css https://tagmanager.google.com/debug/css.css; report-uri /csp_report/report/; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com www.youtube.com accounts.google.com apis.google.com plus.google.com drive.google.com *.doubleclick.net https://assets.braintreegateway.com https://www.googletagmanager.com https://feedback.googleusercontent.com/; img-src 'self' data: http: https:; media-src 'self' data: http: https:; object-src 'none'; connect-src 'self' plus.google.com www.google-analytics.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; base-uri 'self' 1 default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat2.nic.cz https://test-ipv6.nic.cz https://*.test-ipv6.nic.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.test-ipv6.nic.cz https://*.labs.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://csp.nic.cz/report/ 1 frame-ancestors 'self' zooniverse.org *.zooniverse.org webservices.crick.ac.uk CLVD0-WS-U-T-29.thecrick.org 1 parent-src none 1 frame-ancestors 'self', facebook.com, *.facebook.com 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com securesurf.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 X-WebKit-CSP: default-src 'self' 1 allow 'self' 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com googleapis.com youtube.com cdn.ywxi.net * ampcid.google.com *.addthis.com *.typekit.net www.googletagmanager.com www.google.com secure.gravatar.com; 1 base-uri 'self'; child-src 'self' gap: blob: assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com *.giga.com.sg *.axlecloud.info spit-fire-1cbb5.firebaseapp.com api.braintreegateway.com cx.getcloudcherry.com accounts.google.com www.googletagmanager.com www.youtube.com youtube.com; frame-src 'self' gap: blob: assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com *.giga.com.sg *.axlecloud.info spit-fire-1cbb5.firebaseapp.com api.braintreegateway.com cx.getcloudcherry.com accounts.google.com www.googletagmanager.com www.youtube.com youtube.com; connect-src 'self' api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.googleapis.com *.getcloudcherry.com accounts.google.com plugin.ucads.ucweb.com www.google-analytics.com stats.g.doubleclick.net; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob: assets.braintreegateway.com checkout.paypal.com data: cx.getcloudcherry.com www.google-analytics.com gjtrack.ucweb.com stats.g.doubleclick.net www.google.com.sg www.google.com i.vimeocdn.com www.googletagmanager.com csi.gstatic.com downloads.mailchimp.com gallery.mailchimp.com blob:; script-src 'self' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com cx.getcloudcherry.com c.paypal.com *.axlecloud.info apis.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com youtube.com acbot2.giga.com.sg downloads.mailchimp.com mc.us3.list-manage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=tyRB%2feQ1Lvh6hxEEzr3VUZeBZrhO0vhvHNYK7xbCSsrhpGdSNSq%2fVNdfF9%2b2WanSS2bvV%2fgSBKPGKVjzdL2%2bbaJvUsS%2fJHq4E%2bSkQiI0YVF9Z53ctOddJACf4Oa%2fZ%2fat65soGL3WhH4l5pJpNbm3Wived4TxdJjkvSq7AzaScfTq21s8sGp%2fLmSsJqivxG3k; 1 default-src 'self' https://rs.fullstory.com https://*.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.googletagmanager.com/ https://tagmanager.google.com/ https://maps.googleapis.com https://www.google-analytics.com https://fullstory.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com/; img-src 'self' data: https://*.gstatic.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.google.com.au https://*.google.com; frame-src 'self' https://www.youtube.com/ https://www.google.com; child-src 'self' https://www.youtube.com/ https://www.google.com; font-src 'self' https://themes.googleusercontent.com/ ; report-uri /report-csp-violation 1 font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.curator.io;img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://stats.g.doubleclick.net https://dc.yieldify.com https://dwmvwp56lzq5t.cloudfront.net https://scontent.cdninstagram.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://bat.bing.com https://ad.doubleclick.net https://go.flx1.com https://secure.adnxs.com https://cookiea1.veinteractive.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://hey.hellobar.com http://cookiea1.veinteractive.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://cdsaus2.veinteractive.com https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://cm.g.doubleclick.net https://veads.veinteractive.com https://insight.adsrvr.org https://sync.adap.tv https://assets.yieldify.com https://ads.yahoo.com https://pixel.advertising.com https://curatorio.s3.amazonaws.com https://cdn.curator.io https://x.bidswitch.net https://adservice.google.com https://d2nq7dn4e4z508.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://match.adsrvr.org https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://cdn.livechatinc.com https://tags.w55c.net https://us-u.openx.net https://i.w55c.net https://t.mookie1.com https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://su.addthis.com https://ad.sxp.smartclip.net;style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://dwmvwp56lzq5t.cloudfront.net https://cdn.curator.io https://platform.twitter.com https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://www.wufoo.eu https://configaus2.veinteractive.com https://bat.bing.com https://script.crazyegg.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://my.hellobar.com https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://d33wq5gej88ld6.cloudfront.net https://www.google.com https://www.gstatic.com https://dcc4iyjchzom0.cloudfront.net https://platform.instagram.com https://platform.twitter.com https://cdn.curator.io https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://d1l6p2sc9645hc.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://s.adroll.com https://d.adroll.com https://ib.adnxs.com https://www.wufoo.com https://secure.wufoo.com https://apps.rokt.com https://roktcdn1.akamaized.net https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdn.taboola.com https://www.eventbrite.com.au https://woobox.com https://trc.taboola.com https://wineselectors.ipscape.com.au https://cdn.otherlevels.com;default-src 'self' https://images.wineselectors.com.au https://configaus2.veinteractive.com https://vars.hotjar.com https://www.google.com https://www.facebook.com https://roktcdn1.akamaized.net;connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://api.curator.io https://appsapihk.veinteractive.com https://cookiea1.veinteractive.com https://c.flx1.com wss://ws1.hotjar.com https://cdsaus2.veinteractive.com https://bacon.section.io https://in.hotjar.com https://apps.rokt.com https://stats.g.doubleclick.net https://www.facebook.com https://trc.taboola.com https://sessionapihk.veinteractive.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com;media-src 'self' https://images.wineselectors.com.au https://cdn.livechatinc.com;object-src 'self' https://images.wineselectors.com.au;child-src 'self' https://www.youtube.com https://www.google.com https://vars.hotjar.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://syndication.twitter.com https://www.instagram.com https://wineevents.wufoo.eu https://wineevents.wufoo.eu https://configaus2.veinteractive.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://apps.rokt.com https://www.google.com.au https://secure.livechatinc.com https://woobox.com https://wineselectors.ipscape.com.au; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safesurfs.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src 'self' data:; style-src 'unsafe-inline' https:; font-src 'self' https: data:; object-src 'self'; frame-src 'self'; media-src 'self'; 1 media-src *, script-src self 'unsafe-eval' 'unsafe-inline' https://mc.yandex.ru https://xn--62-dlchecl2bsdax2n.xn--p1ai https://google.com https://www.gstatic.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline' 1 default-src 'self' data: *.halkbank.com.tr *.doubleclick.net t.co *.facebook.com *.facebook.com.tr *.gstatic.com *.google.com *.google.com.tr *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.creative-serving.com *.ads-twitter.com *.twitter.com; 1 frame-ancestors https://*.omantel.om 1 default-src 'self' *.dohasooq.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://chat.freshdesk.com https://stats.pusher.com https://freegeoip.net https://t.omkt.co https://t3438570.icpro.co https://d36mpcpuzc4ztk.cloudfront.net query.yahooapis.com https://cdn.ckeditor.com code.highcharts.com code.jquery.com https://maps.google.com maps.googleapis.com https://bam.nr-data.net https://js-agent.newrelic.com cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com https://api.q-tickets.com https://apis.google.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://d36mpcpuzc4ztk.cloudfront.net https://cdn.ckeditor.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com; img-src 'self' data: https://t.omkt.co https://d36mpcpuzc4ztk.cloudfront.net http://www.q-tickets.com www.google.com https://maps.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net https://cdn.ckeditor.com https://s3-ap-southeast-1.amazonaws.com https://dohasooqproduction.s3.ap-south-1.amazonaws.com https://d1ua6rfbo1g04v.cloudfront.net https://www.google-analytics.com https://www.google.co.in https://*.facebook.com https://www.googletagmanager.com;media-src 'self' www.youtube.com https://d36mpcpuzc4ztk.cloudfront.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com;frame-src 'self' https://www.google.com https://www.youtube.com https://accounts.google.com https://*.facebook.com https://*.facebook.net;connect-src 'self' wss://ws.pusherapp.com https://*.facebook.com https://chat.freshdesk.com https://maps.googleapis.com wss://chat.freshdesk.com 1 default-src 'self' http://free.timeanddate.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com; frame-src 'self' http://www.indianembassy.in.th https://www.youtube.com https://www.youtube-nocookie.com http://free.timeanddate.com; connect-src 'self'; img-src 'self' http://www.google-analytics.com; style-src 'self' 'unsafe-inline' ; 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https: wss: 1 ALLOW-FROM http://pictor.kz 1 allow 'self' *.onesignal.com; 1 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' api.iconify.design *.google-analytics.com *.gerc.ua *.google.com *.samsung.com *.visa.com *.googleapis.com *.googletagmanager.com *.kmda.gov.ua *.gstatic.com; style-src 'self' data: 'unsafe-inline' *.gerc.ua *.googleapis.com *.gstatic.com; media-src 'self' blob: ; frame-ancestors 'self' *.gerc.ua gioc.kiev.ua *.gioc.kiev.ua suvorovskiy.com.ua *.suvorovskiy.com.ua *.kyivcity.gov.ua openosh.site cks.kiev.ua oschadbank.ua *.oschadbank.ua cks.com.ua kte.kmda.gov.ua *.kmda.gov.ua; font-src 'self' data: *.gerc.ua fonts.googleapis.com fonts.gstatic.com 1 "default-src 'self' *.twitter.com *.holyspirit.ab.ca *.google-analytics.com" 1 object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net use.typekit.net *.consumercare.net h6.consumercare.net www.googletagmanager.com www.google-analytics.com cdn.ckeditor.com woobox.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net woobox.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net use.typekit.net *.consumercare.net h6.consumercare.net maxcdn.boostrapcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.ckeditor.com; img-src 'self' 'unsafe-inline' stats.g.doubleclick.net www.google-analytics.com cdn.ckeditor.com p.typekit.net www.facebook.com www.google.com; media-src 'self' 'unsafe-inline' ballparkbuns.s3.us-east-2.amazonaws.com; frame-src woobox.com connect.facebook.net www.facebook.com *.googleadservices.com *.doubleclick.net.; font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.jsdelivr.net use.typekit.net; connect-src 'self' performance.typekit.net *.doubleclick.net stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1 frame-ancestors apps.facebook.com flydreamers.com 1 frame-ancestors 'self' https://*.head.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 default-src 'self' https://*.intuitivepassword.com http://*.intuitivepassword.com https://cdn.jsdelivr.net https://*.tawk.to; img-src 'self' https://*.intuitivepassword.com https://intuitivepassword.com wss://*.intuitivepassword.com https://*.stripe.com https://*.tawk.to wss://*.tawk.to https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net data: http://*.google-analytics.com https://csi.gstatic.com; object-src 'self' https://*.stripe.com https://*.tawk.to wss://*.tawk.to https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://*.intuitivepassword.com https://intuitivepassword.com wss://*.intuitivepassword.com https://*.stripe.com https://*.tawk.to wss://*.tawk.to https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.intuitivepassword.com https://intuitivepassword.com wss://*.intuitivepassword.com https://*.stripe.com https://*.tawk.to wss://*.tawk.to https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.intuitivepassword.com http://*.intuitivepassword.com https://cdn.jsdelivr.net https://*.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.intuitivepassword.com https://intuitivepassword.com wss://*.intuitivepassword.com https://*.stripe.com https://*.tawk.to wss://*.tawk.to https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net http://*.google-analytics.com https://csi.gstatic.com https://*.intuitivepassword.com http://*.intuitivepassword.com https://cdn.jsdelivr.net https://*.tawk.to; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.intuitivepassword.com https://intuitivepassword.com wss://*.intuitivepassword.com https://*.stripe.com https://*.tawk.to wss://*.tawk.to https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.intuitivepassword.com http://*.intuitivepassword.com https://cdn.jsdelivr.net https://*.tawk.to; frame-src 'self' https://*.stripe.com https://*.tawk.to wss://*.tawk.to https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; upgrade-insecure-requests; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer strict-origin-when-cross-origin; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com *.inspectlet.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.stripe.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' *.google-analytics.com *.google.com *.googleapis.com; img-src 'self' data: maps.gstatic.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com *.inspectlet.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.listerhill.com; frame-src data: *.listerhill.com *.google-analytics.com *.google.com *.stripe.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.typeform.com zlcuma.secure.fundsxpress.com; font-src 'self' data: *.google-analytics.com *.google.com fonts.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.inspectlet.com wss://ws.inspectlet.com 1 default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1 style-src 'unsafe-inline' 'self' http: https: ; 1 default-src 'self'; script-src 'unsafe-inline' 'self' *.googleapis.com *.newrelic.com *.nr-data.net *.google-analytics.com *.google.com *.getsitecontrol.com *.gstatic.com *.kxcdn.com 'strict-dynamic' 'nonce-c82c37d1c0452b9552b47fe6'; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com *.bootstrapcdn.com; img-src 'self' * data:; frame-src 'self' *.google.com; font-src *.googleusercontent.com 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.apigee.com *.getsitecontrol.com *.apigee.net; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/sdk.js www.google-analytics.com https://www.google-analytics.com apis.google.com plotdb.disqus.com a.disquscdn.com portal.cherritech.net; style-src 'self' 'unsafe-inline' www.google-analytics.com fonts.googleapis.com a.disquscdn.com; img-src 'self' data: blob: www.google-analytics.com www.facebook.com static.xx.fbcdn.net csi.gstatic.com *; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com; frame-src 'self' plotdb.io data: blob: *.facebook.com *.googleapis.com accounts.google.com disqus.com; connect-src 'self' data: blob: plotdb.com links.services.disqus.com *.tappayapis.com 1 default-src 'self' https://*.lacaixa.es https://*.promocaixa.es; img-src 'self' https://*.lacaixa.es https://*.promocaixa.es data:; style-src 'self' 'unsafe-inline' https://*.lacaixa.es https://*.promocaixa.es; font-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com; connect-src 'self' https://*.lacaixa.es https://*.promocaixa.es; frame-src https://www.google.com https://www.gstatic.com; 1 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: spscc.radiusbycampusmgmt.com spscc.hobsonsradius.com 25livepub.collegenet.com 5p4rk13.com bbox.blackbaudhosting.com connect.facebook.net cse.google.com e.issuu.com fonts.googleapis.com loader.webspellchecker.net rw1.marchex.io scripts.mymarketingreports.com spscc.hobsonsradius.com translate.google.com translate.googleapis.com www.google-analytics.com www.googleapis.com www.google.com www.googletagmanager.com www.googleadservices.com www.tickcounter.com googleads.g.doubleclick.net siteimproveanalytics.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdnjs.cloudflare.com fonts.googleapis.com spscc.radiusbycampusmgmt.com spscc.hobsonsradius.com translate.googleapis.com www.google.com; img-src 'self' 'unsafe-inline' data: 25livepub.collegenet.com bbox.blackbaudhosting.com clients1.google.com fonts.googleapis.com i.ytimg.com px.marchex.io spscc.edu spscc.radiusbycampusmgmt.com spscc.hobsonsradius.com stats.g.doubleclick.net translate.google.com translate.googleapis.com www.facebook.com www.google-analytics.com www.googleapis.com www.google.com www.gstatic.com *.siteimprove.com *.siteimproveanalytics.io googleads.g.doubleclick.net; media-src 'self' 'unsafe-inline'; frame-src 'self' 5p4rk13.com bbox.blackbaudhosting.com calendar.google.com connect.facebook.net cse.google.com e.issuu.com maps.google.com snapwidget.com staticxx.facebook.com www.facebook.com www.google.com www.tickcounter.com www.youtube.com googleads.g.doubleclick.net; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com staticxx.facebook.com www.google.com; connect-src 'self' translate.googleapis.com; report-uri /report-csp-violation 1 frame-ancestors 'self' https://*.tyrolia.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://c.go-mpulse.net https://s.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sitecore.net *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.qq.com *.sharethis.com *.vzaar.com *.mookie1.com *.tiqcdn.com *.akamaihd.net *.adnxs.com *.google.com *.google.com.hk *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.cloudfront.net c.sharethis.mgr.consensu.org *.salecycle.com *.myqcloud.com *.gstatic.com *.recaptcha.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sitecore.net *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.qq.com *.sharethis.com *.vzaar.com *.mookie1.com *.tiqcdn.com *.akamaihd.net *.adnxs.com *.google.com *.google.com.hk *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.cloudfront.net c.sharethis.mgr.consensu.org *.salecycle.com *.gstatic.com *.recaptcha.net; style-src 'self' 'unsafe-inline' *.sharethis.com ; img-src *; media-src * blob:; object-src 'self' *.qq.com; 1 frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://usagym.hqam6nre-liquidwebsites.com; 1 script-src 'self' www.google-analytics.com ajax.googleapils.com: 1 frame-ancestors * 1 allow 'self'; media-src *; img-src *; script-src *; style-src *; 1 default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-ufVnD1G7MLJfxv/+j+rwqQiMj3BQnOT8KucretfbTaQ=' 'sha256-s1OGjE45i+P0wOE8yl6FHoCRyaBMFR0UPklIgPRXjiI='; style-src 'self' 'unsafe-inline' 'sha256-NaXtdx5T9YmY+ZkFTvft4VBkkU0u6SpScShWZ2lBO7M=' 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://formcarry.com/ https://maps.googleapis.com https://www.googletagmanager.com/gtag/js https://*.google-analytics.com https://wchat.freshchat.com; frame-src 'self' https://*.freshchat.com ; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://wchat.freshchat.com; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com/static/fonts/; connect-src 'self' https://formcarry.com/ http://maps.googleapis.com; block-all-mixed-content; 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' vit.tube wss://peer.vit.tube https://media.vit.tube https://newmedia.vit.tube https://peer.vit.tube api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self' vit.tube touchit.social blob:; report-uri /api/v1/csp_violation 1 default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self'; 1 default-src https: https://*.gstatic.com https://tagmanager.google.com https://*.hotjar.com; frame-src https://api.quickstream.westpac.com.au https://www.google.com https://*.hotjar.com https://www.googletagmanager.com https://e.issuu.com/embed.html https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://s7.addthis.com/static/ https://www.facebook.com/tr/ https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://*.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.quickstream.westpac.com.au https://*.salesforce.com https://tagmanager.google.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://m.addthisedge.com/live/ https://*.addthis.com/ https://e.issuu.com/embed.js https://dnn506yrbagrg.cloudfront.net/pages/scripts/0022/9283.js https://7217441.collect.igodigital.com/collect.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1619154008352119 https://www.google-analytics.com/plugins/ua/ec.js https://jobadder.com/widgets/V1/Jobs/RenderJobList https://apps.jobadder.com/widgets/V1/Jobs/RenderJobList https://jobadder.com/widgets/V1/Jobs/RenderJobDetails https://tagmanager.google.com https://*.hotjar.com https://script.crazyegg.com https://*.adroll.com https://*.facebook.net; connect-src 'self' https://api.quickstream.westpac.com.au https://compassionau.force.com https://api.compassion.com.au https://concierge.compassion.com.au https://www.google.com/recaptcha/api2 https://*.algolia.net https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com/j/collect https://www.facebook.com/tr/ https://jobadder.com/widgets/V1/Error/LogError https://apps.jobadder.com/widgets/V1/Error/LogError https://m.addthis.com/live/red_lojson/100eng.json https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: https://media.ci.org https://images.ctfassets.net https://images.contentful.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://stats.g.doubleclick.net/r/collect https://nova.collect.igodigital.com/c2/7217441/track_page_view https://www.facebook.com/tr/ https://nova.collect.igodigital.com/c2/7217441/track_cart https://nova.collect.igodigital.com/c2/7217441/track_conversion https://auproddownloads.blob.core.windows.net/compassion/ https://jobadder.com/widgets/ https://apps.jobadder.com/widgets/ http://*.tile.openstreetmap.org/ https://server.arcgisonline.com/ArcGIS/ https://d33wubrfki0l68.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://*.gstatic.com https://*.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://trc.taboola.com https://eb2.3lift.com https://ads.yahoo.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://tags.bluekai.com https://p.adsymptotic.com https://pippio.com/ https://cm.g.doubleclick.net/ https://*.googletagmanager.com https://*.google.com https://*.youtube.com 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri https://login.mla.com.au/core/csp/report 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-CM+xWs8Yn6h6FYTNRIAprjkzOLwdavIneA0Dc1bJwng=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 frame-ancestors 'self' www.skaki64.gr skaki64.gr 1 default-src 'self' data: 'unsafe-inline' giphy.com *.giphy.com *.spotify.com *.plyr.io *.gravatar.com *.facebook.net *.facebook.com *.typekit.net *.bugherd.com *.google-analytics.com *.googletagmanager.com *.vimeo.com *.admindagency.com; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safesurfs.com ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 1 default-src 'self' ; frame-src 'self' https://api.mtbank.by https://mpi.mtbank.by https://mpi.mtbank.by:80 https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://blinger.io https://app.blinger.io https://static.mybank.by data: blob: https://www.google-analytics.com https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' wss://app.blinger.io; media-src 'self' 1 nosniff; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' ; img-src 'self' data: https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline' 'unsafe-eval' 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 1 default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com/; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com sp.zalo.me www.google.com bid.g.doubleclick.net api01-platform.stream.co.jp; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in; report-uri /report-csp-violation 1 default-src * 'unsafe-inline' data: ; font-src * 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval' https: 1 script-src 'self' 'nonce-11721984212542329379' https://gordioscdn.azureedge.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'nonce-11721984212542329379' https://gordioscdn.azureedge.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;default-src 'self' https://gordioscdn.azureedge.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; 1 sandbox allow-scripts allow-same-origin allow-forms ; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com yourconnectivity.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self' rufilm.tv rufilmtv.org *.twitch.tv player.twitch.tv cdn.jsdelivr.net *.union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru 6xuar.gdn; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rufilmtv.club *.youtube.com *.newsadsppush.com newsadsppush.com *.union-site-data.com *.pbcde.com *.nshes.ru pbcde.com nshes.ru *.gnezdo.ru news.gnezdo.ru news.2xclick.ru theyhat.com smartpush1.info smartpush11.info smartpush10.info smartpush0.info *.q-sht-zidjk.co q-sht-zidjk.co adbetnet.advertserve.com json.bannersvideo.com fcrgzqkbtgu.co octomarket.com adtrak.org adfill.me advmaker.su yt.advmaker.su json.bannersvideo.com bannersvideo.com 1plus1.video *.adbetclickin.pink http://serving.bepolitee.eu adlmerge.com gynax.com bgrndi.com https://fqtag.com osnn.work hydr.work luxup2.ru http://marvin.pw/ https://c.fqtag.com/ rufilm.tv brokeloy.com widefox.ru slowpoker.ru hgbn.network cdn7.network www.resttort.ru resttort.ru deenomo.com lolaken.com lopireto.com roklerok.com am15.net kadanoda.ru vakadiki.ru tozipoto.com zirifaha.ru kibitaqa.ru kiviraha.ru kilisaqa.ru retaraka.ru tisatama.ru tisataga.ru tozimoto.com tozikoto.com toziroto.com tozitoto.com tozipoto.com vogorana.ru vogozaw.ru vogozae.ru uuidksinc.net imdj.3793369.pix-cdn.org rtb.kadam.ru vogozae.ru aurumforyou.com yandex.ru yandex.st mc.yandex.ru www.google-analytics.com vk.com ulogin.ru luxup.ru *.luxup.ru *.am15.net *.thor-media.ru qepath.info zakoofoo.info zoobynu.info hbkii.xyz nucegu.info duxyve.info qezuqa.info cyjycu.info cpasmrttds.info adsblockkpush.com accommon.info samnioc.info dialected.info *.supuv2.com alphamrkt.com 6xuar.gdn mylma.gdn xml.adbetnet.com *.adbetnet.com *.braun634.com m-shes.ru adbetnet.com etcxx.com mxccs.com mdapi.ru mdsrc.ru *.rtbsystem.com *.marketgid.com *.mgid.com *.steepto.com *.adlabs.ru dodrek.com psma01.com psma02.com psma03.com adservone.com *.onedmp.com *.videoviewer.ru bequri.com gotriki.com cdn.hgdat.com *.twitch.tv player.twitch.tv cdn.jsdelivr.net hghit.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' rufilm.tv *.reyden-x.com reyden-x.com *.twitch.tv player.twitch.tv cdn.jsdelivr.net stream.reyden-x.com http://fonts.googleapis.com; font-src 'self' rufilm.tv fonts.gstatic.com data:; object-src 'self' rufilm.tv *.am15.net am15.net; frame-src 'self' data: *.twitch.tv player.twitch.tv *.braun634.com cdn.jsdelivr.net *.union-site-data.com union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru *.videomore.ru videomore.ru samnioc.info https://ad.anistar.me ad.anistar.me *.adbetnet.com t.co ad.anistar.me stream.reyden-x.com tvzvezda.ru 1plus1.video out.pladform.ru https://fqtag.com allmovie.pro http://allmovie.tv http://player.ictv.ua https://kaztube.kz ren.tv tvc.ru m-shes.ru www.tvc.ru rufilm.tv rufilmtv.org am15.net yt.advmaker.su advmaker.su my.mail.ru uuidksinc.net *.amazonaws.com ok.ru *.ok.ru vk.com veterok.tv www.youtube.com *.ivi.ru *.vgtrk.com *.1ru.tv *.1tv.ru *.ntv.ru *.gnezdo.ru *.am15.net rutube.ru *.videomore.ru *.my.mail.ru ictv.ua rmbn.net psma01.com psma02.com psma03.com *.onedmp.com ovva.tv cdn7.network www.videokub.net *.adbetclickin.pink; connect-src 'self' rufilm.tv ws://brokeloy.com:8040 stream.reyden-x.com *.reyden-x.com samnioc.info yt.advmaker.su mc.yandex.ru rtb.kadam.ru *.twitch.tv player.twitch.tv cdn.jsdelivr.net 1 default-src 'self'; script-src 'self' www.google-analytics.com maps.googleapis.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.g.doubleclick.net https://s.ytimg.com/yts/jsbin/ *.googleadservices.com *.google.com *.google.cz http://platform.linkedin.com https://www.transguardgroup.com 1 frame-ancestors https://*.cpcworldwide.com 1 default-src 'self' https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in https://*.netdna-ssl.com https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.muut.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://js.braintreegateway.com https://*.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in https://*.netdna-ssl.com https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; object-src 'self' https://*.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.muut.com https://*.bootstrapcdn.com https://*.fontawesome.com https://static.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in https://*.netdna-ssl.com https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; img-src 'self' data: https://secure.gravatar.com https://s.w.org https://static.olark.com https://log.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in https://*.netdna-ssl.com https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; media-src 'self' https://static.olark.com https://*.youtube.com; frame-src 'self' https://www.inreda.com https://www.elegantthemes.com/ https://assets.braintreegateway.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in https://*.netdna-ssl.com https://www.google.com https://*.hotjar.com/recaptcha/; font-src 'self' data: https://cdn.muut.com https://*.bootstrapcdn.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in https://*.netdna-ssl.com https://*.fontawesome.com https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; connect-src 'self' https://*.muut.com https://vc.hotjar.io wss://ws9.hotjar.com wss://ws4.hotjar.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://nrpc.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in https://*.netdna-ssl.com https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com ;report-uri https://www.webbfabriken.com/_sys/csp_report_log/insert.php 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.g.doubleclick.net https://s.ytimg.com https://fonts.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://infra.mcit.gov.sa https://cdn.ckeditor.com https://www.google.com/maps/embed https://maps.google.com/maps https://usf.maps.arcgis.com/apps/TimeAware/index.html https://www.google.com/videohp https://mcit.gov.sa/sites/default/files/fileAr.pdf https://youtu.be/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src *; connect-src 'self'; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com esurf.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com web-start.org ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 true 1 style-src 'self' 'unsafe-inline' 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.jquery.com *.webspellchecker.net *.addtoany.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com *.exchange.jo track.adform.net img04.en25.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net *.eloqua.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com c1.adform.net; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com track.adform.net; report-uri /report-csp-violation 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' serey.io https://api.serey.io; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com use.fontawesome.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net use.fontawesome.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; report-uri /api/v1/csp_violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' monart.art data: *.googleapis.com *.google-analytics.com *.gstatic.com *.youtube.com *.ytimg.com *.ggpht.com icobench.com cryptototem.com www.trackico.io icomarks.com icopulse.com *.doubleclick.net 1 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://ssl.google-analytics.com https://ajax.googleapis.com; style-src 'unsafe-inline' 'self'; reflected-xss filter 1 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.com/ads https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; media-src 'self'; frame-src 'self' https://trustly.desk.com https://accounts.google.com https://www.google.com/maps/embed https://maps.google.se/maps https://www.youtube.com https://tb.de17a.com https://services.trustlylabs.com/recaptcha/; script-src 'self'; font-src 'self'; connect-src 'self' https://services.trustlylabs.com https://tr.datanyze.com https://t.co https://www.salesforce.com https://api.lever.co; 1 frame-ancestors https://*.milwaukeetool.eu 1 default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com www.google.com https://www.gstatic.com js-agent.newrelic.com bam.nr-data.net tagmanager.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com tagmanager.google.com fonts.googleapis.com ; img-src 'unsafe-inline' 'self' data: https://www.google-analytics.com stats.g.doubleclick.net https://www.google.com https://www.google.co.in www.msig.com.hk ssl.gstatic.com www.gstatic.com www.facebook.com; frame-src 'self' https://www.youtube.com sp.zalo.me https://www.google.com bid.g.doubleclick.net https://www.facebook.com ; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in s3-ap-southeast-1.amazonaws.com ; report-uri /report-csp-violation 1 script-src 'self' 'nonce-AbOij6PFlL1g22n6B1WTj'; default-src 'self' 1 default-src 'self' https://mozillathimblelivepreview.net; frame-src 'self' https://docs.google.com blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; child-src 'self' https://pontoon.mozilla.org blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; script-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://mozorg.cdn.mozilla.net https://www.google-analytics.com https://pontoon.mozilla.org https://mozillathimblelivepreview.net; connect-src 'self' https://pontoon.mozilla.org https://mozilla.github.io/thimble-homepage-gallery/activities.json https://api.github.com/repos/mozilla/thimble.mozilla.org/issues https://mozillathimblelivepreview.net; frame-ancestors https://pontoon.mozilla.org; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://code.cdn.mozilla.net/ https://pontoon.mozilla.org; img-src *; media-src *; style-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://fonts.googleapis.com https://mozorg.cdn.mozilla.net https://netdna.bootstrapcdn.com https://pontoon.mozilla.org 'sha256-AnlD8XRHNPxhNZ/6MucKFJr9yYGQtn8bmvveYkBg7a4=' 1 frame-ancestors 'self' *.trade.com 1 default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1 connect-src 'self' https://www.googleapis.com/customsearch/v1 https://dc.services.visualstudio.com ; frame-src 'self' https://www.youtube.com https://trk.adstrck123.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ ; default-src 'self' ; img-src 'self' data: https://*.tmcdn.co.nz https://www.google.co.nz/ads https://www.google.com/ads https://www.facebook.com https://www.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://trk.adstrck123.com https://ssl.gstatic.com https://www.gstatic.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.co-operativebank.co.nz https://tagmanager.google.com https://fonts.googleapis.com ; media-src blob: ; font-src 'self' data: 1 default-src https://ipara.com;https://ipara.com.tr 1 default-sec 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1 child-src *;connect-src 'self' https://www.google-analytics.com https://*.googleapis.com/ https://www.facebook.com https://stats.g.doubleclick.net https://*.google.com https://*.google.cz https://*.google.sk https://*.smartlook.com;default-src 'self';font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com https://*.typekit.net;form-action 'self' * https://www.facebook.com https://connect.facebook.net;frame-ancestors 'self';frame-src *;img-src data: *;media-src 'self';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleadservices.com https://www.google.cz https://www.google.sk https://www.youtube.com https://*.ytimg.com https://*.smartlook.com https://*.cloudflare.com https://ssl.google-analytics.com http://*.google-analytics.com http://www.google-analytics.com/ga.js https://www.google-analytics.com/ga.js self;style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.typekit.net https://*.cloudflare.com; 1 default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' analytics.monkeytracker.cz *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com https://googleads.g.doubleclick.net;form-action 'self';frame-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz www.google.com 1 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://insights.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh; report-uri /eur/report-csp-violation 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ssl.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com; img-src 'self' code.jquery.com ssl.google-analytics.com; media-src 'self'; frame-src 'self'; font-src 'self' fonts.gstatic.com 1 base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-+KfssatZPYDkgVkcftnfy7hF' 'nonce-97jzbHtyJ9ixBKBxqw+dq6Ii' 'nonce-cz3V5ip0u9yYlL5O4e4J2Ey3' 'nonce-Bdnx2yjfUKit8t4Al3WINaA6' 'nonce-+zWx2t6wMloLBG7SnWnje1yZ' 'nonce-J30ogr3QQdn2vqRKMQ84Vpm9' 'nonce-B3cloRvTTyoaVJQZ0gyee0dI' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1 default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com http://*.ecal.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net *.cloudfront.net *.sharethis.com https://vjs.zencdn.net/5.11.6/video.min.js https://www.youtube.com/iframe_api https://api.keen.io/3.0/projects/57e146aa8db53dfda8a703aa/events/* https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js http://*.hotjar.com *.twitter.com *.twimg.com http://*.hotjar.com https://*.hotjar.com http://sync.ecal.com/button/v1/main.js 'unsafe-eval' http://sync.ecal.com/button/v1/main.js http://sync.ecal.com/button/v1/widget.0d984b8.js https://widget.spreaker.com/widgets.js https://4screens.net/4screens-service-loader.js https://www.4screens.net/4screens-service-loader.js https://4screens.net/* https://4screens.net/4screens-embed.js https://4screens.net/4screens-service-loader.js; object-src *.googletagmanager.com *.google.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google.com https://vjs.zencdn.net/5.11.6/video-js.min.css https://d3b68xc7uyqhns.cloudfront.net/assets/css/schuh.css *.twitter.com https://ws.sharethis.com/button/css/buttons-secure.css http://sync.ecal.com https://sync.ecal.com/button/v1/css/widget.0d984b8.css https://sync.ecal.com/button/v1/css/*; img-src * http://*.hotjar.com https://*.hotjar.com; media-src 'self' *.googletagmanager.com *.google.com; frame-src 'self' https://www.google.com https://www.youtube.com https://video.pdc.tv *.googletagmanager.com *.google.com https://*.hotjar.com *.twitter.com https://pdc.tell-us-what-you-think.com https://c.sharethis.mgr.consensu.org https://ws.sharethis.com http://t.sharethis.com http://l.sharethis.com https://sync.ecal.com https://sync.ecal.com/* https://sync.ecal.com https://widget.spreaker.com https://4screens.net/4screens-service-loader.js https://www.4screens.net/4screens-service-loader.js https://4screens.net/* https://4screens.net/e/* https://4screens.net/*/* https://www.4screens.net https://4screens.net https://4screens.net/e/5c07a19bea892f010005ba9a?height=auto&width=100%25; frame-ancestors *.googletagmanager.com *.google.com; child-src *.googletagmanager.com *.google.com https://*.hotjar.com; font-src 'self' *.googletagmanager.com *.google.com http://*.hotjar.com https://*.hotjar.com; connect-src 'self' https://pdclive.servasport.com https://www.sportradar.com *.googletagmanager.com *.google.com https://drive-video.herokuapp.com/mbx/c889b040 https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https://t.sharethis.com/* https://*.sharethis.com https://vc.hotjar.io https://api.ecal.com https://api.ecal.com/*; report-uri /report-csp-violation 1 frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 1 default-src 'self' data: ads.papabaerproductions.com *.googleapis.com https://ssl.google-analytics.com *.tinymce.com *.tiny.cloud *.gstatic.com; script-src 'self' data: 'unsafe-inline' certify-js.alexametrics.com ads.papabaerproductions.com *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.facebook.net *.cloudfront.net *.cloudflare.com; style-src 'self' data: 'unsafe-inline' ads.papabaerproductions.com *.tinymce.com *.tiny.cloud *.google.com *.googleapis.com https://ssl.google-analytics.com *.gstatic.com; img-src 'self' data: blob: certify.alexametrics.com *.google.com *.google-analytics.com cloudfront-labs.amazonaws.com *.facebook.net *.cloudfront.net ads.papabaerproductions.com; frame-src 'self' data: *.google.com *.facebook.com ads.papabaerproductions.com; media-src 'self' blob:; object-src 'self' blob:; 1 default-src 'self' data:; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: www.google-analytics.com maps.googleapis.com cache.gametracker.com csi.gstatic.com maps.gstatic.com i.ibb.co *.postimg.cc postimgs.org *.postimg.org *.steamstatic.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com mod.postimage.org postimgs.org www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google-analytics.com maps.googleapis.com www.youtube.com *.ytimg.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com postimgs.org; child-src 'self' www.google.com/recaptcha/ www.youtube.com; connect-src 'self' gdata.youtube.com; media-src 'self' www.dropbox.com dl.dropboxusercontent.com; report-uri https://ithafen.report-uri.com/r/d/csp/enforce 1 default-src 'self';font-src 'self' data: fonts.gstatic.com;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.googleadservices.com *.glami.cz support.ebscohost.com *.facebook.net;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' www.youtube.com *.iplatba.cz *.google.com *.facebook.com;worker-src 'self' www.youtube.com *.iplatba.cz *.google.com *.facebook.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.glami.cz *.fg.cz *.placeholder.com *.uhk.cz support.ebscohost.com *.facebook.com;style-src 'self' 'unsafe-inline' *.googleapis.com analytics.monkeytracker.cz *.google.com;object-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maxymiser.net:* *.cloudfront.net:* *.googletagmanager.com:* *.facebook.net:* *.tvsquared.com:* *.tito.io:* *.youtube.com:* *.outbrain.com:* *.google-analytics.com:* *.ytimg.com:* *.google.com:* *.gstatic.com:* *.newrelic.com *.micpn.com:* *.nr-data.net:* *.twitter.com:* *.pinterest.com:* *.craftyclicks.co.uk:* *.blackbaudhosting.com:* *.ubembed.com:* *.pinimg.com:* *.adsrvr.org:* *.ads-twitter.com:* *.bing.com:* *.kiosk.bdch.org.uk:*; object-src *.cloudfront.net:* *.cloudfront.net *.maxymiser.net:* *.kiosk.bdch.org.uk:*; style-src 'self' 'unsafe-inline' *.acquia-sites.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.blackbaudhosting.com:*; img-src 'self' data: *.cloudfront.net *.cloudfront.net:* *.adnxs.com:* *.tvsquared.com:* *.outbrain.com:* *.google-analytics.com:* *.facebook.com:* *.doubleclick.net:* *.googletagmanager.com:* *.google.com:* *.google.co.uk:* *.atdmt.com:* *.adnxs.com:* *.google.co.in:* *.force.com:* *.ytimg.com:* *.micpn.com:* *.twitter.com:* *.battersea.org.uk:* *.adsrvr.org:* *.casalemedia.com:* *.pinterest.com:* *.blackbaudhosting.com:* t.co:* *.bing.com:* *.google.dk:* *.google.pl:* *.google.gr:*; media-src 'self' *.cloudfront.net:* *.cloudfront.net; frame-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:* *.kiosk.bdch.org.uk:*; child-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:*; font-src 'self' 'unsafe-inline' *.googleusercontent.com:* *.google.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.maxymiser.net:* data:* data: *.bdch.org.uk:*; connect-src 'self' *.google-analytics.com:* *.maxymiser.net:* *.facebook.com:* *.pinterest.com:* *.doubleclick.net:* *.kiosk.bdch.org.uk:* *.bdch.org.uk:*; report-uri /report-csp-violation 1 frame-ancestors https://www.karl.com/ https://www.karl.com/ http://www.optimizely.com https://www.optimizely.com; 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-D33cujAzb0PIfYJnbuakMs193zi+a08n49rF3SF1ymY=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1 allow 'self' *.sekeha.com *.enamad.ir *.shaparak.ir *.google.com; options inline-script eval-script; img-src *; script-src 'self' *.sekeha.com *.google-analytics.com *.doubleclick.net; style-src 'self' *.sekeha.com; frame-ancestors none; 1 : default-src * 1 default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net ; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' http://free.timeanddate.com/ https://freesecure.timeanddate.com https://free.timeanddate.com https://www.fieo.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' https://www.youtube.com http://free.timeanddate.com/ https://freesecure.timeanddate.com/ https://free.timeanddate.com/; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com *.cdn.rawgit.com https://cdn.rawgit.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ https://apps.kaonadn.net; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 1 default-src 'self'; script-src 'self' http://*.google.com https://*.google.com 1 frame-ancestors 'self' *.mygro.com mygro.com *.mygro.test mygro.test; object-src 'none'; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safebrowsing.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://www.google.com https://www.google-analytics.com/analytics.js data: https://www.youtube.com https://www.google-analytics.com https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://js-agent.newrelic.com https://ajax.cloudflare.com https://unpkg.com https://maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1 connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https: 'unsafe-inline'; object-src 'self' *.wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com *.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; media-src 'self' *.wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1 default-src 'self' *.soundcloud.com *.sndcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com tagmanager.google.com; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com; frame-src 'self' *.cloudfront.net *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com/; report-uri /report-csp-violation 1 default-src 'self' www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1 default-src 'self' 'unsafe-inline' https://fonts.gstatic.com; block-all-mixed-content; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; img-src 'self' appsco.loc apps.loc https://chart.googleapis.com *.appsco.com localhost https://plus.google.com https://q.stripe.com https://www.gstatic.com https://www.google-analytics.com https://*.googleusercontent.com:443 data: blob: filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com *.appsco.com localhost https://www.gstatic.com https://www.gstatic.com:443 https://cdn.socket.io:443 https://js.stripe.com:443 *.google-analytics.com https://api.stripe.com:443; child-src 'self' 'unsafe-inline' *.appsco.com localhost https://www.gstatic.com https://js.stripe.com:443; connect-src 'self' 'unsafe-inline' *.appsco.com localhost wss://chat.appsco.com:5001 wss://my-dev.appsco.com:5001 https://www.gstatic.com https://my-dev.appsco.com:5001 https://chat.appsco.com:5001; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://my-dev.appsco.com https://appsco.com https://www.gstatic.com 1 default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://swift-prod.prozorro.gov.ua https://openprocurement-storage-sandbox.s3.amazonaws.com https://cdn2.prozorro.gov.ua https://raw.githubusercontent.com/ https://rawgit.com/ https://openprocurement-storage.s3.amazonaws.com https://public.docs.openprocurement.org https://public.docs-sandbox.openprocurement.org https://lb.api-sandbox.openprocurement.org https://public.api.openprocurement.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn2.prozorro.gov.ua https://rawgit.com/ https://connect.facebook.net https://www.linkedin.com https://graph.facebook.com https://*.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://maps.googleapis.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com; frame-src 'self' https://www.youtube.com https://www.slideshare.net https://staticxx.facebook.com https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' blob: 1 default-src script-src 'self' style-src * 'unsafe-inline' img-src * frame-src * font-src 'self' data: 1 default-src 'self' lacek.hs.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' lacek.hs.llnwd.net *.ensighten.com *.btstatic.com *.facebook.com *.twitter.com *.facebook.net *.truste.com *.thebrighttag.com *.trustarc.com *.googletagmanager.com *.youtube.com *.bing.com *.demdex.net *.googleadservices.com *.ytimg.com *.serving-sys.com *.adsrvr.org *.doubleclick.net *.yahoo.com *.yimg.com *.snapsmedia.io *.signal.co *.jivox.com *.marriott.com *.yieldoptimizer.com *.lacek.net; object-src 'self' lacek.hs.llnwd.net; style-src 'self' 'unsafe-inline' lacek.hs.llnwd.net; img-src 'self' * data:; media-src 'self' lacek.hs.llnwd.net; frame-src 'self' lacek.hs.llnwd.net *.spotify.com *.twitter.com *.facebook.com *.demdex.net *.adsrvr.org *.trustarc.com; font-src 'self' lacek.hs.llnwd.net data:; connect-src 'self' lacek.hs.llnwd.net *.omtrdc.net *.serving-sys.com *.demdex.net snapsmedia.io; worker-src 'self' blob:; report-uri https://mar-utilities-aws.lacek.net/csp-report-uri/ 1 script-src 'self' 'unsafe-inline' adservice.google.com *.doubleclick.net *.googleadservices.com *.googleanalytics.com *.google-analytics.com apis.google.com https://maps.googleapis.com https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.5.10/angular.min.js https://code.angularjs.org/1.5.10/angular-sanitize.min.js https://www.google.com/js/maia.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.googletagmanager.com tagmanager.google.com https://www.google.co.uk https://www.google.com/insights/consumersurveys/gk/static/hats-integration-release.js https://support.google.com/inapp/api.js https://www.gstatic.com/feedback/js/help/prod/service/screenshot.min.js http://www.google.com/tools/feedback/metric/report 'nonce-LOuQKBIi6THF'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com https://feedback.googleusercontent.com/resources/annotator.css https://tagmanager.google.com/debug/css.css; report-uri /csp_report/report/; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com www.youtube.com accounts.google.com apis.google.com plus.google.com drive.google.com *.doubleclick.net https://assets.braintreegateway.com https://www.googletagmanager.com https://feedback.googleusercontent.com/; img-src 'self' data: http: https:; media-src 'self' data: http: https:; object-src 'none'; connect-src 'self' plus.google.com www.google-analytics.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; base-uri 'self' 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vtb.ge; object-src 'self'; frame-src 'self' https://*.vtb.ge 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' data: mc.yandex.ru platform.twitter.com staticxx.facebook.com secure.livechatinc.com www.facebook.com staticxx.facebook.com www.youtube-nocookie.com web.facebook.com syndication.twitter.com i.ytimg.com; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com cdn.livechatinc.com cdnjs.cloudflare.com connect.facebook.net www.youtube.com s.ytimg.com www.google-analytics.com mc.yandex.ru platform.twitter.com secure.livechatinc.com cdn.livechatinc.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' s.ytimg.com; img-src * data:; media-src 'self' data:; frame-src 'self' accounts.google.com www.facebook.com www.livechatinc.com secure.livechatinc.com platform.twitter.com staticxx.facebook.com syndication.twitter.com www.youtube-nocookie.com www.youtube.com; font-src *; connect-src 'self' data: syndication.twitter.com www.youtube-nocookie.com secure.livechatinc.com https://mc.yandex.ru https://checkin.purechat.com/api/checkin *.purechat.com *.amazonaws.com 1 frame-ancestors 'self' https://*.mares.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sejda.com *.polyfill.io *.sites-appleby.vuturevx.com https://sites-appleby.vuturevx.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.googleapis.com *.fonts.net *.algolianet.com data: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.fonts.net https://fast.fonts.net ; font-src 'self' *.fonts.net https://fast.fonts.net *.gstatic.com data: ; img-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.gravatar.com *.doubleclick.net data: ; connect-src 'self' *.sejda.com *.google-analytics.com *.algolia.net *.algolianet.com data: ; frame-src 'self' *.vimeo.com *.vuturevx.com *.brightcove.net data: ; 1 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1 default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.twyn.com https://api.visitlead.com https://cis.fhstp.ac.at https://rest.visitlead.com https://stats.g.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://*.gstatic.com https://*.linkedin.com https://*.twyn.com https://app.visitlead.com https://cdn.twyn-group.com; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://*.twyn.com https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at; report-uri https://sentry.fhstp.ac.at/api/2/security/?sentry_key=68e1b679f2224009948042a83a17f871 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-M4IAS53U+Sp+jan3sEsPeYOjwZ+aKILfuxPI+bGB5dw=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 default-src 'self' tagmanager.google.com www.google-analytics.com;font-src 'self' fonts.gstatic.com *.typekit.net *.typekit.com data: *.bootstrapcdn.com;connect-src 'self' analytics.monkeytracker.cz *.typekit.net *.zeerat.com fullstory.com wss://collector.zeerat.com https://rs.fullstory.com/rec/page *.doubleclick.net *.google-analytics.com *.sociablekit.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz maps.google.com *.googleapis.com *.typekit.net *.typekit.com *.facebook.net *.twimg.com *.geoplugin.net *.zeerat.com *.fullstory.com fullstory.com *.rs.fullstory.com *.sociablekit.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' *.youtube.com *.facebook.com *.facebook.net www.googletagmanager.com *.sociablekit.com https://indd.adobe.com;child-src 'self' *.youtube.com *.facebook.com *.facebook.net www.googletagmanager.com *.sociablekit.com https://indd.adobe.com;frame-ancestors 'self';img-src 'self' data: *.gstatic.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.gstatic.com *.googleapis.com *.typekit.net *.typekit.com *.facebook.com *.facebook.net *.twimg.com www.google.com *.google.cz *.youtube.com *.fg.cz *.google.ie *.sociablekit.com *.fbcdn.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.typekit.net *.typekit.com tagmanager.google.com *.sociablekit.com *.bootstrapcdn.com *.google.com *.googleapis.com 1 default-src 'self' 'unsafe-inline' *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com iec.test.jo *.iec.test.jo; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo *.iec.jo *.entikhabat.jo iec.test.jo *.iec.test.jo; object-src 'unsafe-inline' *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com iec.test.jo *.iec.test.jo; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo *.iec.jo *.entikhabat.jo iec.test.jo *.iec.test.jo; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo *.iec.jo *.entikhabat.jo iec.test.jo *.iec.test.jo; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo *.iec.jo *.entikhabat.jo; frame-src 'self' 'unsafe-inline' *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo *.iec.jo *.entikhabat.jo iec.test.jo *.iec.test.jo; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo *.iec.jo *.entikhabat.jo iec.test.jo *.iec.test.jo; report-uri /admin/config/system/seckit/csp-report 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 1 default-src 'self'; font-src 'self'; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;img-src 'self' data: *.gstatic.com maps.googleapis.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.visualwebsiteoptimizer.com *.facebook.com *.google.com *.google.be *.twitter.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com *.google.com *.hotjar.com *.visualwebsiteoptimizer.com *.facebook.net *.twitter.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/debug/css.css;report-uri /nelmio/csp/report;connect-src *.hotjar.com uat.vlaamsemeesters.wijsproject.be *.twitter.com production.vlaamsemeesters.wijsproject.be *.flemishmasters.com *.vlaamsemeesters.be;frame-src www.youtube.com www.vimeo.com *.hotjar.com *.facebook.com *.twitter.com *.delijn.be 1 style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com ; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cloudfront.net https://*.adsrvr.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com https://*.webphone.net; img-src 'self' data: https://*; font-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com data: https://*; object-src 'self' 1 default-src 'self' www.google-analytics.com books.google.com book.daum-img.net; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com books.google.com widgets.ebscohost.com connect.facebook.net openapi.ndsl.kr spi.maps.daum.net; child-src 'self' blob:; connect-src * blob:; img-src * data:; frame-src *; 1 default-src 'self' 'unsafe-inline' data: * 1 default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 1 style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; img-src 'self' https://www.denic.de https://www.google-analytics.com; frame-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://*.google-analytics.com; frame-src 'self'; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com/static/fonts/; connect-src 'self' https://formcarry.com/s/VcxoEOpaOAN http://maps.googleapis.com; block-all-mixed-content; 1 default-src 'self' https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com tagmanager.google.com maps.googleapis.com https://maps.googleapis.com ; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com maps.googleapis.com; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com *.google.com http://www.google.com/intl/en_us/mapfiles/close.gif ; frame-src maps.googleapis.com maps.google.com ; font-src 'self' data: *.typekit.net fonts.gstatic.com *.googleapis.com https://maps.googleapis.com/* ; connect-src 'self' performance.typekit.net www.google-analytics.com maps.google.com https://maps.googleapis.com ; report-uri /report-csp-violation 1 default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://chat.userlike.com cdn.delight-vr.com data: 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors https://www.bdli.de/ https://staging.bdli.de *.ila-berlin.de localhost ila.lndo.site; report-uri //report-csp-violation 1 default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: http://www.cockovnik.cz http://www.vasecocky.cz; frame-ancestors 'self' 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploadsintercomusercontent.coms-websocket-b.intercom.io https://cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com https://js.intercomcdn.com data:; frame-src api.recurly.com https://www.google.com/; img-src data: *; media-src https://js.intercomcdn.com; script-src 'self' www.google-analytics.com js.recurly.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://unpkg.com/swagger-ui-dist@3/swagger-ui-bundle.js https://cdn.jsdelivr.net/npm/d3@3.5.17/d3.min.js https://cdn.jsdelivr.net/npm/nvd3@1.8.6/build/nv.d3.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com 'unsafe-inline' 'sha256-lWqs1p92yS+Ym1QyqatK6geFegJdlpxgUeFU6t72SGw=' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' fonts.googleapis.com https://unpkg.com/swagger-ui-dist@3.10.0/swagger-ui.css https://cdn.jsdelivr.net/npm/nvd3@1.8.6/build/nv.d3.min.css https://api.recurly.com 'unsafe-inline' 1 frame-ancestors 'self' https://twitter.com; 1 upgrade-insecure-requests; default-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com; style-src 'self' data: 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com; img-src * 'self' data:; font-src 'self' data: https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com; frame-src 'self' https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https *.cloudfront.net *.googleapis.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net graph.facebook.com rum-static.pingdom.net 1 default-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline' data: blob:; media-src 'self'; frame-src *; font-src * 'unsafe-inline' data: blob:; connect-src *; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com http://tagmanager.google.com https://deploy.mopinion.com https://collect.mopinion.com/ https://app.mopinion.com https://www.paypalobjects.com https://www.paypal.com https://cdn.userlane.com https://fst-easy.azureedge.net https://easy-carla-staging.azurewebsites.net/Views/App/bundle.js https://unpkg.com/react-dom@16/umd/react-dom.development.js https://unpkg.com/react@16/umd/react.development.js 1 allow 'self'; options inline-script eval-script; frame-ancestors 'none' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' my2.imgsmail.ru www.gstatic.com yandex.st pagead2.googlesyndication.com vk.com cdn.connect.mail.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; object-src 'self' www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: vk.com yastatic.net www.liveinternet.ru counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; media-src 'self'; frame-src 'self' connect.mail.ru googleads.g.doubleclick.net vk.com ; font-src 'self'; connect-src 'self' mc.yandex.ru *.gstatic.com 1 frame-ancestors https://www.isabelmarant.com/ https://www.isabelmarant.com/ ; 1 frame-ancestors https://www.justcavalli.com/ https://www.justcavalli.com/ ; 1 allow 'self'; font-src 'self'; media-src *; img-src * 'self'; script-src 'self' https://*.gravatar.com https://ajax.googleapis.com; https://*.google.com; style-src 'self'; 1 default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com brightcove.hs.llnwd.net; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.topsy.com cdn.jsdelivr.net code.jquery.com *.disqus.com https://disqus.com pagead2.googlesyndication.com *.googlesyndication.com https://adservice.google.com.ua/ 'https://adservice.google.com *.seolib.ru seolib.ru www.seolib.ru *.disquscdn.com https://c.disquscdn.com twittercounter.com widgets.twimg.com http://userapi.com/ https://twitter.com *.twitter.com *.facebook.com *.facebook.net http://cdn.admitad.com/ apis.google.com www.gstatic.com yandex.st an.yandex.ru *.yandex.ru *.yandex.net mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; object-src 'self' www.gstatic.com *.yandex.ru *.yandex.net; style-src 'self' 'unsafe-inline' https://twitter.com *.twitter.com http://www.facebook.com maxcdn.bootstrapcdn.com https://www.facebook.com *.facebook.com *.facebook.net http://fonts.googleapis.com:* http://maxcdn.bootstrapcdn.com/ maxcdn.bootstrapcdn.com apis.google.com *.disquscdn.com *.yandex.ru *.yandex.net; img-src 'self' data: http://optimizatorsha.ru optimizatorsha.ru vk.com *.disquscdn.com https://c.disquscdn.com counter.yadro.ru feeds.feedburner.com *.yandex.ru *.yandex.net *.disqus.com *.twittercounter.com https://twitter.com 0.gravatar.com *.gravatar.com an.yandex.ru/count http://an.yandex.ru/count/ https://twitter.com *.twitter.com yastatic.net mc.yandex.ru www.google-analytics.com https://www.google-analytics.com *.facebook.com *.facebook.net ; media-src 'self' *.siteheart.com ; frame-src 'self' googleads.g.doubleclick.net accounts.google.com disqus.com optimizatorsha.ru *.optimizatorsha.ru apis.google.com vk.com *.yandex.ru *.yandex.net http://www.google.com http://www.google.ru *.facebook.com www.facebook.com *.facebook.net *.twitter.com www.youtube.com an.yandex.ru; font-src 'self' data: http://fonts.gstatic.com:* http://maxcdn.bootstrapcdn.com ; connect-src 'self' *.disqus.com mc.yandex.ru *.yandex.ru *.yandex.net *.twitter.com *.gstatic.com *.facebook.com *.facebook.net; 1 'self' www.aksandik.org 1 default-src https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob data: 1 default-src * 'unsafe-eval' 'unsafe-inline' data: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com https://*.embedly.com https://*.cloudfront.net https://*.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.rackcdn.com http://*.rackcdn.com https://*.newrelic.com https://*.facebook.net https://*.addthis.com https://maps.google.com https://maps.gstatic.com https://*.googleapis.com https://*.openstreetmap.org https://*.virtualearth.net https://*.mozilla.org; style-src 'self' 'unsafe-inline' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://*.twitter.com https://*.embedly.com https://*.twitter.com https://*.facebook.com https://fonts.googleapis.com https://*.rackcdn.com http://*.rackcdn.com https://*.addthis.com https://*.openstreetmap.org https://*.virtualearth.net; img-src *; media-src *; frame-src *; connect-src *; object-src *; font-src 'self' data: https://*.typekit.com https://*.google.com https://themes.googleusercontent.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.st *.vk.com *.republer.com *.gonews2.net *.darangi.ru *.footurist.ru *.adone.ru *.videoseed.ru *.bdzhhjnml.pw *.videoburner2015.com *.weborama.fr *.ytimg.com *.apicaller.ru *.level1cdn.com *.mayvbm.com *.boolads.com *.thor-media.ru *.2mdn.net *.rontar.com *.admantic.ru *.actionpay.ru *.pc2ads.ru *.bdwbxmzmpu.ru *.real6traf.ru *.rt-sign.ru *.rt-ns.ru *.nutkaekwcm.ru *.umdxxosugh.ru *.luxadv.com *.adlabs.ru *.luxup.ru *.tizerlady.biz *.begun.ru *.betrad.com *.doubleclick.net *.rutarget.ru *.acint.net *.sape.ru *.adriver.ru *.kavanga.ru *.targetix.net *.smi2.net *.bidswitch.net *.r24-tech.com *.yandex.ru *.tizerlady.com *.ladytizer.com *.tizerlady.info *.dutrmedi.ru *.dumedia.ru *.admitad.com *.100im.net *.sociomantic.com *.am15.net *.betweendigital.com *.advertur.ru *.mixmarket.biz *.faggrim.com *.pay-click.ru *.smaclick.com *.advombat.ru *.marketgid.com *.adonweb.ru *.recreativ.ru *.yandex.net vsekratko.ru *.pay-click.ru *.smi2.ru *.allskazki.ru *.schema.org *.googleapis.com *.liveinternet.ru *.dt00.net *.mail.ru *.rambler.ru *.imgsmail.ru *.gstatic.com *.yandex.st *.googlesyndication.com *.youtube.com *.vk.com *.google-analytics.com; object-src 'self' *.videoseed.ru *.begun.ru *.2mdn.net *.actionpay.ru https://advertur.ru *.adriver.ru *.kavanga.ru *.r24-tech.com *.admitad.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.php-d.com *.imrk.net *.r24-tech.com *.sociomantic.com *.recreativ.ru; img-src 'self' data: 31.168.230.211 *.audsp.com *.republer.com *.smartyads.com *.adlabs.ru *.uptolike.com *.datamind.ru *.gonews2.net *.bposterss.net *.lugiy.ru *.adone.ru *.bdzhhjnml.pw *.2mdn.net *.ladytizer.org *.mzstatic.com *.thor-media.ru *.tm1438387200.ru *.betrad.com *.begun.ru *.googlesyndication.com *.admantic.ru *.rontar.com *.windowsphone.com *.apple.com *.android.com *.actionpay.ru *.pc2ads.ru *.partnerna5.ru *.rt-image.ru *.luxup.ru *.luxadv.com *.tizerlady.biz *.pushkin-live.ru *.adhigh.net *.1dmp.io *.adtarget.me *.rutarget.ru *.gemius.pl *.acint.net *.qservz.com *.tns-counter.ru *.adriver.ru *.doubleclick.net *.hubrus.com *.kavanga.ru *.targetix.net *.smi2.net *.whisla.com *.intencysrv.com *.bidswitch.net *.r24-tech.com *.yandex.ru *.tizerlady.com *.ladytizer.com *.tizerlady.info *.admitad.com *.am15.net *.ghmedia.ru *.betweendigital.com *.sociomantic.com *.smaclick.com *.ladyclick.ru *.wbunder.com *.adnow.com *.adxxx.com *.gravatar.com *.allskazki.ru *.smi2.net *.mixmarket.biz *.pay-click.ru *.smaclick.com *.advombat.ru *.marketgid.com *.smi2.ru *.adonweb.ru *.recreativ.ru *.yandex.net *.vsekratko.ru *.allskazki.ru *.schema.org *.googleapis.com *.liveinternet.ru *.dt00.net *.mail.ru *.allskazki.ru *.smaclick.com *.advombat.ru *.yadro.ru *.tovarro.com *.facetz.net *.gravatar.com *.vk.com *.yastatic.net *.rambler.ru *.google-analytics.com; media-src 'self'; frame-src 'self' *.kavanga.ru *.weborama.fr *.betrad.com *.solocpm.com *.googlesyndication.com *.creativecdn.com *.sniperlog.ru *.begun.ru *.rt-sign.ru *.adtarget.me *.imrk.net *.rutarget.ru *.betweendigital.com *.qservz.com *.sociomantic.com *.exebid.ru *.adhigh.net *.targetix.net *.hubrus.com *.adriver.ru *.doubleclick.net *.intencysrv.com *.whisla.com *.bidswitch.net *.yandex.ru *.dutrmedi.ru *.dumedia.ru *.admitad.com *.acint.net *.datamind.ru *.am15.net *.yastatic.net *.recreativ.ru *.mail.ru *.yandex.ru *.youtube.com *.doubleclick.net *.vk.com; font-src 'self' *.pushkin-live.ru; connect-src 'self' *.marketgid.com *.doubleclick.net *.google-analytics.com *.yandex.ru *.gstatic.com 1 default-src 'self' *.webvisor.com yandex.ru *.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' facebook.net *.facebook.net vk.com *.vk.com *.talk-me.ru talk-me.ru mail.ru *.mail.ru *.webvisor.com webvisor.com *.yandex.ru yandex.ru *.yandex.st yandex.st *.yandex.net yandex.net yastatic.net *.yastatic.net *.google.com google.com *.google-analytics.com google-analytics.com *.googleapis.com googleapis.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' facebook.com *.facebook.com doubleclick.net *.doubleclick.net data: *.mail.ru mail.ru *.mtproxy.yandex.net vk.com *.vk.com *.webvisor.com webvisor.com *.yandex.com yandex.com *.yandex.net *.yandex.ru yandex.ru *.yastatic.net yastatic.net *.gstatic.com gstatic.com counter.yadro.ru *.googleapis.com googleapis.com *.google-analytics.com google-analytics.com *.adobe.com adobe.com; media-src 'self'; child-src 'self' *.yandex.ru yandex.ru me-talk.ru *.me-talk.ru google.com *.google.com *.webvisor.com webvisor.com vk.com *.vk.com *.youtube.com youtube.com; font-src * data: http://fonts.gstatic.com:*; connect-src 'self' *.yandex.ru yandex.ru *.google-analytics.com google-analytics.com; report-uri csp.php; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1 default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://platform.twitter.com https://translate.googleapis.com https://www.youtube.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.facebook.com https://www.facebook.com https://www.google.com/ https://twitter.com/ https://staticxx.facebook.com/ https://maps.google.com/; style-src 'self' 'unsafe-inline' https://code.jquery.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://ton.twimg.com https://platform.twitter.com https://platform.twitter.com https://translate.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com http://jqueryvalidation.org https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://connect.facebook.net/en_GB/sdk.js https://translate.googleapis.com https://platform.twitter.com https://translate.google.com; connect-src 'self'; img-src 'self' 'unsafe-inline' https://www.google-analytics.com https://ton.twimg.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://www.gstatic.com https://www.gstatic.com https://syndication.twitter.com https://www.facebook.com/ data: 1 default-src 'unsafe-inine' 'unsafe-eval' * 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mepspay.com *.perk0mean.com *.jquery.com *.cloudflare.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo; img-src 'self' mepspay.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' mepspay.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo; connect-src 'self' wss://mepspay.com mepspay.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo; object-src 'none' 1 default-src 'self' *.thephp.cc; style-src 'self' *.thephp.cc 'unsafe-inline'; script-src 'self' *.thephp.cc; img-src 'self' data: *.thephp.cc; media-src 'none'; report-uri /cspreport; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com loadstart.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://adv.bestgold.ru https://apis.google.com http://www.google-analytics.com http://*.yandex.ru https://*.yandex.ru http://*.jivosite.com http://yandex.st http://gold-affiliate.com https://gold-affiliate.com https://dadata.ru http://www.googleadservices.com ulogin.ru http://api.direct-credit.ru; 1 default-src 'self'; object-src 'none'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors https://fb-sitecore-stage2-cm.azurewebsites.net https://fb-sitecore-stage2-exm-dds.azurewebsites.net https://cmstage2.moes.com https://cmstage2.mcalistersdeli.com https://cmstage2.carvel.com https://cmstage2.auntieannes.com https://cmstage2.schlotzskys.com https://cmstage2.cinnabon.com; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; upgrade-insecure-requests; 1 frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1 default-src 'self' dat a: https://bitrix.info:* https://*.bitrix.info:* http://www.komfort-sochi.ru:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.gstatic.com:*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bitrix.info:* https://*.bitrix.info:* http://www.komfort-sochi.ru:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.gstatic.com:* ;style-src 'self' 'unsafe-inline' https://bitrix.info:* https://*.bitrix.info:* http://www.komfort-sochi.ru:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.gstatic.com:* ;img-src 'self' dat a: https://bitrix.info:* https://*.bitrix.info:* http://www.komfort-sochi.ru:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.gstatic.com:*;font-src 'self' https://bitrix.info:* https://*.bitrix.info:* http://www.komfort-sochi.ru:* https://api.pozvonim.com:* https://cdn.pozvonim.com:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://code.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.ytimg.com:* https://*.gstatic.com:*; 1 default-src 'self'; child-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru mc.yandex.ru accounts.google.com content.googleapis.com; connect-src 'self' wss://seolib.ru:8018 mc.webvisor.org mc.webvisor.com https://*.jivosite.com ws://*.jivosite.com; font-src 'self' data: updates.seolib.ru seolib.ru fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru accounts.google.com content.googleapis.com; img-src 'self' data: favicon.yandex.net www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.webvisor.org ssl.gstatic.com www.gstatic.com www.google.com www.google.com.ua www.google.ru mc.yandex.ru reformal.ru media.reformal.ru http://traffic.alexa.com; media-src https://*.jivosite.com ws://*.jivosite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' updates.seolib.ru seolib.ru media.reformal.ru www.google-analytics.com www.googletagmanager.com tagmanager.google.com stats.g.doubleclick.net mc.webvisor.org d31j93rd8oukbv.cloudfront.net mc.yandex.ru www.google.com www.google.com.ua www.google.ru apis.google.com https://apis.google.com www.gstatic.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net https://*.jivosite.com ws://*.jivosite.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com seolib.ru www.google.com ajax.googleapis.com use.fontawesome.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net https://*.jivosite.com ws://*.jivosite.com; report-uri /csp/report 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com https://vk.com https://*.vk.com https://me-talk.ru https://*.me-talk.ru https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://www.google.com https://yastatic.net; object-src 'self' https://*.youtube-nocookie.com https://*.youtube.com; style-src 'self' 'unsafe-inline'https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.me-talk.ru https://me-talk.ru https://www.google.com https://ajax.googleapis.com; img-src 'self' https://*.me-talk.ru https://maps.googleapis.com https://*.gstatic.com https://vk.com https://*.vk.com https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://*.maps.yandex.net data: https://www.cs-cart.com; frame-src 'self' https://www.google.com https://ajax.googleapis.com https://*.youtube-nocookie.com https://*.youtube.com https://*.me-talk.ru https://me-talk.ru; font-src 'self' data: https://*.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://me-talk.ru https://*.me-talk.ru; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://*.gstatic.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net *.yandex.ru yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.com *.yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.googleapis.com *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report 1 default-src 'self' 'unsafe-inline';font-src 'self' data: fonts.gstatic.com;script-src 'self' 'unsafe-inline';img-src * data: ; 1 default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com recreativ.ru https://ssl.gstatic.com *.gstatic.com *.googleapis.com st.top100.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru *.marketgid.com *.googletagmanager.com ukino-org.psh.one psh.one kino50-org.psh.one *.mgid.com *.siteswithcontent.com; object-src 'self' www.gstatic.com *.spruto.org *.jwpcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com recreativ.ru; img-src * data:; media-src *; frame-src 'self' www.youtube.com 37.220.36.15 hdgo.cc moonwalk.cc embed.publicvideohost.org video.meta.ua hdgo.cx trailerclub.me streamguard.cc vio.to; child-src 'self'; font-src * data:; connect-src 'self' *.gstatic.com www.youtube.com data: kraken.rambler.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru 1 default-src 'self' youtube.com *.youtube.com *.baidu.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.baidu.com *.google-analytics.com *.google.com *.googleapis.com; style-src 'self' 'unsafe-inline' http://cdnjs.cloudflare.com *.googleapis.com *.youtube.com; img-src 'self' data: *.google-analytics.com *.baidu.com *.gstatic.com *.ytimg.com *.ggpht.com *.google.com; media-src 'self'; font-src 'self' *.gstatic.com; connect-src 'self'; frame-src 'self' easyhr.io youtube.com *.youtube.com 1 default-src 'self' 'unsafe-inline' https://*.doubleclick.net https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua 1 default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com http://az416426.vo.msecnd.net https://maps.googleapis.com http://www.google.com https://www.google.com https://secure.leadforensics.com http://www.srv2020real.com http://www.google-analytics.com http://www.srv2020real.com/ https://ajax.googleapis.com/ http://fast.fonts.com/ https://gateway.zscaler.net; style-src 'self' data: 'unsafe-inline' http://maxcdn.bootstrapcdn.com http://fast.fonts.net/ http://www.google-analytics.com https://fonts.googleapis.com; img-src * data: ; font-src 'self' data: http://maxcdn.bootstrapcdn.com http://fast.fonts.net https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com https://www.google-analytics.com; child-src 'self' ; frame-src 'self' http://sdn.sitecore.net https://www.google.com http://maps.google.co.uk https://gateway.zscaler.net; frame-ancestors 'self' http://www.scionunderwriting.com; report-uri https://3chillies.report-uri.io/r/default/csp/enforce; 1 default-src 'self' *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.youtube.com *.progress.ie 46.137.108.103 *.onlinebanking.progress.ie *.onlinebankingws.progress.ie 1 style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com stackpath.bootstrapcdn.com fonts.gstatic.com use.typekit.net; font-src 'self' data: fast.fonts.net fonts.googleapis.com stackpath.bootstrapcdn.com fonts.gstatic.com use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.gstatic.com www.googleadservices.com www.google-analytics.com tracedseals.starfieldtech.com imagesak.secureserver.net www.youtube.com s.ytimg.com cdn.ywxi.net s3-us-west-2.amazonaws.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com use.typekit.net; child-src 'self' www.youtube.com www.veexinc.com:8443; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:* 1 style-src 'self'; img-src 'self' images.ctfassets.net https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; media-src videos.ctfassets.net; frame-src https://www.google.com https://www.youtube.com 1 script-src 'nonce-JmFDXJCWJH3yBIjGBB6htKw3c54=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1 frame-ancestors liveshareeast3.seismic.com huron.seismic.com 1 base-uri 'none'; default-src 'self'; connect-src 'self' https://*.facebook.net *.facebook.net https://*.facebook.com *.facebook.com https://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com *.google-analytics.com https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://googleadservices.com googleadservices.com https://apis.google.com apis.google.com https://fonts.googleapis.com fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-scripts.com *.hs-scripts.com https://*.hubspot.com *.hubspot.com https://*.usemessages.com *.usemessages.com https://fpdl.vimeocdn.com fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://player.vimeo.com player.vimeo.com https://api.hubapi.com api.hubapi.com https://*.hs-growth-metrics.com *.hs-growth-metrics.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://checkforcloudflare.selesti.com checkforcloudflare.selesti.com https://forms.hsforms.com forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.slideshare.net *.slideshare.net https://*.vimeo.com *.vimeo.com https://*.youtube.com *.youtube.com https://forms.hsforms.com forms.hsforms.com; img-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.google-analytics.com *.google-analytics.com https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.jp *.google.co.jp https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.se *.google.se https://*.google.sk *.google.sk https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hubspot.com *.hubspot.com https://*.hsforms.com *.hsforms.com https://*.hsforms.net *.hsforms.net blob: data:; media-src https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://*.vimeocdn.com *.vimeocdn.com https://*.vimeo.com *.vimeo.com https://ssl.gstatic.com ssl.gstatic.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.net *.facebook.net https://*.google-analytics.com *.google-analytics.com https://*.google.ae *.google.ae https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.au *.google.com.au https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.de *.google.de https://*.google.fr *.google.fr https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.ru *.google.ru https://*.google.sk *.google.sk https://js.hsadspixel.net js.hsadspixel.net https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-scripts.com *.hs-scripts.com https://*.hsforms.net *.hsforms.net https://*.hsforms.com *.hsforms.com https://*.usemessages.com *.usemessages.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.hiss3lark.com *.hiss3lark.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com *.googleapis.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/selesti; report-to https://poirot.selesti.com/api/violation/selesti; upgrade-insecure-requests 1