Values for x-content-security-policy: allow 'self'; 176 frame-ancestors 'self' 97 default-src 'self'; frame-src 'none'; img-src 'self' *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 53 47 default-src 'self' 47 report-uri /report-csp-violation 40 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; font-src 'self' data: https:; form-action *; 37 upgrade-insecure-requests; 31 upgrade-insecure-requests 17 default-src 'self'; img-src 'self'; script-src 'self'; source-src 'self'; object-src 'self'; child-src 'self'; form-action 'self'; 14 allow 'self' 14 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 14 referrer origin 14 report-uri //report-csp-violation 13 default-src 'self'; 12 frame-ancestors 'self' http://customer--hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 11 frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com 10 frame-ancestors 'none' 9 default-src 'self'; base-uri 'self'; 8 default-src 'self'; script-src 'self' 'unsafe-inline' 7 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src 'self' *; font-src 'self' data: *; connect-src 'self' *; 7 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors *; form-action *; reflected-xss block; upgrade-insecure-requests; 7 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 7 default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.doubleclick.net www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com s7.addthis.com m.addthisedge.com m.addthis.com w.estat.com www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com www.google.com ajax.googleapis.com; base-uri 'self'; 6 default-src https: data: 'unsafe-inline' 'unsafe-eval' 6 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; media-src 'self' data: blob: https:; font-src 'self' data: https:; form-action *; 6 frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://cx.sap.com https://cx.sap.com https://nopreview.ru http://dev-cx.calliduscloud.com https://dev-cx.calliduscloud.com http://stage-cx.calliduscloud.com https://stage-cx.calliduscloud.com https://gigya.staging.wpengine.com https://www.gigya.com https://gigyadev.wpengine.com *.lookbookhq.com https://cloudplatform-qa.sap.com https://cloudplatform.sap.com https://cloudplatform-dev.mo.sap.corp;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net http://dewdfbcmcps10:1080 http://dewdfbcmcps10 https://bcmcps.enter.sap *.d41.co 5 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5 default-src 'self' *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.youtube.com *.progress.ie 46.137.108.103 *.onlinebanking.progress.ie *.onlinebankingws.progress.ie 5 frame-ancestors 'self' https://*.salesforce.com 5 default-src 'self'; script-src 'self'; 4 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4 frame-ancestors https://*.gameforge.com 4 frame-ancestors 'self'; 4 default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline';font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 4 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 4 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 4 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 4 script-src 'self' maps.googleapis.com; style-src 'self' fonts.googleapis.com; report-uri /v2/csp-violations/report 4 default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 4 frame-ancestors https://*.marketo.com 3 default-src 'self' *.fluvius.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com https://www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com maps.googleapis.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com https://amp.cloudflare.com ; img-src 'self' data: www.google-analytics.com maps.gstatic.com maps.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self'; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com; report-uri /report-csp-violation 3 frame-ancestors 'self' ; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google.com apis.google.com *.googleapis.com *.rodacom.net www.rodacom.fr connect.facebook.net www.facebook.com platform.twitter.com www.googletagmanager.com www.google-analytics.com *.gstatic.com *.github.io https:; 3 default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src 'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 3 default-src 'self'; connect-src https:; font-src 'self' data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 3 self 3 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3 default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://fullstory.com https://*.fullstory.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net *.ngpvan.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com tagmanager.google.com; img-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com fonts.googleapis.com;connect-src 'self' https://*.fullstory.com https://fullstory.com; report-uri https://accounts.ngpvan.com/oidc/csp/report 3 connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ 3 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 3 default-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.optimizely.com www.googleadservices.com *.doubleclick.net *.google.com *.google.de; img-src 'self' *.tawk.to *.excentos.com; font-src 'self' ; style-src 'self'; form-action 'self'; 3 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 3 frame-ancestors 'self' weleda.sabio.de 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com; report-uri /admin/config/system/seckit/csp-report 3 frame-ancestors *.splunk.com *.touchcast.com 3 default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 3 script-src 'self' 3 frame-ancestors 'none'; 3 frame-ancestors 'self' https://pf.content.nokia.com; report-uri /report-csp-violation 3 frame-ancestors http://programasgratis.searchmgr.com/ 3 policy-uri /'self' 3 sandbox allow-forms allow-same-origin; 3 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 3 default-src 'self' https://*.maersk.com https://*.maerskline.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maerskline.com https://*.akamaihd.net https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://dc.ads.linkedin.com https://snap.licdn.com; img-src 'self' https://*.maersk.com https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://www.weborama.com https://adv.solution.weborama.fr https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://tr.outbrain.com https://fo-api.omnitagjs.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com; frame-src https://www.google.com/recaptcha/ https://www.youtube.com/embed/ https://player.vimeo.com/video/; font-src 'self' https://*.gstatic.com https://*.googleapis.com 3 frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com; 2 frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 2 frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 2 frame-ancestors 'self' https://*.etracker.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://*.optimizely.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://forecast.io https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kalibrr.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph 2 * 2 default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2 default-src 'self' 'unsafe-inline' web-2-tel.com *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.egain.cloud *.analytics-egain.com *.criteo.net 8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.boldchat.com *.nr-data.net localhost:8443 web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud; img-src 'self' data: *.unitedrentals.com bat.bing.com *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.boldchat.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net; frame-src 'self' *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com; child-src 'self' *.unitedrentals.com *.googletagmanager.com *.optnmstr.com *.doubleclick.net *.analytics-egain.com *.rackcdn.com *.youtube.com *.appcues.com *.vimeo.com *.egain.cloud; connect-src 'self' *.appcues.net wss://*.appcues.net web-2-tel.com *.web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 2 default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 2 frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2 default-src https: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors https://webvisor.com/; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thebalance.com *.qa.aws.thebalance.com atlas.thebalance.com atlas.local.thebalance.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2 default-src 'self'; img-src 'self' data: ; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' ; img-src 'self' data: https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' 'https://accounts.login.idm.telekom.com' 'https://meinkonto.telekom-dienste.de' 'https://www.telekom.de' 'https://www.t-online.de' 2 default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 2 default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 2 default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com recreativ.ru v.actionteaser.ru jwpsrv.com *.jwpcdn.com ads.actionteaser.ru https://ssl.gstatic.com *.gstatic.com *.googleapis.com st.top100.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru *.marketgid.com *.googletagmanager.com; object-src 'self' www.gstatic.com *.spruto.org *.jwpcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com recreativ.ru; img-src * data:; media-src *; frame-src 'self' www.youtube.com 37.220.36.15 hdgo.cc moonwalk.cc embed.publicvideohost.org video.meta.ua hdgo.cx trailerclub.me streamguard.cc vio.to; child-src 'self'; font-src * data:; connect-src 'self' *.gstatic.com www.youtube.com data: kraken.rambler.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de com https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://cdn.m-pathy.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.leadlab.click https://netcologne.lamapoll.de https://r.df-srv.de; 2 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 2 frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2 default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com *.campoints.net https://*.visit-x.net http://*.visit-x.net *.google-analytics.com beacon.errorception.com browser-update.org *.zopim.com https://*.getsentry.com https://*.disqus.com https://*.disquscdn.com https://*.bing.com https://*.googleadservices.com data: https://disqus.com https://*.wowza.com https://cdn.overheat.it https://track.overheat.it https://www.googletagmanager.com https://googleads.g.doubleclick.net; object-src 'self' *.vxcdn.org *.inethoster.org https://vjs.zencdn.net; style-src 'self' 'unsafe-inline' https://optimize.google.com fonts.googleapis.com https://*.disquscdn.com https://*.wowza.com https://track.overheat.it; img-src 'self' *.visit-x.net *.vxcdn.org *.inethoster.org *.campoints.net http://visitx.testunikat.com http://194.116.150.87/ https://*.maptilehoster.com *.google-analytics.com https://*.bing.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.google.ch https://*.google.at data: browser-update.org https://v2.zopim.com https://v2assets.zopim.io https://*.disquscdn.com https://*.disqus.com https://www.googletagmanager.com https://prod-railsapp.s3.amazonaws.com https://*.wowza.com https://track.overheat.it; media-src 'self' *.vxcdn.org *.inethoster.org *.campoints.net stream.visit-x.tv blob: https://v2.zopim.com https://*.akamaihd.net; frame-src 'self' https://optimize.google.com https://*.visit-x.net http://*.visit-x.net *.campoints.net https://*.vxcdn.org https://*.inethoster.org https://*.youtube.com https://*.disqus.com https://disqus.com https://*.feedtures.com https://player.vimeo.com; child-src 'self' https://*.visit-x.net http://*.visit-x.net *.campoints.net blob:; font-src 'self' *.visit-x.net fonts.gstatic.com data: https://*.zopim.com https://*.disquscdn.com; connect-src 'self' wss://websocket.campoints.net wss://*.farm1.campoints.net wss://*.farm1.campoints.net:443 *.campoints.net https://*.visit-x.net https://*.visit-x.tv *.errorception.com *.google-analytics.com wss://*.zopim.com https://*.getsentry.com https://*.akamaihd.net https://*.disqus.com https://*.wowza.com https://stream.vxcdn.org https://s.overheat.it https://track.overheat.it https://latencytimer.azurewebsites.net/api/HttpTriggerJS1; 2 script-src 'self'; object-src 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2 parent-src none 2 frame-ancestors 'self' zooniverse.org *.zooniverse.org webservices.crick.ac.uk CLVD0-WS-U-T-29.thecrick.org 2 default-src 'self' dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net; img-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de; media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr; script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de; font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com; style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline'; object-src 'self' 2 default-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no 'unsafe-inline'; img-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no; frame-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no 2 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2 upgrade-insecure-requests; default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.disquscdn.com https://disqus.com https://m.addthisedge.com https://m.addthis.com https://kielikello.disqus.com https://sprakbruk.disqus.com https://s7.addthis.com https://www.google-analytics.com ; object-src 'self' 2 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru api-maps.yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 2 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.g2k.it http://localhost:* *.google.com ajax.googleapis.com *.google-analytics.com *.jquery.com; style-src 'self' 'unsafe-inline';img-src *; 2 default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.ytimg.com *.vimeo.com *.audioeye.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com https://cdn.knightlab.com; report-uri /report-csp-violation 2 frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 2 frame-ancestors https://www.compraonline.bonpreuesclat.cat https://www.bonpreuesclat.cat 2 allow *; options inline-script eval-script; frame-ancestors 'self'; 2 report-uri /admin/config/system/seckit/csp-report 2 default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2 default-src 'self' extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com; frame-ancestors 'self' https: bosch.mi4biz.net http://fs52-buderus-dev.kittelberger.net 2 default-sec 'self'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.google-analytics.com cdn.optimizely.com *.bugherd.com *.marketo.com *.googletagmanager.com cdn-akamai.mookie1.com secure-ds.serving-sys.com munchkin.marketo.net *.calltrk.com tags.tiqcdn.com bs.serving-sys.com *.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com bam.nr-data.net tagmanager.google.com *.surveymonkey.com console.brightwhistle.com *.callrail.com content.healthwise.net cdn.merklesearch.com *.rkdms.com cdn.rawgit.com cdnjs.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com; object-src 'self' video.limelight.com assets.delvenetworks.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com; media-src 'self' *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com api.northwell.edu content.healthwise.net stage-api.northwell.io *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net; report-uri /report-csp-violation 2 default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/; report-uri /admin/config/system/seckit/csp-report 2 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org; 2 script-src 'self'; 2 default-src 'self' *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.cloudfront.net *.amazonaws.com *.fg.cz *.local;font-src 'self' data: fonts.gstatic.com *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.cloudfront.net *.amazonaws.com *.mailchimp.com *.fg.cz *.local toyota.olfincar.cz *.toyota-domansky.cz *.toyotatrutnov.cz *.hsautomobil.cz toyota.autoeder.cz toyota.autobond.cz *.toyota-emilfrey.cz *.toyotatsusho.cz *.liberec-toyota.cz *.toyota-louwman.cz *.t-motor.cz *.toyotabrno.cz *.toyotatarget.sk *.toyota-poprad.sk *.toyotatrencin.sk *.toyota-bratislava.sk *.toyota-kosice.sk *.vvauto.sk toyota.pkauto.eu *.toyota-zilina.sk *.toyota-trnava.sk *.toyotanitra.sk *.ppcteam.sk *.toyotabb.sk *.toyotadolak.eu *.toyotafinance.cz *.toyotafinance.sk;connect-src 'self' analytics.monkeytracker.cz *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.test.toyota-ce.com *.cloudfront.net *.amazonaws.com *.herokuapp.com *.fg.cz *.justuno.com *.hotjar.com *.mailchimp.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com developers.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.youtube.com s.ytimg.com analytics.monkeytracker.cz www.google.com *.doubleclick.net *.facebook.net tagmanager.google.com *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.cloudfront.net *.amazonaws.com *.imedia.cz *.justuno.com *.hotjar.com *.mailchimp.com *.list-manage.com *.fg.cz toyota.olfincar.cz *.toyota-domansky.cz *.toyotatrutnov.cz *.hsautomobil.cz toyota.autoeder.cz toyota.autobond.cz *.toyota-emilfrey.cz *.toyotatsusho.cz *.liberec-toyota.cz *.toyota-louwman.cz *.t-motor.cz *.toyotabrno.cz *.toyotatarget.sk *.toyota-poprad.sk *.toyotatrencin.sk *.toyota-bratislava.sk *.toyota-kosice.sk *.vvauto.sk toyota.pkauto.eu *.toyota-zilina.sk *.toyota-trnava.sk *.toyotanitra.sk *.ppcteam.sk *.toyotabb.sk *.toyotadolak.eu *.toyotafinance.cz *.toyotafinance.sk;form-action 'self' *.facebook.com *.fg.cz *.local;frame-src 'self' www.youtube.com *.facebook.com www.googletagmanager.com *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.tipcars.com *.fg.cz *.local *.suzuki-emilfrey.cz c.imedia.cz *.hotjar.com;child-src 'self' www.youtube.com *.facebook.com www.googletagmanager.com *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.tipcars.com *.fg.cz *.local *.suzuki-emilfrey.cz c.imedia.cz *.hotjar.com;frame-ancestors 'self' *.fg.cz *.local;img-src 'self' data: *.gstatic.com *.google.com *.google.cz *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com analytics.monkeytracker.cz *.doubleclick.net *.justuno.com tagmanager.google.com *.facebook.com *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.cloudfront.net *.amazonaws.com *.imedia.cz *.mailchimp.com *.fg.cz *.local toyota.olfincar.cz *.toyota-domansky.cz *.toyotatrutnov.cz *.hsautomobil.cz toyota.autoeder.cz toyota.autobond.cz *.toyota-emilfrey.cz *.toyotatsusho.cz *.liberec-toyota.cz *.toyota-louwman.cz *.t-motor.cz *.toyotabrno.cz *.toyotatarget.sk *.toyota-poprad.sk *.toyotatrencin.sk *.toyota-bratislava.sk *.toyota-kosice.sk *.vvauto.sk toyota.pkauto.eu *.toyota-zilina.sk *.toyota-trnava.sk *.toyotanitra.sk *.ppcteam.sk *.toyotabb.sk *.toyotadolak.eu *.toyotafinance.cz *.toyotafinance.sk;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com analytics.monkeytracker.cz *.toyota-europe.com *.toyota.cz *.toyota.sk *.toyota.pl *.cloudfront.net *.amazonaws.com *.justuno.com *.mailchimp.com *.fg.cz *.local toyota.olfincar.cz *.toyota-domansky.cz *.toyotatrutnov.cz *.hsautomobil.cz toyota.autoeder.cz toyota.autobond.cz *.toyota-emilfrey.cz *.toyotatsusho.cz *.liberec-toyota.cz *.toyota-louwman.cz *.t-motor.cz *.toyotabrno.cz *.toyotatarget.sk *.toyota-poprad.sk *.toyotatrencin.sk *.toyota-bratislava.sk *.toyota-kosice.sk *.vvauto.sk toyota.pkauto.eu *.toyota-zilina.sk *.toyota-trnava.sk *.toyotanitra.sk *.ppcteam.sk *.toyotabb.sk *.toyotadolak.eu *.toyotafinance.cz *.toyotafinance.sk;object-src 'self' *.fg.cz *.local 2 default-src https: 'unsafe-inline' data: 'unsafe-eval'; connect-src https: wss://*.hotjar.com 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer strict-origin-when-cross-origin; 2 default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com *.whisbi.com; script-src 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com; object-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com *.orange.be optimize.google.com fonts.googleapis.com *.netdna-ssl.com *.whisbi.com; img-src * data: optimize.google.com; media-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com *.orange.be cdn.livechatinc.com themes.googleusercontent.com fonts.gstatic.com *.netdna-ssl.com *.whisbi.com; connect-src 'self' *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com *.orange.be *.mousestats.com secure.comparecycle.com *.whisbi.com; report-uri /admin/config/system/seckit/csp-report 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' http://1c-bitrix-cdn.ru https://1c-bitrix-cdn.ru http://*.1c-bitrix-cdn.ru https://*.1c-bitrix-cdn.ru http://aidata.io https://aidata.io http://*.aidata.io https://*.aidata.io http://bestssp.com https://bestssp.com http://*.bestssp.com https://*.bestssp.com http://bitrix.info https://bitrix.info http://*.bitrix.info https://*.bitrix.info http://calltouch.ru https://calltouch.ru http://*.calltouch.ru https://*.calltouch.ru http://clicktex.com https://clicktex.com http://*.clicktex.com https://*.clicktex.com http://criteo.com https://criteo.com http://*.criteo.com https://*.criteo.com http://criteo.net https://criteo.net http://*.criteo.net https://*.criteo.net http://doubleclick.net https://doubleclick.net http://*.doubleclick.net https://*.doubleclick.net http://eyenewton.ru https://eyenewton.ru http://*.eyenewton.ru https://*.eyenewton.ru http://facebook.com https://facebook.com http://*.facebook.com https://*.facebook.com http://facebook.net https://facebook.net http://*.facebook.net https://*.facebook.net http://goo.gl https://goo.gl http://*.goo.gl https://*.goo.gl http://googletagservices.com https://googletagservices.com http://*.googletagservices.com https://*.googletagservices.com http://googleapis.com https://googleapis.com http://*.googleapis.com https://*.googleapis.com http://googlesyndication.com https://googlesyndication.com http://*.googlesyndication.com https://*.googlesyndication.com http://googletagmanager.com https://googletagmanager.com http://*.googletagmanager.com https://*.googletagmanager.com http://google-analytics.com https://google-analytics.com http://*.google-analytics.com https://*.google-analytics.com http://google.am https://google.am http://*.google.am https://*.google.am http://google.az https://google.az http://*.google.az https://*.google.az http://google.by https://google.by http://*.google.by https://*.google.by http://google.com https://google.com http://*.google.com https://*.google.com http://google.com.ua https://google.com.ua http://*.google.com.ua https://*.google.com.ua http://google.de https://google.de http://*.google.de https://*.google.de http://google.fr https://google.fr http://*.google.fr https://*.google.fr http://google.ge https://google.ge http://*.google.ge https://*.google.ge http://google.kz https://google.kz http://*.google.kz https://*.google.kz http://google.ru https://google.ru http://*.google.ru https://*.google.ru http://gstatic.com https://gstatic.com http://*.gstatic.com https://*.gstatic.com http://hybrid.ai https://hybrid.ai http://*.hybrid.ai https://*.hybrid.ai http://jquerylib.net https://jquerylib.net http://*.jquerylib.net https://*.jquerylib.net http://jquery.com https://jquery.com http://*.jquery.com https://*.jquery.com http://kelnik.pro https://kelnik.pro http://*.kelnik.pro https://*.kelnik.pro http://1dmp.io https://1dmp.io http://*.1dmp.io https://*.1dmp.io http://mail.ru https://mail.ru http://*.mail.ru https://*.mail.ru http://rbi.ru https://rbi.ru http://*.rbi.ru https://*.rbi.ru http://rutarget.ru https://rutarget.ru http://*.rutarget.ru https://*.rutarget.ru http://sevgorod.ru https://sevgorod.ru http://*.sevgorod.ru https://*.sevgorod.ru http://sg-bitrix.kelnik.pro https://sg-bitrix.kelnik.pro http://*.sg-bitrix.kelnik.pro https://*.sg-bitrix.kelnik.pro http://sociomantic.com https://sociomantic.com http://*.sociomantic.com https://*.sociomantic.com http://theviewer.co https://theviewer.co http://*.theviewer.co https://*.theviewer.co http://vk.com https://vk.com http://*.vk.com https://*.vk.com http://yandex.net https://yandex.net http://*.yandex.net https://*.yandex.net http://yandex.ru https://yandex.ru http://*.yandex.ru https://*.yandex.ru http://yastatic.net https://yastatic.net http://*.yastatic.net https://*.yastatic.net http://youtube.com https://youtube.com http://*.youtube.com https://*.youtube.com http://ytimg.com https://ytimg.com http://*.ytimg.com https://*.ytimg.com http://googleadservices.com https://googleadservices.com http://*.googleadservices.com https://*.googleadservices.com http://*.planoplan.com https://*.planoplan.com http://*.*.planoplan.com https://*.*.planoplan.com http://placehold.it https://placehold.it http://*.placehold.it https://*.placehold.it http://biganto.com https://biganto.com http://*.biganto.com https://*.biganto.com ws://rbi.ru ws://*.rbi.ru ws://sevgorod.ru ws://*.sevgorod.ru; report-uri /local/php_interface/csp/csp_reporter.php 2 default-src 'self'; frame-src 'none'; img-src 'self' *.florastatic.com https://*.florastatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 2 object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 2 frame-ancestors 'self' bcit.ca *.bcit.ca 2 default-src 'self' media.cez.cz http://media.cez.cz;font-src 'self' fonts.gstatic.com data: *.typekit.net;connect-src 'self' analytics.monkeytracker.cz http://cez.lavamax.cz www.cez.cz portaltest.cezdata.corp:9184 wwwtest.cez.cz *.hotjar.com http://graylog.hotjar.com:12080 ws://ws1.hotjar.com www.googletagmanager.com https://cezonline.cez.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz www.googleadservices.com c.imedia.cz https://www.cez.cz https://wwwtest.cez.cz https://connect.facebook.net http://track.adform.net https://track.adform.net https://www.facebook.com tagmanager.google.com https://t.leady.com *.hotjar.com *.cookiebot.com *.azureedge.net;form-action 'self' cezonline.cez.cz http://cez.lavamax.cz www.cez.cz https://ekolo.cz https://www.facebook.com *.payu.com *.payu.cz https://merch-prod.snd.payu.com http://merch-prod.snd.payu.com http://www.ete.cz http://www.aktivnizona.cz http://aktualne.cez.cz http://internikalkulacky.cez.cz http://internikalkulacky.cez.cz.test http://www.telcoproservices.cz http://www.test.telcoproservices.cz ;frame-src 'self' www.youtube.com https://www.youtube.com www.vimeo.com *.doubleclick.net www.google.com www.google.cz google.com google.cz https://www.google.com https://www.google.cz https://info.cez.bg www.facebook.com c.imedia.cz *.hotjar.com;child-src 'self' www.youtube.com https://www.youtube.com www.vimeo.com *.doubleclick.net www.google.com www.google.cz google.com google.cz https://www.google.com https://www.google.cz https://info.cez.bg www.facebook.com c.imedia.cz *.hotjar.com;frame-ancestors 'self' https://www.youtube.com;img-src 'self' data: *.cez.cz *.gstatic.com *.googleapis.com placeholdit.imgix.net www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.imedia.cz *.google.com *.google.cz https://www.facebook.com http://media.cez.cz https://t.leady.com http://via.placeholder.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz https://www.cez-rp.bg.test https://www.cezesco.cz.test https://m.cez.cz.test http://bilatechnika.cez.cz tagmanager.google.com *.typekit.net 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri /report-csp-violation 2 default-src 'self' blob:; img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: optimize.google.com *.google-analytics.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com az416426.vo.msecnd.net *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org; font-src 'self' *.gstatic.com *.inbroker.com *.jwpcdn.com; connect-src 'self' optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com; child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 2 frame-ancestors 'self' https://*.spotify.com https://*.spotify.net 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.investopedia.com *.qa.aws.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.lifewire.com *.qa.aws.lifewire.com atlas.lifewire.com atlas.local.lifewire.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thoughtco.com *.qa.aws.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1 default-src 'self'; block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-eda7bb9ede84458988492db717bf512e9c10c84d' https://*.zopim.com https://*.zopim.io https://api.geetest.com https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.je https://resource.binance.sg https://static.geetest.com https://static.zdassets.com https://translate.google.com https://translate.googleapis.com https://www.binance.co https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.je https://resource.binance.sg https://static.geetest.com https://translate.googleapis.com; font-src 'self' data: https://at.alicdn.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.je https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com; connect-src 'self' https://*.zopim.com https://binance.zendesk.com https://ekr.zdassets.com https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.je https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://translate.googleapis.com wss://*.zopim.com wss://binance.com.zendesk.com wss://jpush.binance.im:5000 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' data: https://ex.bnbstatic.com https://public.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.je https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com https://translate.google.com https://translate.googleapis.com https://v2assets.zopim.io https://v2uploads.zopim.io https://www.binance.co https://www.google-analytics.com https://www.google.com https://www.gstatic.com; media-src 'self' https://ex.bnbstatic.com https://public.bnbstatic.com https://static.zdassets.com https://v2.zopim.com; object-src 'none'; base-uri 'self' 1 frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thebalancecareers.com *.qa.aws.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1 policy-uri /parivahan/'self' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellhealth.com *.qa.aws.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 1 allow 'self' 'self' https://lastpass.com wss://*.lastpass.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com ; img-src 'self' https://lastpass.com data: https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com https://a.company-target.com/ https://www07.clicktale.net/; object-src 'self' http://*.googlevideo.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; frame-src 'self' https://ssl.gstatic.com https://www.google.com https://www.youtube.com https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com; options inline-script eval-script; worker-src https://*.lastpass.com blob: 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.credit-du-nord.fr *.banque-courtois.fr *.banque-kolb.fr *.banque-laydernier.fr *.banque-nuger.fr *.banque-rhone-alpes.fr *.banque-tarneaud.fr *.smc.fr 1 block-all-mixed-content 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thebalancesmb.com *.qa.aws.thebalancesmb.com atlas.thebalancesmb.com atlas.local.thebalancesmb.com 1 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.tripsavvy.com *.qa.aws.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thespruceeats.com *.qa.aws.thespruceeats.com atlas.thespruceeats.com atlas.local.thespruceeats.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thespruce.com *.qa.aws.thespruce.com atlas.thespruce.com atlas.local.thespruce.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellmind.com *.qa.aws.verywellmind.com atlas.verywellmind.com atlas.local.verywellmind.com https://specials.verywellmind.com 1 frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1 frame-ancestors 'self' *.taxact.com *.taxactonline.com secure.balancefin.com 1 script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellfit.com *.qa.aws.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 1 child-src 'self' player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src securepubads.g.doubleclick.net 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-int.steemit.com; default-src tpc.googlesyndication.com 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation; frame-src 'self' googleads.g.doubleclick.net https: 1 default-src 'self' https://lxelma5p.bfinv.de ; style-src 'self' ; media-src 'self' https://www.elster.de https://download.elster.de ; img-src 'self' https://www.elster.de https://anycast.elster.de ; form-action 'self' ; connect-src 'self' https://lxelma5p.bfinv.de ws: wss: https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; frame-src 'self' 1 frame-ancestors https://*.settour.com.tw; 1 frame-ancestors 'self' hhs.gov *.hhs.gov 1 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self'; object-src 'self'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.aboutespanol.com *.qa.aws.aboutespanol.com atlas.aboutespanol.com atlas.local.aboutespanol.com 1 script-src 'self' www.am4charts.com translate.google.com translate.googleapis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net 'unsafe-inline' top-fwz1.mail.ru 'unsafe-eval'; object-src cs.money dota.money; media-src cs.money dota.money; frame-src cs.money dota.money onesignal.com https://*.com https://*.ru https://*.ua 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thesprucecrafts.com *.qa.aws.thesprucecrafts.com atlas.thesprucecrafts.com atlas.local.thesprucecrafts.com 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: wss:; frame-src https: appsflyerevent: fbrpc:; report-uri https://internations.report-uri.com/r/t/csp/enforce 1 default-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net vimeo.com player.vimeo.com vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de embedwistia-a.akamaihd.net data: blob: *.avm.de 1 frame-ancestors https://www.karl.com/ https://www.karl.com/ http://www.optimizely.com https://www.optimizely.com; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellfamily.com *.qa.aws.verywellfamily.com atlas.verywellfamily.com atlas.local.verywellfamily.com https://specials.verywellfamily.com 1 frame-ancestors http://*.fgv.br https://*.fgv.br 1 frame-ancestors 'self' http://*.sharecare.com https://*.sharecare.com http://*.qualityhealth.com https://*.qualityhealth.com 1 default-src 'self' rufilm.tv rufilmtv.org *.pbcde.com pbcde.com *.nshes.ru nshes.ru 6xuar.gdn; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rufilmtv.club *.pbcde.com *.nshes.ru pbcde.com nshes.ru *.gnezdo.ru news.gnezdo.ru news.2xclick.ru smartpush1.info smartpush11.info smartpush10.info smartpush0.info *.q-sht-zidjk.co q-sht-zidjk.co adbetnet.advertserve.com json.bannersvideo.com fcrgzqkbtgu.co octomarket.com adtrak.org adfill.me advmaker.su yt.advmaker.su json.bannersvideo.com bannersvideo.com 1plus1.video *.adbetclickin.pink http://serving.bepolitee.eu adlmerge.com gynax.com bgrndi.com https://fqtag.com osnn.work hydr.work luxup2.ru http://marvin.pw/ https://c.fqtag.com/ rufilm.tv brokeloy.com widefox.ru slowpoker.ru hgbn.network cdn7.network www.resttort.ru resttort.ru deenomo.com lolaken.com lopireto.com roklerok.com am15.net kadanoda.ru vakadiki.ru tozipoto.com zirifaha.ru kibitaqa.ru kiviraha.ru kilisaqa.ru retaraka.ru tisatama.ru tisataga.ru tozimoto.com tozikoto.com toziroto.com tozitoto.com tozipoto.com vogorana.ru vogozaw.ru vogozae.ru uuidksinc.net imdj.3793369.pix-cdn.org rtb.kadam.ru vogozae.ru aurumforyou.com yandex.ru yandex.st mc.yandex.ru www.google-analytics.com vk.com ulogin.ru luxup.ru *.luxup.ru *.am15.net *.thor-media.ru qepath.info zakoofoo.info zoobynu.info hbkii.xyz nucegu.info duxyve.info qezuqa.info cyjycu.info accommon.info samnioc.info dialected.info *.supuv2.com alphamrkt.com 6xuar.gdn mylma.gdn xml.adbetnet.com *.adbetnet.com m-shes.ru adbetnet.com etcxx.com mxccs.com mdapi.ru mdsrc.ru *.rtbsystem.com *.marketgid.com *.adlabs.ru dodrek.com psma01.com psma02.com psma03.com adservone.com *.onedmp.com *.videoviewer.ru bequri.com gotriki.com cdn.hgdat.com hghit.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' rufilm.tv http://fonts.googleapis.com; font-src 'self' rufilm.tv fonts.gstatic.com data:; object-src 'self' rufilm.tv *.am15.net am15.net; frame-src 'self' data: *.pbcde.com pbcde.com *.nshes.ru nshes.ru *.videomore.ru videomore.ru samnioc.info https://ad.anistar.me ad.anistar.me *.adbetnet.com t.co ad.anistar.me stream.reyden-x.com tvzvezda.ru 1plus1.video out.pladform.ru https://fqtag.com allmovie.pro http://allmovie.tv http://player.ictv.ua https://kaztube.kz ren.tv tvc.ru m-shes.ru www.tvc.ru rufilm.tv rufilmtv.org am15.net yt.advmaker.su advmaker.su my.mail.ru uuidksinc.net *.amazonaws.com ok.ru *.ok.ru vk.com veterok.tv www.youtube.com *.ivi.ru *.vgtrk.com *.1ru.tv *.1tv.ru *.ntv.ru *.gnezdo.ru *.am15.net rutube.ru *.videomore.ru *.my.mail.ru ictv.ua rmbn.net psma01.com psma02.com psma03.com *.onedmp.com ovva.tv cdn7.network www.videokub.net *.adbetclickin.pink; connect-src 'self' rufilm.tv ws://brokeloy.com:8040 samnioc.info yt.advmaker.su mc.yandex.ru rtb.kadam.ru 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thesprucepets.com *.qa.aws.thesprucepets.com atlas.thesprucepets.com atlas.local.thesprucepets.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com www.bpost2.be; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be cdn.jsdelivr.net fonts.gstatic.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' search.usa.gov www.google-analytics.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' search.usa.gov platform.twitter.com; img-src 'self' www.google-analytics.com data: platform.twitter.com pbs.twimg.com scontent.cdninstagram.com syndication.twitter.com; frame-src 'self' www.youtube.com syndication.twitter.com platform.twitter.com www.dhs.gov; connect-src 'self' www.google-analytics.com; report-uri /report-csp-violation 1 base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://dpm.demdex.net https://www.facebook.com https://*.kbc.com https://*.vee24.com wss://*.vee24.com; default-src 'none'; font-src 'self' data: https://static.vee24.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.kbc.be https://*.cbc.be https://*.kbcbrussels.be; frame-ancestors 'self' https://*.cbc.be https://*.kbcbrussels.be https://*.kbcgroup.eu https://*.kbc.be https://*.vee24.com https://kbcgroup.marketing.adobe.com https://kbcgroup.experiencecloud.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://assets.adobedtm.com https://kbcgroup.demdex.net https://uk.personalcard.net https://uat.serversidegraphics.com https://www.google.com/recaptcha/ https://www.youtube.com https://*.vee24.com; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://maps.googleapis.com https://maps.gstatic.com https://pixel.everesttech.net https://static.vee24.com https://t.co https://www.google.be https://www.google.com https://www.googleadservices.com https://cbc.azureedge.net https://kbc.azureedge.net https://touch.azureedge.net https://invest.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://edash.azureedge.net https://action.metaffiliation.com https://secure.adnxs.com https://dc.ads.linkedin.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://cbc.azureedge.net https://kbc.azureedge.net https://touch.azureedge.net https://invest.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://edash.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' 'nonce-XG99aAqgMgsAAGyRENwAAAAQ' 'strict-dynamic' data: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://static.ads-twitter.com https://static.vee24.com https://web.vee24.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://fonts.googleapis.com https://static.vee24.com; 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors www.red-gate.com 1 default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://*.google.com.co https://*.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.a3cloud.net https://gwmtracking.com 'unsafe-inline' 'unsafe-eval' data: blob: 1 default-src 'self' live-aclu-d7.pantheonsite.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aclu.org live-aclu-d7.pantheonsite.io *.documentcloudBLOCK.org squizlabs.github.io js-agent.newrelic.com bam.nr-data.net aclu.tt.omtrdc.net cdn.tt.omtrdc.net www.youtube.com/iframe_api s.ytimg.com static.chartbeat.com static2.chartbeat.com www.paypalobjects.com www.paypal.com *.chartbeat.com; object-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io; style-src 'self' 'unsafe-inline' *.aclu.org live-aclu-d7.pantheonsite.io squizlabs.github.io cdn.tt.omtrdc.net; img-src 'self' 'unsafe-inline' data: *.aclu.org live-aclu-d7.pantheonsite.io *.xip.io img.youtube.com s3.amazonaws.com smetrics.aclu.org squizlabs.github.io aclu.org omnitureengineering.d1.sc.omtrdc.net *.chartbeat.net; media-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io; frame-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io *.youtube-nocookie.com *.facebook.com *.youtube.com *.newsbound.com *.vote411.org https://fora.tv *.ted.com *.storify.com *.mtvnservices.com *.thinglink.com *.theguardian.com filestorage.aclu.org *.omniture.com georgejosephmapping.carto.com w.soundcloud.com www.paypal.com www.sandbox.paypal.com chartbeat.com *.chartbeat.com; font-src 'self' data: *.aclu.org live-aclu-d7.pantheonsite.io; connect-src 'self' live-aclu-d7.gotpantheon.com graph.facebook.com phone.reverehq.com https://action.aclu.org live-aclu-d7.pantheonsite.io https://aclu.tt.omtrdc.net www.paypal.com mab.chartbeat.com; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors https://apps.facebook.com http://www.clickjogos.com.br http://clickjogos.com.br https://www.clickjogos.com.br https://clickjogos.com.br http://tibia.uol.com.br https://tibia.uol.com.br 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://use.typekit.net https://*.googleapis.com https://*.googletagmanager.com https://platform.twitter.com https://www.google-analytics.com https://www.youtube.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://s.ytimg.com https://*.google.com https://*.gstatic.com https://*.addtoany.com https://*.addthis.com https://www.speedybooker.com https://pixel.activengine.com https://*.google.com https://c.flx1.com https://go.flx1.com https://*.googleadservices.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://pixel.sitescout.com https://*.google.co.uk https://*.adnxs.com https://*.issuu.com https://*.sitemorse.com https://netnatives.calltracks.com http://widget.unistats.ac.uk/ https://www.questionpoint.org https://ajax.cloudflare.com/cdn-cgi/scripts/78d64697/cloudflare-static/email-decode.min.js; object-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' https://*.issuu.com https://*.sitemorse.com; report-uri /report-csp-violation 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com; 1 frame-ancestors 'self' www.clicktripz.com www.clicktripz.co rates.shermanstravel.com compare.lastminute.com compare.liligo.com http://www.checkfelix.com http://www.kayak.com http://www.kayak.ch http://www.kayak.de http://www.kayak.dk http://www.kayak.es http://www.kayak.fr http://www.kayak.ie http://www.kayak.it http://www.kayak.nl http://www.kayak.no http://www.kayak.pl http://www.kayak.pt http://www.kayak.ru http://www.kayak.co.uk http://www.momondo.at http://www.momondo.de http://www.momondo.dk http://www.momondo.es http://www.momondo.fr http://www.momondo.ie http://www.momondo.it http://www.momondo.nl http://www.momondo.no http://www.momondo.pl http://www.momondo.co.uk http://www.swoodoo.at http://www.swoodoo.com http://checkfelix.com http://kayak.com http://kayak.ch http://kayak.de http://kayak.dk http://kayak.es http://kayak.fr http://kayak.ie http://kayak.it http://kayak.nl http://kayak.no http://kayak.pl http://kayak.pt http://kayak.ru http://kayak.co.uk http://momondo.at http://momondo.de http://momondo.dk http://momondo.es http://momondo.fr http://momondo.ie http://momondo.it http://momondo.nl http://momondo.no http://momondo.pl http://momondo.co.uk http://swoodoo.at http://swoodoo.com 1 default-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; script-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; style-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; object-src 'none'; img-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com data:; media-src https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; block-all-mixed-content; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.liveabout.com *.qa.aws.liveabout.com atlas.liveabout.com atlas.local.liveabout.com 1 frame-ancestors 'self' corning.com *.corning.com *.siteworx.com 1 default-src 'self'; connect-src 'self' www.google-analytics.com images.ctfassets.net tn.alfredcx.com *.abtasty.com www.googletagmanager.com *.hotjar.com; font-src 'self' data: static.hotjar.com; frame-src 'self' api.retargetly.com bid.g.doubleclick.net dis.us.criteo.com gum.criteo.com tn.alfredcx.com vars.hotjar.com www.googletagmanager.com www.googletagmanager.com/ns.html www.youtube.com; img-src 'self' data: images.ctfassets.net *.google-analytics.com *.hotjar.com stats.g.doubleclick.net *.gstatic.com *.criteo.net *.facebook.com *.google.com *.google.com.ar t.co *.ytimg.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com www.youtube.com static.ads-twitter.com googleads.g.doubleclick.net *.hotjar.com *.retargetly.com tn.alfredcx.com *.abtasty.com *.criteo.com *.criteo.net *.facebook.net *.twitter.com *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com 'unsafe-eval' 'unsafe-inline' https://s.ytimg.com; style-src tagmanager.google.com 'self' 'unsafe-inline' 1 frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src *; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'; 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de 1 default-src 'self'; img-src 'self'; style-src 'self' #'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self' 1 script-src 'self' 'unsafe-inline' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.google.com *.opentable.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.facebook.com https://connect.facebook.net https://cdn.syndication.twimg.com https://js.hs-scripts.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://salesiq.zoho.com/widget https://campaigns.zoho.com https://maillist-manage.com https://crm.zoho.com https://js.zohostatic.com https://vts.zohopublic.com https://unpkg.com *.adroll.com *.cloudfront.net; frame-ancestors 'self' 'unsafe-inline' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.google.com *.opentable.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.facebook.com https://connect.facebook.net https://cdn.syndication.twimg.com https://js.hs-scripts.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://salesiq.zoho.com/widget https://campaigns.zoho.com https://maillist-manage.com https://crm.zoho.com https://js.zohostatic.com https://vts.zohopublic.com https://unpkg.com *.adroll.com *.cloudfront.net; 1 frame-ancestors https://www.coolinarika.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ok-cloud.net:* *.openbank.es:* https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tags.tiqcdn.com *.google-analytics.com:* *.tealiumiq.com:* https://tealium.hs.llnwd.net https://*.g.doubleclick.net *.amazonaws.com *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net *.adnxs.com *.ytimg.com api-ob.nd.nudatasecurity.com https://js-agent.newrelic.com https://cdnssl.clicktale.net *.googletagmanager.com *.wbtrk.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com *.openbank.es api-ob.nd.nudatasecurity.com; img-src 'self' data: 'unsafe-inline' *.amazonaws.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com data: *.iconfinder.com *.google-analytics.com *.doubleclick.net *.openbank.es *.google.com *.google.com.co *.google.es *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com https://aax-eu.amazon-adsystem.com https://openbanklive01.wt-eu02.net; media-src 'self' 'unsafe-inline' *.amazonaws.com *.openbank.es *.youtube.com; frame-src https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es; child-src https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es; font-src 'self' data: https://fonts.gstatic.com *.openbankwealth.com api-ob.nd.nudatasecurity.com; connect-src *.ok-cloud.net:* *.openbank.es:* openbank-dev pub-local.ok-cloud.net openbank.ci openb.mockable.io *.tealiumiq.com api-ob.nd.nudatasecurity.com 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.campsaver.com 1 frame-ancestors *.manhattanprep.com *.manhattangmat.com *.manhattanlsat.com *.manhattangre.com *.s3.amazonaws.com *.beatthegmat.com gmatclub.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' *.algolia.net *.algolianet.com; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https: http://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://ajax.googleapis.com/ https://maps.google.com/ https://maps.googleapis.com/ https://weatherwidget.io/; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://tripura.gov.in; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com https://tripura.gov.in https://cbpssubscriber.mygov.in https://w.bookcdn.com https://maps.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://tripura.gov.in/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com; media-src 'self' https://www.youtube.com/ ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com http://164.100.127.45 https://weatherwidget.io; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com http://fonts.googleapis.com; connect-src 'self' ; report-uri /admin/config/system/seckit/csp-report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net/ https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://rum-static.pingdom.net https://maps.googleapis.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://tagmanager.google.com https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://js.hs-scripts.com https://js.hs-analytics.net https://snap.licdn.com https://dc.ads.linkedin.com https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://dl.episerver.net/ https://fonts.googleapis.com https://tagmanager.google.com https://js.hs-scripts.com https://js.hs-analytics.net https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://snap.licdn.com https://dc.ads.linkedin.com https://static.ads-twitter.com 1 frame-ancestors https://*.dondominio.com/ https://*.mrdomain.com; 1 frame-ancestors 'none'; connect-src 'self' *.google-analytics.com *.stripe.com *.braintreegateway.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net www.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.stripe.com *.braintreegateway.com *.chase.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com optimize.google.com maps.googleapis.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.fbsbx.com *.gravatar.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com www.gstatic.com *.doubleclick.net *.googletagmanager.com; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com optimize.google.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com *.chase.com www.facebook.com optimize.google.com connect.facebook.net www.google.com 1 default-src 'self'; script-src 'self' *.episerver.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com'unsafe-inline'; connect-src 'self' https://chat.puzzel.com wss:;form-action 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' data: www.google-analytics.com *.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://mts.googleapis.com https://dl.episerver.net; object-src 'self'; frame-ancestors 'self'; frame-src https: 1 frame-ancestors 'self' cmsv2.zebrix.net 1 default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/ http://cdn.livechatinc.com/ http://ajax.googleapis.com https://www.gstatic.com/recaptcha/ http://netdna.bootstrapcdn.com/ https://secure.livechatinc.com/ https://accounts.livechatinc.com/; object-src https://www.google.com/; style-src 'self' 'unsafe-inline' http://netdna.bootstrapcdn.com/bootstrap/; img-src 'self' https://secure.livechatinc.com/; media-src https://www.youtube.com/; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://secure.livechatinc.com/ http://track.dtdc.com/; font-src 'self' http://netdna.bootstrapcdn.com/ https://cdn.livechatinc.com/ https://themes.googleusercontent.com/ https://themes.googleusercontent.com/; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io wss://*.crisp.chat https://*.crisp.chat *.payline.com *.youtube.com; img-src 'self' data: *.zopim.com *.crisp.chat *.google-analytics.com *.gstatic.com *.googleapis.com; font-src 'self' data: *.zopim.com *.crisp.chat *.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors tags.tiqcdn.com survey.hlb.com.my www.hlb.com.my apps.facebook.com www.facebook.com *.vivocha.com *.youtube.com *.facebook.com staticxx.facebook.com www.googletagmanager.com gateway.hlb.com.my www.ecloan.com.my aem-preprod.hlb.com.my aem-preprod.hlisb.com.my www.hlisb.com.my https://www.google.com www.google.com optimize.google.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' ind.millenniumbcp.pt www.google-analytics.com maps.gstatic.com maps.googleapis.com data:; font-src 'self' fonts.gstatic.com; frame-src 'self' lt.morningstar.com apps.millenniumbcpageas.net activobank.cc.oneit.pt 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' www.nsandi.com nsandi.com http://img.youtube.com img.youtube.com www.youtube.com youtube.com js-agent.newrelic.com bam.nr-data.net hm.webtrends.com s.webtrends.com nsandi.klick2contact.com nsandi.klick2contact.com statse.webtrendslive.com cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.nsandi.com nsandi.com http://img.youtube.com img.youtube.com www.youtube.com youtube.com js-agent.newrelic.com bam.nr-data.net hm.webtrends.com s.webtrends.com nsandi.klick2contact.com nsandi.klick2contact.com statse.webtrendslive.com cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com; object-src * data: ; img-src * data:; report-uri /none 1 default-src data: https: 'unsafe-inline'; frame-ancestors 'none' 1 frame-ancestors 'self' *.finq.com 1 frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 1 default-src 'self' https://www.itsme.be https://business.itsme.be; script-src 'self' 'sha256-7cojap65Z8u7cb2zVYoh8EzAt9dpvJv+vWyXDuc1gDk=' https://www.itsme.be https://business.itsme.be *.google-analytics.com cdn.polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https://www.itsme.be https://business.itsme.be *.google-analytics.com *.doubleclick.net; font-src 'self' *.gstatic.com; object-src 'none' ; frame-src 'self' https://www.itsme.be https://business.itsme.be *.youtube.com *.youtube-nocookie.com; connect-src https://www.itsme.be https://business.itsme.be *.google-analytics.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://avd.innity.com https://aw.dw.impact-ad.jp https://ssl-avd.innity.net https://as.innity.com https://cdn.innity.net https://sgp-spvapro-01.teleperformanceusa.com https://cdnjs.cloudflare.com https://avd.innity.net http://ajax.googleapis.com https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://singpost.widget.custhelp.com https://fonts.googleapis.com https://google.com https://www.rnengage.com https://maps.googleapis.com https://snap.licdn.com https://www.google-analytics.com https://px.ads.linkedin.com https://developers.google.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com http://www.google-analytics.com http://singpost.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com http://singpost.widget.custhelp.com https://www.linkedin.com; img-src 'self' https://optimize.innity.com https://avd.innity.com https://ib.adnxs.com http://www.google-analytics.com http://www.specommerce.com.s3.amazonaws.com http://d2vqszxem296au.cloudfront.net https://www.mysam.sg https://stats.g.doubleclick.net http://cdn.feedbackify.com http://s3.amazonaws.com https://maps.gstatic.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://maps.googleapis.com http://www.w3.org data: http://cx.atdmt.com https://www.linkedin.com https://www.googletagmanager.com; frame-src 'self' https://www.facebook.com https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com http://www.google-analytics.com https://fonts.gstatic.com; connect-src 'self' http://www.google-analytics.com https://maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com; report-uri /report-csp-violation 1 frame-ancestors *.windstream.net 1 default-src 'self'; media-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com res.cloudinary.com; frame-ancestors 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com res.cloudinary.com *.richrelevance.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.pingdom.net js-agent.newrelic.com bam.nr-data.net *.facebook.com connect.facebook.net *.twitter.com *.google.com *.jobylon.com *.abtasty.com *.veinteractive.com www.nordicchoicehotels.com extads.net m.addthisedge.com m.addthis.com s7.addthis.com assets.juicer.io *.cloudfront.net track.adform.net *.fls.doubleclick.net nowinteract-nowinteractnordi.netdna-ssl.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io ve1storasstst.blob.core.windows.net *.zdassets.com cdnjs.cloudflare.com www.sj.se adtr.io *.hotjar.com 'unsafe-eval' exempel quiz.millionmind.com; connect-src 'self' wss://*.coop.se:* wss://*.kf.local:* emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.veinteractive.com *.abtasty.com ve1appseventssb.servicebus.windows.net apil1.spinnaker-js.com m.addthis.com s7.addthis.com www.juicer.io assets.juicer.io *.108proxy.se *.54proxy.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.facebook.com connect.facebook.net bam.nr-data.net *.zdassets.com cdnjs.cloudflare.com *.richrelevance.com api.coop.se *.hotjar.com:* wss://*.hotjar.com track.adtraction.com; style-src 'self' 'unsafe-inline' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.abtasty.com *.pingdom.net *.veinteractive.com assets.juicer.io tagmanager.google.com fonts.googleapis.com optimize.google.com *.easyresearch.se *.zendesk.com *.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com; img-src 'self' data: *.jobylon.com *.pingdom.net *.zendesk.com *.abtasty.com *.gstatic.com api.hitta.se scontent.cdninstagram.com www.google.com www.google.se *.google-analytics.com *.googletagmanager.com tagmanager.google.com res.cloudinary.com *.cloudfront.net *.facebook.com stats.g.doubleclick.net track.adform.net *.fls.doubleclick.net *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.googleapis.com assets.juicer.io scontent.cdninstagram.com *.hotjar.com *.ggpht.com track.adtraction.com; font-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com static.juicer.io fonts.gstatic.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com *.hotjar.com; frame-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.veinteractive.com accounts.google.com optimize.google.com *.flysas.com app.ecoonline.com www.nordicchoicehotels.com recruit.visma.com www.recruit.visma.com www.aditrorecruit.com *.twitter.com www.youtube.com *.facebook.com c1.adform.net s7.addthis.com track.adform.net *.fls.doubleclick.net *.easyresearch.se *.abtasty.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io www.google.com ve1storasstst.blob.core.windows.net *.veinteractive.com *.zdassets.com cdnjs.cloudflare.com www.sj.se *.hotjar.com *.tradedoubler.com exempel quiz.millionmind.com; base-uri 'self' *.coop.se *.kf.local optimize.google.com; report-uri https://coop.report-uri.io/r/default/csp/enforce 1 default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com *.krxd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net turkey.nestlebeverages.acsitefactory.com turkey.nestlebeverages.acsitefactory.com tr.factory.nescafe.com www.google.co.in; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ *.krxd.net www.facebook.com *.doubleclick.net/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com; report-uri /tr/report-csp-violation 1 script-src 'self' www.papara.com papara.com api.instagram.com az416426.vo.msecnd.net maps.googleapis.com mc.yandex.ru www.googletagmanager.com tagmanager.google.com www.googleadservices.com graph.facebook.com staticxx.facebook.com connect.facebook.net stats.g.doubleclick.net www.google.com www.google-analytics.com ajax.googleapis.com www.google.com.tr www.gstatic.com apis.google.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fonts.googleapis.com tagmanager.google.com az732725.vo.msecnd.net 'unsafe-inline' 'unsafe-eval';img-src 'self' www.papara.com papara.com s3-eu-west-1.amazonaws.com scontent.cdninstagram.com cdninstagram.com mc.yandex.ru lookaside.facebook.com platform-lookaside.fbsbx.com csi.gstatic.com maps.gstatic.com maps.googleapis.com graph.facebook.com scontent.xx.fbcdn.net www.googleadservices.com staticxx.facebook.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com www.google.com ssl.gstatic.com data:;object-src 'self';options eval-script 1 frame-ancestors https://www.maisonmargiela.com/ https://www.maisonmargiela.com/ ; 1 frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com http://clinicfinder.cochlear.com *.linkedin.com http://www.cvent.com http://cochlearevents.cvent.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net http://clinicfinder.cochlear.com *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' localhost:8080 *.cvent.com *.linkedin.com http://clinicfinder.cochlear.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.google-analytics.com ; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com http://test-iwh-de.cochlear.com http://test.cochlear.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.yahoo.com *.yimg.com *.adnxs.com *.swiftype.com *.googletagmanager.com *.google.com *.leadspediatrack.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com http://go.cochlear.com *.mktoweb.com *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com medialead.de *.salesforceliveagent.com *.amazonaws.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 1 upgrade-insecure-requests;,frame-ancestors 'self' https://*.optimizely.com https://optimizely.com 1 img-src *; 1 default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce 1 allow 'self' default-src 'self' 'unsafe-inline' www.google-analytics.com *.twitter.com *.facebook.com *.facebook.net *.google.com 1 frame-ancestors https://www.redvalentino.com/ https://www.redvalentino.com/ ; 1 frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1 allow 'self'; options inline-script; img-src 'self' data: 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thebalanceeveryday.com *.qa.aws.thebalanceeveryday.com atlas.thebalanceeveryday.com atlas.local.thebalanceeveryday.com 1 script-src: http://*.tbmm.gov.tr https://*.tbmm.gov.tr unsafe-inline; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.rawgit.com *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com *.parastorage.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.google-analytics.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com data:; object-src 'self' *.s3-eu-west-1.amazonaws.com; frame-src 'self' *.wix.com *.facebook.net *.facebook.com batchgeo.com *.youtube.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com *.google.com; img-src 'self' *.ytimg.com *.wixstatic.com *.paypalobjects.com *.google-analytics.com *.gstatic.com *.google.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com *.parastorage.com *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com data:; 1 frame-ancestors 'self' https://portal-interactiv.com *.iberostar.com *.olehotels.com icrs.visitus-inc.com *.iberostarpro.com kayak.com webvisor.com 1 frame-ancestors https://www.stoneisland.com/ https://www.stoneisland.com/ ; 1 frame-ancestors https://*.posylka.de 1 default-src 'self';img-src *; script-src *; 1 default-src 'self' golos.io www.youtube.com *.facebook.com vk.com; child-src 'self' www.youtube.com w.soundcloud.com *.facebook.com player.vimeo.com chat.golos.io livejournal.com www.google.com/maps/ app.powerbi.com widget.letitplay.io coub.com vk.com/video_ext.php ok.ru/videoembed/ rutube.ru/play/embed/ yandex.ru/map-widget/ music.yandex.ru www.deezer.com golosioapp:; script-src 'self' 'unsafe-inline' *.facebook.com www.google-analytics.com *.facebook.net cdn.polyfill.io *.metabar.ru mc.yandex.ru chat.golos.io media.reformal.ru cdn.ravenjs.com relap.io cdn.amplitude.com api.amplitude.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' cyber.fund lang.golos.io images.golos.io wss://push.golos.io wss://ws.golos.io wss://ws18.golos.io wss://*.golos.io *.facebook.com www.google-analytics.com mc.yandex.ru stats.g.doubleclick.net coub.com yandex.ru/map-widget/ music.yandex.ru deezer.com relap.io api.amplitude.com; report-uri /api/v1/csp_violation; object-src 'self'; plugin-types application/pdf; frame-ancestors 'none' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.motel-one.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com www.instagram.com *.pinterest.com *.cdninstagram.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.ytimg.com *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; connect-src 'self' *.motel-one.com *.facebook.com *.pinterest.com http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; font-src 'self' *.motel-one.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.pinterest.com data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.pinterest.com; frame-src 'self' *.motel-one.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com www.instagram.com *.pinterest.com *.cdninstagram.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; 1 default-src *; script-src 'unsafe-inline''unsafe-eval'; img-src *.oktacdn.com; 1 style-src 'self' 'unsafe-inline'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; img-src 'self' https://www.denic.de https://www.google-analytics.com; frame-src 'self' 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-e1cc601bf1757d05eab0bde577cb56b9' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1 img-src https://* data:; script-src https://* 'unsafe-eval' 'unsafe-inline'; frame-src https://*; report-uri /stats/csp-reports 1 frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com 1 connect-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.googleadservices.com bat.bing.com ml314.com *.g.doubleclick.net disqus.com *.disqus.com disquscdn.com *.disquscdn.com *.ceros.com go.pardot.com play.vidyard.com storage.googleapis.com *.snapengage.com tagmanager.google.com *.mxpnl.com connect.facebook.net *.rfihub.net *.rfihub.com *.doubleclick.net *.addtoany.com telize-v1.p.mashape.com w.soundcloud.com pi.pardot.com www2.intralinks.com widget.surveymonkey.com www.surveymonkey.com ajax.googleapis.com assets.pinterest.com www2.intralinks.com *.bizographics.com *.linkedin.com *.mixpanel.com *.mxpnl.com *.addtoany.com ade.clmbtech.com pixel.mathtag.com intlinks.netmng.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com c.disquscdn.com tagmanager.google.com *.mxpnl.com www2.intralinks.com; img-src * data:; media-src 'self'; frame-src 'self' disqus.com ceros.com vidyard.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.ceros.com go.pardot.com play.vidyard.com *.rfihub.com *.doubleclick.net *.addtoany.com www.youtube.com w.soundcloud.com connect.facebook.net www.surveymonkey.com assets.pinterest.com www2.intralinks.com *.bizographics.com *.linkedin.com *.facebook.com pixel.mathtag.com; child-src 'self' go.pardot.com www2.intralinks.com; font-src * tagmanager.google.com; connect-src 'self' 'unsafe-inline' *.disqus.com tagmanager.google.com *.mxpnl.com *.mixpanel.com telize-v1.p.mashape.com *.g.doubleclick.net www.google-analytics.com www2.intralinks.com www.facebook.com www2.intralinks.com go.pardot.com *.addtoany.com; report-uri /report-csp-violation 1 frame-ancestors www.flygresor.se secure.rentalcars.com brands.datahc.com hyrbil.flygresor.se 1 default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; script-src 'self' qoo.ly use.fontawesome.com www.austinregionalclinic.com mychart.austinregionalclinic.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' rawgithub.com blob: www.youtube.com *.linkedin.com ajax.aspnetcdn.com cdn.syndication.twimg.com sjs.bizographics.com connect.facebook.net use.typekit.net maxcdn.bootstrapcdn.com arc.mymedicalme.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.twitter.com m.addthisedge.com *.addthis.com hummsystems.appspot.com; style-src 'self' use.fontawesome.com mychart.austinregionalclinic.com 'unsafe-inline' www.youtube.com platform.twitter.com *.addthis.com *.googleapis.com maxcdn.bootstrapcdn.com arc.mymedicalme.com stats.g.doubleclick.net ton.twimg.com blob:; font-src 'self' use.fontawesome.com use.typekit.net maxcdn.bootstrapcdn.com fonts.gstatic.com g.static.com; img-src 'self' qoo.ly stats.g.doubleclick.net data: *.googlecode.com p.typekit.net i.ytimg.com *.gstatic.com www.google.com www.google-analytics.com *.googleapis.com www.facebook.com *.twitter.com *.twimg.com ajax.aspnetcdn.com match.adsrvr.com; object-src 'self'; frame-src 'self' mychart.austinregionalclinic.com www.youtube.com *.addthis.com *.twitter.com arcwebsecure.com arc.mymedicalme.com www.google.com maps.google.com; connect-src 'self' m.addthis.com stats.g.doubleclick.net hummsystems.appspot.com blob:; 1 default-src 'self' https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net http://maxcdn.bootstrapcdn.com 'unsafe-inline' https://themes.googleusercontent.com http://netdna.bootstrapcdn.com ; script-src 'self' https://netdna.bootstrapcdn.com https://cdn.jsdelivr.net 'unsafe-eval' http://netdna.bootstrapcdn.com 'unsafe-inline' https://apis.google.com/ https://platform.twitter.com/ https://connect.facebook.net https://platform.linkedin.com/ https://www.linkedin.com/ https://www.google-analytics.com/; img-src 'self' https://static.licdn.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://ssl.gstatic.com/ https://www.linkedin.com/ https://www.google-analytics.com/; frame-src 'self' https://netdna.bootstrapcdn.com 'unsafe-inline' https://www.canal-u.tv http://www.canal-u.tv https://apis.google.com/ https://platform.twitter.com/ https://connect.facebook.net https://platform.linkedin.com/ https://www.facebook.com/ https://accounts.google.com/ https://s-static.ak.facebook.com/ https://staticxx.facebook.com https://www.youtube.com; report-uri /fr/report-csp-violation 1 default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com; script-src 'self' static.integromat.com www.google-analytics.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com; object-src 'self' static.integromat.com 1 frame-ancestors http://www.lativ.com https://www.lativ.com; 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 default-src 'self' https://securepubads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' auth.robokassa.ru yandexadexchange.net st.yandexadexchange.net an.yandex.ru static.addtoany.com my2.imgsmail.ru www.gstatic.com *.yandex.st yastatic.net *.yandex.net bs.yandex.ru pagead2.googlesyndication.com vk.com cdn.connect.mail.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com https://metrika.yandex.ru https://yastatic.net https://site.yandex.net https://yandex.ru; object-src 'self' www.gstatic.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com https://yastatic.net; img-src 'self' data: avatars.mds.yandex.net an.yandex.ru avatars-fast.yandex.net www.vsrf.ru vk.com yastatic.net bs.yandex.ru www.liveinternet.ru counter.yadro.ru mc.yandex.ru www.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://metrika.yandex.ru https://st.yandexadexchange.net https://site.yandex.net https://favicon.yandex.net; media-src 'self'; child-src 'self' auth.robokassa.ru yandexadexchange.net st.yandexadexchange.net static.addtoany.com connect.mail.ru securepubads.g.doubleclick.net googleads.g.doubleclick.net vk.com; font-src 'self'; connect-src 'self' an.yandex.ru mc.yandex.ru www.google-analytics.com *.gstatic.com 1 frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://usagym.hqam6nre-liquidwebsites.com; 1 frame-ancestors https://www.marni.com/ https://www.marni.com/ https://www.optimizely.com; 1 frame-ancestors https://*.omantel.om 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: www.booking.com *.holland.com *.bstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: cdn.blueconic.net *.holland.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com *.google-analytics.com www.booking.com *.crowdriff.com *.bstatic.com blob:; connect-src https: wss: *.hotjar.com; img-src 'self' data: *.leisure-group.net *.holland.com *.bstatic.com blob: *.cloudfront.net *.google-analytics.com tag.yieldoptimizer.com www.googletagmanager.com img.youtube.com secure.adnxs.com *.doubleclick.net www.facebook.com idsync.ricdn.com *.blueconic.com; 1 frame-ancestors 'self' eon.de *.eon.de 1 default-src 'self' https://media.entrepot-du-bricolage.fr; img-src 'self' https://www.facebook.com https://www.google.fr https://www.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://uploads.entrepot-du-bricolage.fr data:; script-src 'self' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://js-agent.newrelic.com js-agent.newrelic.com https://bam.nr-data.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self'; allow 'self'; img-src * 1 frame-ancestors 'self 1 default-src data: https: http:; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'unsafe-inline' https: http: blob: 1 default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1 default-src 'self' https://*.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.akamaihd.net https://*.igodigital.com https://scai.maerskline.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://api.massrelevance.com https://img.en25.com https://www.googletagmanager.com https://*.google-analytics.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; img-src 'self' https://*.akamaihd.net https://scai.maerskline.com https://*.igodigital.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com; frame-src https://www.google.com/recaptcha/ https://www.youtube.com/embed/ https://player.vimeo.com/video/; font-src 'self' https://*.gstatic.com https://*.googleapis.com 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com securesurf.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self'; style-src 'self' *.engineeringvillage.com *.cloudfront.net 'unsafe-inline'; script-src 'self' *.engineeringvillage.com *.adobedtm.com *.cloudfront.net *.googleapis.com https://cdn.optimizely.com *.google.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com https://unpkg.com *.newrelic.com *.nr-data.net *.pendo.io 'unsafe-eval' 'unsafe-inline'; connect-src 'self' *.engineeringvillage.com *.optimizely.com *.demdex.net https://smetrics.elsevier.com *.plu.mx *.dropboxapi.com bam.nr-data.net *.knovel.com *.omtrdc.net *.doi.org; img-src * data:; font-src * data:; frame-src 'self' *.engineeringvillage.com *.elsevier.com https://elsevier.demdex.net *.evise.com/ *.scopus.com *.sciencedirect.com *.mendeley.com *.sciverse.com *.google.com *.theiet.org; 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ; 1 default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1 script-src 'self' 'unsafe-inline' adservice.google.com *.doubleclick.net *.googleadservices.com *.googleanalytics.com *.google-analytics.com apis.google.com https://maps.googleapis.com https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.5.10/angular.min.js https://code.angularjs.org/1.5.10/angular-sanitize.min.js https://www.google.com/js/maia.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.googletagmanager.com tagmanager.google.com https://www.google.co.uk https://www.google.com/insights/consumersurveys/gk/static/hats-integration-release.js https://support.google.com/inapp/api.js https://www.gstatic.com/feedback/js/help/prod/service/screenshot.min.js http://www.google.com/tools/feedback/metric/report 'nonce-oOaN4xJ3lVyZ'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com https://feedback.googleusercontent.com/resources/annotator.css; report-uri /csp_report/report/; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com www.youtube.com accounts.google.com apis.google.com plus.google.com drive.google.com *.doubleclick.net https://assets.braintreegateway.com https://www.googletagmanager.com https://feedback.googleusercontent.com/; img-src 'self' data: http: https:; media-src 'self' data: http: https:; object-src 'none'; connect-src 'self' plus.google.com www.google-analytics.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; base-uri 'self' 1 default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' analytics.monkeytracker.cz *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com https://googleads.g.doubleclick.net;form-action 'self';frame-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz www.google.com 1 allow *; 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.dvor.com 1 frame-src http://webvisor.com 1 frame-ancestors 'self' localhost:* *.tason.com 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: 1 frame-ancestors https://*.mybigcommerce.com 1 frame-ancestors 'self' intertops.eu www.intertops.eu sblp.intertops.eu sports.intertops.eu poker.intertops.eu casino.intertops.eu classic.intertops.eu lobby.intertops.eu:2072 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; 1 base-uri https://bitpay.com; connect-src 'self' https://bitpay.com https://io.bitpay.com https://api.segment.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.log.optimizely.com https://api.mixpanel.com https://ssl.mousestats.com https://rum-collector-2.pingdom.net https://249-omd-845.mktoresp.com; default-src 'self' https://bitpay.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; form-action 'self' https://bitpay.com https://bitpay.us7.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://bitpay.com https://www.google.com/recaptcha/api2/ https://chat.chatra.io bitcoin: bitcoincash: https://www.youtube.com https://player.vimeo.com https://intercom-sheets.com https://bitpay.applytojob.com https://landing.bitpay.com https://bid.g.doubleclick.net; img-src 'self' data: https://bitpay.com https://www.google.com https://ssl.gstatic.com https://gravatar.com https://www.google-analytics.com https://js.intercomcdn.com https://static.intercomassets.com https://*.log.optimizely.com https://stats.g.doubleclick.net https://i0.wp.com https://i1.wp.com https://i2.wp.com https://browser-update.org https://csi.gstatic.com https://ssl.google-analytics.com/ga.js https://*.cloudfront.net https://maps.gstatic.com https://rum-collector.pingdom.net https://www.facebook.com https://px.ads.linkedin.com https://linkedin.com https://www.linkedin.com/px https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.leadforensics.com https://www.google.ae https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.by https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hu https://www.google.hr https://www.google.ie https://www.google.is https://www.google.it https://www.google.kz https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.uk https://www.google.co.th https://www.google.co.tz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.hk https://www.google.com.jm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn; media-src 'self' https://js.intercomcdn.com/audio; report-uri /cspViolation; script-src 'self' https://bitpay.com https://io.bitpay.com https://browser-update.org https://ajax.googleapis.com https://cdn.optimizely.com https://cdn.segment.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://www.google.com https://www.gstatic.com/recaptcha/api2/ https://*.cloudfront.net/ https://stats.g.doubleclick.net https://maps.googleapis.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://ssl.mousestats.com https://connect.facebook.net https://www.googletagmanager.com https://call.chatra.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1 frame-ancestors 'self' marketrealist.com; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1 default-src 'self' ; script-src 'self';object-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'self'; font-src 'self'; connect-src 'self' ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data: 1 default-src 'self' https://paxvapor.com https://www.paxvapor.com https://api.segment.io https://*.impactradius-event.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://djnf6e5yyirys.cloudfront.net https://js.adsrvr.org/ https://admin.paxvapor.com/ https://p.bm23.com/bta.js https://rules.quantcount.com/rules-p-Lkh_FeC4DpKyy.js https://rules.quantcount.com/rules-p-y5C902cr51Cph.js https://cdn.segment.com https://*.impactradius-event.com https://*.akamaihd.net/ https://s3.amazonaws.com https://*.salesforceliveagent.com https://code.jquery.com https://d1m54pdnjzjnhe.cloudfront.net https://*.greenhouse.io https://s.ytimg.com https://www.youtube.com https://*.thebrighttag.com https://*.dpbolvw.net https://*.kqzyfj.com https://*.dpbolvw.net https://*.tkqlhce.com https://*.jdoqocy.com https://*.btstatic.com https://bttrack.com https://*.bttrack.com https://*.domdex.com https://*.smartserve.s3.amazonaws.com https://smartserve.s3.amazonaws.com https://d22rutvoghj3db.cloudfront.net https://*.quantserve.com https://*.google-analytics.com https://*.doubleclick.net https://d3c3cq33003psk.cloudfront.net https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.googleapis.com https://dtxtngytz5im1.cloudfront.net https://dd6zx4ibq538k.cloudfront.net https://d3d6b97n2tsi13.cloudfront.net https://s3-eu-west-1.amazonaws.com https://d2jjzw81hqbuqv.cloudfront.net https://*.list-manage.com https://cdn.kustomerapp.com;; object-src 'self'; style-src 'self' 'unsafe-inline' https://cdn.kustomerapp.com https://cdn-images.mailchimp.com https://maxcdn.bootstrapcdn.com https://*.myfonts.net https://*.googleapis.com https://*.typography.com https://*.paxvapor.com; img-src 'self' data: https://kustomer-prod1-attachments.s3.amazonaws.com https://www.gravatar.com https://www.facebook.com https://djnf6e5yyirys.cloudfront.net https://paxvapor.sjv.io/ https://register.veratad.com/ https://s3.amazonaws.com/idme/ https://*.akamaihd.net/ https://*.ytimg.com https://img.youtube.com/ https://*.paxvapor.com http://*.ggpht.com https://*.secure.force.com https://dd6zx4ibq538k.cloudfront.net https://cdn.mxpnl.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.tapad.com https://*.contextweb.com https://*.domdex.com https://*.dpbolvw.net https://*.kqzyfj.com https://*.dpbolvw.net https://*.tkqlhce.com https://*.jdoqocy.com https://*.adnxs.com https://bttrack.com https://*.magentocommerce.com https://*.nr-data.net https://*.quantserve.com https://*.cdninstagram.com https://www.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.google.com https://s3-eu-west-1.amazonaws.com https://d1m54pdnjzjnhe.cloudfront.net; media-src 'self'; frame-src 'self' https://tst.kaptcha.com/ https://paxvapor.sjv.io/ https://cdn1.friendbuy.com https://www.ojrq.net/ https://register.veratad.com/ https://www.googletagmanager.com https://ssl.kaptcha.com/ https://player.vimeo.com https://7eer.net https://evvy.net https://pax-vapor.sjv.io https://*.pxf.io https://*.greenhouse.io https://www.youtube.com https://www.youtube.com/iframe_api https://*.emjcd.com https://*.jdococy.com https://*.maxbounty.com https://www.talkable.com https://*.doubleclick.net https://dkl2tqmjys2z2.cloudfront.net https://*.google.com; font-src 'self' data: https://admin.paxvapor.com https://cdn.mxpnl.com https://maxcdn.bootstrapcdn.com https://*.gstatic.com https://*.googleapis.com; connect-src 'self' https://www.gravatar.com https://s3.amazonaws.com https://pax.api.kustomerapp.com wss://ws.pusherapp.com https://*.pusher.com https://paxvapor.sjv.io https://admin.paxvapor.com https://*.googleapis.com https://*.salesforceliveagent.com https://api.segment.io https://api.segment.io https://bttrack.com https://*.nr-data.net https://*.newrelic.com https://newrelic.com https://api.kustomerapp.com https://cdn.kustomerapp.com https://pax-sandbox.api.kustomerapp.com https://ws.pusherapp.com 1 default-src 'self' *.google-analytics.com *.newrelic.com stats.g.doubleclick.net *.googleapis.com *.tbe.taleo.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.twitter.com *.googleapis.com static.addtoany.com *.disqus.com *.youtube.com *.gstatic.com *.disquscdn.com *.mollom.com *.hostedpci.com bam.nr-data.net maps.google.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com static.addtoany.com *.disqus.com *.youtube.com *.disquscdn.com *.mollom.com *.hostedpci.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.youtube.com data: *.gstatic.com *.googleapis.com *.google.com *.google.co.* stats.g.doubleclick.net *.disqus.com *.disquscdn.com *.mollom.com *.prod.acquia-sites.com *.hostedpci.com *.google-analytics.com gravatar.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.youtube.com *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' static.addtoany.com *.youtube.com *.gstatic.com *.disqus.com *.mollom.com *.hostedpci.com *.mapbox.com *.policymap.com disqus.com *.tbe.taleo.net *.tbe.taleo.net/chu03/ats/careers/apply.jsp d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com data: d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.googleapis.com *.g.doubleclick.net *.disqus.com *.hostedpci.com *.google-analytics.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1 frame-ancestors 'self' https://*.hapara.com/ 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sharethis.com *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.newrelic.com secure-ds.serving-sys.com *.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com stats.g.doubleclick.net *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com *.doubleclick.net static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.brightcove.com *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com ajax.googleapis.com *.serving-sys.com *.twimg.com *.gm *.sharethis.com *.pages05.net *.googletagmanager.com *.google-analytics.com *.ubembed.com *.brightcove.com *.gstatic.com *.google.com *.brightcove.net *.serving-sys.com *.googleadservices.com secure-ds.serving-sys.com stats.g.doubleclick.net *.demandbase.com *.userzoom.com googleads.g.doubleclick.net vjs.zencdn.net *.facebook.net; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' blob: https://graph.facebook.com https://js.stripe.com https://staticxx.facebook.com https://api.parse.com https://d1n0682bxnpc1j.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sdk.accountkit.com https://p.typekit.net https://use.typekit.net https://js.stripe.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://graph.facebook.com https://jwpltx.com https://ssl.p.jwpcdn.com https://q.stripe.com https://checkout.stripe.com https://ssl.google-analytics.com https://connect.facebook.net; img-src 'self' data: blob: https://p.typekit.net https://s3-us-west-2.amazonaws.com https://www.google-analytics.com https://pls.webtype.com https://www.facebook.com https://csi.gstatic.com https://jwpltx.com https://q.stripe.com https://checkout.stripe.com https://ssl.google-analytics.com https://s-static.ak.facebook.com ; style-src 'self' 'unsafe-inline' https://cloud.webtype.com; font-src 'self' data: https://pls.webtype.com https://use.typekit.net https://cloud.webtype.com ; child-src https://www.atscaleconference.com https://atscaleconference.com https://m.facebook.com https://facebook.com https://s-static.ak.facebook.com http://s-static.ak.facebook.com https://q.stripe.com https://checkout.stripe.com https://www.facebook.com https://s-static.ak.facebook.com; frame-src https://staticxx.facebook.com https://www.accountkit.com https://www.google.com https://www.atscaleconference.com https://atscaleconference.com https://fbreg.com https://js.stripe.com https://m.facebook.com https://facebook.com https://s-static.ak.facebook.com http://s-static.ak.facebook.com https://q.stripe.com https://checkout.stripe.com https://www.facebook.com https://s-static.ak.facebook.com; object-src https://d1n0682bxnpc1j.cloudfront.net; frame-ancestors 'self' https://fbreg.com https://facebook.com https://messenger.com; report-uri https://sentry.io/api/1391733/security/?sentry_key=83ebc0b3a73b4fe7ae1faeae114170d3&sentry_environment=prod-f8-2019-frontend&sentry_release=17; 1 frame-ancestors https://www.armaniexchange.com/ https://www.armaniexchange.com/ ; 1 default-src 'self' 'unsafe-inline' data:; https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://pbs.twimg.com https://www.google-analytics.com https://www.googleadservices.com https://static.hotjar.com https://sjs.bizographics.com https://collector-518.tvsquared.com https://rum-static.pingdom.net https://connect.facebook.net https://bat.bing.com https://static.ads-twitter.com https://cookie-script.com https://sleeknotecustomerscripts.sleeknote.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://analytics.twitter.com https://script.hotjar.com https://ajax.googleapis.com https://dev.visualwebsiteoptimizer.com https://www.linkedin.com https://cdn.ampproject.org https://www.riddle.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://ssl.gstatic.com https://useruploads.visualwebsiteoptimizer.com https://pbs.twimg.com https://picsum.photos https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com/ https://t.co https://collector-518.tvsquared.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://dev.visualwebsiteoptimizer.com https://www.google.com.ua https://cookie-script.com data:;; media-src 'self' https://vimeo.com; frame-src 'self' http://player.vimeo.com https://player.vimeo.com https://vimeo.com https://vars.hotjar.com https://4497843.fls.doubleclick.net/ https://www.google.com https://www.youtube.com https://www.riddle.com; connect-src 'self' 'unsafe-inline' https://vimeo.com https://rum-collector-2.pingdom.net https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com; report-uri /report-csp-violation 1 frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1 frame-ancestors *.bryant.edu; report-uri //report-csp-violation 1 frame-ancestors 'self' http://mcaf.ee http://intelsecu.re http://*.mcafee.com https://*.mcafee.com 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com https://www.jquery.com https://www.jqueryui.com;style-src 'self' *bootstrap.com; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safesurfs.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 base-uri 'self'; default-src 'none'; connect-src 'self' https://*.animebytes.tv; font-src 'self' data:; form-action 'self' https://*.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://*.animebytes.tv https://www.youtube-nocookie.com https://*.soundcloud.com; img-src 'self' https://*.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri /xhr/csp; report-to /xhr/csp; upgrade-insecure-requests; options inline-script eval-script; xhr-src 'self' https://*.animebytes.tv; 1 default-src 'self'; frame-src 'none'; img-src 'self' *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com www.fqtag.com https://www.fqtag.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 1 frame-ancestors 'self' https://*.head.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1 default-src 'self'; connect-src 'self' http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1 base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://dpm.demdex.net https://www.facebook.com https://*.kbc.com https://*.vee24.com wss://*.vee24.com; default-src 'none'; font-src 'self' data: https://static.vee24.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.kbc.be https://*.cbc.be https://*.kbcbrussels.be; frame-ancestors 'self' https://*.cbc.be https://*.kbcbrussels.be https://*.kbcgroup.eu https://*.kbc.be https://*.vee24.com https://kbcgroup.marketing.adobe.com https://kbcgroup.experiencecloud.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://assets.adobedtm.com https://kbcgroup.demdex.net https://uk.personalcard.net https://uat.serversidegraphics.com https://www.google.com/recaptcha/ https://www.youtube.com https://*.vee24.com; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://maps.googleapis.com https://maps.gstatic.com https://pixel.everesttech.net https://static.vee24.com https://t.co https://www.google.be https://www.google.com https://www.googleadservices.com https://cbc.azureedge.net https://kbc.azureedge.net https://touch.azureedge.net https://invest.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://edash.azureedge.net https://action.metaffiliation.com https://secure.adnxs.com https://dc.ads.linkedin.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://cbc.azureedge.net https://kbc.azureedge.net https://touch.azureedge.net https://invest.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://edash.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' 'nonce-XG+BiQqgMgsAAC/IOhwAAABD' 'strict-dynamic' data: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://static.ads-twitter.com https://static.vee24.com https://web.vee24.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://fonts.googleapis.com https://static.vee24.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com http://*.hotjar.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' data: *.boplatssyd.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com http://*.hotjar.com https://*.hotjar.com *.ytimg.com *.vimeocdn.com http://i.vimeocdn.com stats.g.doubleclick.net; media-src 'self' *.boplatssyd.se; frame-src 'self' *.malmo.se https://*.hotjar.com *.youtube.com *.vimeo.com *.google.com; font-src 'self' *.myfonts.net *.gstatic.com http://*.hotjar.com https://*.hotjar.com; connect-src 'self' *.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com; report-uri /report-csp-violation 1 default-src 'self' https://*.sigfig.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com/ https://*.sigfig.com https://*.wikinvest.com https://*.quantserve.com https://*.doubleclick.net https://apis.google.com https://*.googleapis.com https://*.google-analytics.com https://www.snapengage.com https://*.cloudfront.net https://*.newrelic.com https://bam.nr-data.net https://*.wellsfargoadvisors.com https://*.zdassets.com https://*.zendesk.com https://*.adobedtm.com https://sigfig.sc.omtrdc.net https://nexus.ensighten.com https://sigfigprod.112.2o7.net; style-src 'self' 'unsafe-inline' https://*.sigfig.com https://*.cloudfront.net https://*.googleapis.com; connect-src 'self' https://*.sigfig.com https://maps.googleapis.com https://api.greenhouse.io https://*.hotjar.com wss://*.hotjar.com https://bam.nr-data.net https://*.zdassets.com https://*.zendesk.com https://*.wellsfargo.com https://*.demdex.net https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://*.getsentry.com https://sentry.io https://sigfigprod.112.2o7.net; img-src 'self' https://*.sigfig.com data: http://*.wikinvest.com https://*.quantserve.com https://tags.w55c.net https://*.doubleclick.net https://www.facebook.com https://*.cloudfront.net https://*.google-analytics.com https://*.ggpht.com http://*.ggpht.com http://*.googleusercontent.com https://*.googleusercontent.com http://*.gstatic.com https://*.gstatic.com http://feeds.feedburner.com https://www.snapengage.com https://*.googleapis.com https://csi.gstatic.com https://cm.everesttech.net https://sigfigcitizensbankdev.112.2o7.net https://dpm.demdex.net; media-src 'self' https://*.sigfig.com https://*.cloudfront.net; child-src 'self' https://*.sigfig.com https://*.docusign.net https://secure.scheduleonce.com https://www.snapengage.com https://*.cloudfront.net https://sigfig.demdex.net; frame-src 'self' https://*.hotjar.com/ https://*.sigfig.com https://*.docusign.net https://secure.scheduleonce.com https://www.snapengage.com https://*.cloudfront.net https://sigfig.demdex.net; font-src 'self' https://*.sigfig.com data: https://*.cloudfront.net https://fonts.gstatic.com; object-src 'self' https://www.snapengage.com; 1 default-src 'self' *.googlesyndication.com; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.com/ads https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; media-src 'self'; frame-src 'self' https://trustly.desk.com https://accounts.google.com https://www.google.com/maps/embed https://maps.google.se/maps https://www.youtube.com https://tb.de17a.com https://services.trustlylabs.com/recaptcha/; script-src 'self'; font-src 'self'; connect-src 'self' https://services.trustlylabs.com https://tr.datanyze.com https://t.co https://www.salesforce.com https://api.lever.co; 1 allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.cbts.webinterpret.com http://*.cbts.webinterpret.com https://*.borderlinx.com http://*.borderlinx.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://aws.bximg.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com ; options inline-script eval-script 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://rum-static.pingdom.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cstatic.weborama.fr https://track.adform.net https://s7.addthis.com https://m.addthis.com https://connect.facebook.net https://geocoding.infoportugal.info https://api3.infoportugal.info; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google.com https://www.google.pt https://www.google-analytics.com https://stats.g.doubleclick.net https://turismoptanalytics.solution.weborama.fr https://www.facebook.com https://map7.infoportugal.info; media-src 'self'; frame-src 'self' https://6838259.fls.doubleclick.net https://turismoportugal.solution.weborama.fr https://s7.addthis.com https://www.youtube.com; font-src 'self'; connect-src 'self' https://rum-collector-2.pingdom.net https://m.addthis.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-eval'; style-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-inline'; frame-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com; font-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; img-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://insights.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu; report-uri /eur/report-csp-violation 1 frame-ancestors 'self' *.ergodirekt.de:* *.qv.de:* *.ergo.com:* *.ergo:* *.ergo.de; 1 default-src 'self'; script-src 'self' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net ajax.googleapis.com; style-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; img-src 'self'; font-src cdnjs.cloudflare.com 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net; img-src 'self' https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de; frame-ancestors 'self' https://analytics.spd.de; default-src 'self'; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de; connect-src 'self' https://altruja.de https://dataservices.spd.de; font-src 'self' https://fonts.gstatic.com; 1 script-src 'self' * www.googletagmanager.com use.fontawesome.com www.googleadservices.com fontawesome.com connect.facebook.net stats.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net www.google.com www.youtube.com i.ytimg.com www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fontawesome.com ping.typekit.net www.youtube.com i.ytimg.com p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' fontawesome.com www.googleadservices.com www.youtube.com i.ytimg.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com fontawesome.com az732725.vo.msecnd.net data:;object-src 'self' fontawesome.com ping.typekit.net p.typekit.net www.youtube.com i.ytimg.com use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com.au *.google.com *.google-analytics.com *.nr-data.net *.newrelic.com *.investsmart.com.au disqus.com *.disquscdn.com *.xg4ken.com wss: *.cloudfront.net *.googletagmanager.com *.intercomcdn.com *.kissmetrics.com *.scorecardresearch.com *.intercom.io *.segment.io *.disqus.com *.typekit.net *.segment.com *.quantserve.com *.fullstory.com *.googleadservices.com *.yimg.com *.yahoo.com *.doubleclick.net *.zoho.com *.webspellchecker.net *.vimeo.com *.twitter.com *.twimg.com ii-uploads.s3.amazonaws.com *.youtube.com *.intercomcdn.com *.intercom-sheets.com; img-src * 'self' data:; font-src 'self' *.typekit.net data: *.intercomcdn.com; report-uri /admin/config/system/seckit/csp-report 1 script-src 'unsafe-inline' 'self' maps.google.com maps.googleapis.com 1 default-src *.sanayi.gov.tr; script-src 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sanayi.gov.tr *.youtube.com *.google-analytics.com *.ytimg.com *.twitter.com *.twimg.com; style-src 'unsafe-inline' *.googleapis.com *.sanayi.gov.tr *.twitter.com *.twimg.com; img-src data: *.sanayi.gov.tr *.ytimg.com *.google-analytics.com *.twitter.com *.twimg.com; media-src *.ytimg.com *.youtube.com *.twitter.com; connect-src *.sanayi.gov.tr; child-src twitter.com *.youtube.com *.google.com *.sanayi.gov.tr *.twitter.com; 1 default-src 'self' 'unsafe-inline' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1 default-src 'unsafe-inline' 'self' https:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; frame-src 'self' https: 1 default-src 'self' '*.youtu.be' '*.youtube.com' '*.sgul.ac.uk' '*.google.com' '*.hotjar.com' '*.schema.org' '*.googletagmanager.com' 1 default-src=self 1 frame-ancestors 'self' www.skaki64.gr skaki64.gr 1 default-src data: wss://*.kambicdn.com:* wss://*.kambicdn.net wss://*.kambicdn.org wss://*.kambi.com:* wss://*.7777.bg:* wss://7777.bg:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://7777.bg https://*.7777.bg https://www.google.bg https://www.google.com https://apis.google.com https://fonts.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://stats.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://*.casinomodule.com https://casinomodule.com https://kambi.com https://*.kambi.com https://*.kambicdn.com https://kambicdn.com https://*.kambicdn.org https://kambicdn.org https://*.kambicdn.net https://kambicdn.net https://d26335rno3m71y.cloudfront.net/ https://d1fqgomuxh4f5p.cloudfront.net/ https://lob.egcvi.com https://play-web-nl.e-devel.eu https://website.e-devel.eu https://ogs-gl-mt1p16.nyxop.net https://*.casinarena.com https://s7.egtmgs.com:8181 https://s7.egtmgs.com https://free.egtmgs.com:9998 https://free.egtmgs.com; frame-ancestors 'self' *.7777.bg 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src 'self' *.doubleclick.net *.googletagservices.com *.google.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1 default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net *.cloudfront.net *.sharethis.com https://vjs.zencdn.net/5.11.6/video.min.js https://www.youtube.com/iframe_api https://api.keen.io/3.0/projects/57e146aa8db53dfda8a703aa/events/* https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js http://*.hotjar.com *.twitter.com *.twimg.com http://*.hotjar.com https://*.hotjar.com 'unsafe-eval'; object-src *.googletagmanager.com *.google.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google.com https://vjs.zencdn.net/5.11.6/video-js.min.css https://d3b68xc7uyqhns.cloudfront.net/assets/css/schuh.css *.twitter.com; img-src * http://*.hotjar.com https://*.hotjar.com; media-src 'self' *.googletagmanager.com *.google.com; frame-src 'self' https://www.google.com https://www.youtube.com https://video.pdc.tv *.googletagmanager.com *.google.com https://*.hotjar.com *.twitter.com https://pdc.tell-us-what-you-think.com; frame-ancestors *.googletagmanager.com *.google.com; child-src *.googletagmanager.com *.google.com https://*.hotjar.com; font-src 'self' *.googletagmanager.com *.google.com http://*.hotjar.com https://*.hotjar.com; connect-src 'self' https://pdclive.servasport.com https://www.sportradar.com *.googletagmanager.com *.google.com https://drive-video.herokuapp.com/mbx/c889b040 https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com; report-uri /report-csp-violation 1 default-src 'self'; style-src 'unsafe-inline' *; frame-src *; img-src * data:; media-src *; font-src *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.com.ua *.yandex.net *.yandex.ru *.yandex.ua yastatic.net *.imgsmail.ru *.google.com adservice.google.ru *.yandex.st an.yandex.ru platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com idntfy.ru mobuli.info mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com; connect-src *; report-uri /csp.php 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.tkb.ch player.vimeo.com *.yourmoney.ch *.cashgate.ch *.newsbox.ch *.googleapis.com *.gstatic.com *.issuu.com *.googletagmanager.com *.google-analytics.com *.adform.net ; img-src * data: blob: android-webview-video-poster:; font-src * data: 1 frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 1 policy-uri /http://gd.geobytes.com/GetCityDetails 1 default-src 'self' *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com use.fontawesome.com; script-src 'self' 'unsafe-inline' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com use.fontawesome.com; style-src 'self' 'unsafe-inline' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com use.fontawesome.com; img-src 'self' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com use.fontawesome.com; media-src 'self' data: *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.com *.gstatic.com ajax.googleapis.com buttons-config.sharethis.com cdnjs.cloudflare.com code.highcharts.com code.jquery.com count-server.sharethis.com d3js.org fonts.googleapis.com img.toolstud.io l.sharethis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform-api.sharethis.com use.fontawesome.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1 frame-ancestors 'self' http://*.webtradecenter.com https://*.webtradecenter.com 1 default-src 'self'; script-src *; img-src *; media-src *; frame-src 'self' *; object-src 'self' http://*.youtube.com https://www.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; options inline-script eval-script 1 frame-ancestors 'self' *.force.com *.salesforce.com; 1 frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; 1 frame-ancestors 'self' https://*.kodilla.com 1 frame-ancestors 'self' *.charbroil.com 1 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 1 default-src * 'unsafe-inline' data: ; font-src * 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval' https: 1 frame-ancestors https://*.milwaukeetool.eu 1 default-src https://ipara.com;https://ipara.com.tr 1 frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1 default-src 'self' 'unsafe-inline' osnatel.de www.osnatel.de www2.osnatel.de *.osnatel.de *.dwin1.com 20782209p.rfihub.com c1.rfihub.net *.cookiebot.com *.adc-srv.net *.google.de bat.bing.com *.google.com hello.myfonts.net *.rfihub.com *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.rfihub.net *.intelliad.de *.bing.com/bat.js https://forms.osnatel.de/ *.forms.osnatel.de *.pimcore.org *.ggpht.com *.gstatic.com *.googleapis.com 'unsafe-eval' *.googletagmanager.com *.google.com/recaptcha/ *.google-analytics.com hello.myfonts.net *.tellja.de fonts.googleapis.com data: 1 img-src blob: * android-webview-video-poster: data:; font-src * data:; default-src beta.idisign.ch *.cashgate.ch 'unsafe-eval' *.gstatic.com www.newhome.ch www.wuestpartner.com 'self' *.googleapis.com dis.swisscom.ch *.sgkb.ch 'unsafe-inline' recruitingapp-1154.umantis.com test.idisign.ch 1 allow 'self' http://*.googlesyndication.com https://*.googlesyndication.com; options inline-script eval-script; img-src *; script-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com http://*.googlesyndication.com http://*.doubleclick.net https://*.simplemachines.org https://*.simplemachinesweb.com https://*.googlesyndication.com https://*.doubleclick.net; style-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com https://*.simplemachines.org https://*.simplemachinesweb.com; frame-ancestors none; 1 default-src 'self' https://*.gstatic.com; script-src 'self' https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://an.yandex.ru https://yandex.st https://yastatic.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com nonce-RAND 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' nonce-RAND http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net; img-src 'self' http://localhost:97/ https://localhost:97/ https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://avatars-fast.yandex.net https://favicon.yandex.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com; media-src 'self' https://*.google.com https://*.google.ru https://*.yandex.net https://yandex.st https://yastatic.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io http://localhost:97 https://s0.2mdn.net; frame-src 'self' https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io http://localhost:* https://s0.2mdn.net https://px.adhigh.net; font-src https://*.gstatic.com https://s0.2mdn.net 'self'; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://localhost http://localhost https://s0.2mdn.net 1 default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1 frame-ancestors 'self' spoxy3.insipio.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' syndication.twitter.com www.google-analytics.com; frame-src *; img-src 'self' s3-eu-west-1.amazonaws.com platform.twitter.com www.facebook.com data: web.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.pinterest.com log.pinterest.com connect.facebook.net platform.twitter.com syndication.twitter.com tfw-current.s3.amazonaws.com www.google.com www.gstatic.com cdnjs.cloudflare.com stevenlevithan.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' 1 default-src https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1 default-src 'self' data: *.hypovbg.at analytics.google.com google.com www.google.com www.google-analytics.com *.etracker.de *.etracker.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.hypovbg.at cdnjs.cloudflare.com analytics.google.com google.com www.google.com www.google-analytics.com *.etracker.de *.etracker.com maps.google.com maps.googleapis.com e.issuu.com; object-src 'self' *.youtube.com; style-src 'self' data: 'unsafe-inline' *.hypovbg.at analytics.google.com google.com www.google.com www.google-analytics.com *.etracker.de *.etracker.com fonts.googleapis.com; img-src 'self' data: *.hypovbg.at analytics.google.com google.com www.google.com www.google-analytics.com *.etracker.de *.etracker.com www.youtube.com youtube.com maps.google.com maps.googleapis.com *.gstatic.com; media-src 'self'; frame-src 'self' kurse.banking.co.at *.hypovbg.at www.youtube.com youtube.com www.youtube-nocookie.com youtube-nocookie.com e.issuu.com; font-src 'self' data: *.hypovbg.at analytics.google.com google.com www.google.com www.google-analytics.com *.etracker.de *.etracker.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1 frame-ancestors 'self' https://*.divessi.com https://*.head-test.com 1 default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' ;style-src 'unsafe-inline' https: data: ;font-src https: data: ; img-src * data:; 1 frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com; 1 default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.lamapoll.de; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src 'self' data: lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de *.facebook.com; media-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de youtube.com youtube-nocookie.com; object-src 'self'; connect-src 'self'; frame-src 'self' player.vimeo.com www.youtube.com www.youtube-nocookie.com 1 default-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com https://*.googlevideo.com 'unsafe-inline' 'unsafe-eval'; media-src https://www.mediengruppe-rtl.de blob:; img-src 'self' data: https://yt3.ggpht.com https://i.ytimg.com; script-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; style-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com 'unsafe-inline' 1 default-src 'self' https://fonts.gstatic.com; img-src *; script-src 'self' https://maps.googleapis.com/ https://ipirani.ir/ https://www.google-analytics.com/ https://cdn.zarinpal.com/ 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1 default-src * 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com assets.rockwerchter.be;img-src 'self' data: *.gstatic.com maps.googleapis.com www.facebook.com scontent.cdninstagram.com pbs.twimg.com i.ytimg.com scontent.xx.fbcdn.net external.xx.fbcdn.net assets.rockwerchter.be *.google-analytics.com *.doubleclick.net *.betrad.com *.quantserve.com *.evidon.com rockwerchter.be *.x.bidswitch.net *.google.com *.google.be;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com connect.facebook.net graph.facebook.com *.instagram.com js-agent.newrelic.com bam.nr-data.net assets.rockwerchter.be *.googletagmanager.com *.google-analytics.com *.evidon.com *.quantserve.com *.betrad.com *.quantcount.com tagmanager.google.com *.googleadservices.com *.doubleclick.net *.bh.contextweb.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com assets.rockwerchter.be *.tagmanager.google.com tagmanager.google.com;report-uri /nelmio/csp/report;connect-src www.googleapis.com 'self' *.betrad.com *.google-analytics.com;frame-src www.youtube.com www.vimeo.com staticxx.facebook.com www.facebook.com web.facebook.com www.google.com 'self' *.betrad.com *.evidon.com 1 frame-ancestors https://scstatehouse.gov http://scstatehouse.gov https://*.scstatehouse.gov http://*.scstatehouse.gov https://*.schouse.gov http://*.schouse.gov https://*.scsenate.gov http://*.scsenate.gov 1 default-src 'self'; child-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.google.com *.google.gr; frame-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.youtube.com *.google.com *.google.gr *.paypal.com *.paymentwall.com; connect-src 'self' *:888; font-src 'self' data:; form-action 'self' store.payproglobal.com secure.avangate.com; frame-ancestors 'self'; img-src 'self' data: *.google.com *.google.gr *.trustzoneurl.com trustzonepost.xyz *.g.doubleclick.net *.facebook.com syndication.twitter.com seal.digicert.com www.google-analytics.com *.cartocdn.com; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustzoneurl.com google.com a.trust.zone platform.twitter.com connect.facebook.net www.gstatic.com www.googleadservices.com *.google-analytics.com seal.digicert.com *.paypalobjects.com *.paypal.com; report-uri https://trust.zone/_csp_log 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net *.yandex.ru yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.com *.yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.googleapis.com *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com rawgit.com rawgithub.com www.google.com analytics.twitter.com graph.facebook.com www.linkedin.com edge.addthis.com m.addthis.com m.addthisedge.com s7.addthis.com cdn.polyfill.io fullstory.com cdn.rawgit.com maps.google.com www.google-analytics.com maps.googleapis.com script.crazyegg.com use.typekit.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com bat.bing.com tag.retargeter.com www.gstatic.com cdn.callrail.com analytics.twitter.com js.callrail.com cdn.jsdelivr.net blob:; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: blob: secure.gra cx.atdmt.com s.ytimg.com s.w.org maps.gstatic.com p.typekit.net maps.google.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com t.co bat.bing.com secure.adnxs.com tag.retargeter.com t.sellpoints.com; style-src 'self' 'unsafe-inline' s.ytimg.com fonts.googleapis.com analytics.twitter.com; connect-src 'self' analytics.twitter.com yoast.com performance.typekit.net js.callrail.com secure.adnxs.com tag.retargeter.com rs.fullstory.com m.addthis.com www.google-analytics.com; frame-src 'self' *.doubleclick.net www.youtube.com www.google.com m.addthis.com edge.addthis.com connect.facebook.net providers.seton.net s7.addthis.com analytics.twitter.com 1 default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src 'self' data: *; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywell.com *.qa.aws.verywell.com atlas.verywell.com atlas.local.verywell.com https://specials.verywell.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; frame-src 'self' *; object-src 'none'; font-src 'self' data:; 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-eAD+eWHICkKQ8/0fyyFK9MdWjc8obgRegvRegoVyo2s=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1 default-src 'self' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget.trustpilot.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://www.gstatic.com; img-src 'self' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://www.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self' https://discordapp.com https://www.youtube.com https://googleads.g.doubleclick.net https://widget.trustpilot.com https://sketchfab.com/ https://www.google.com https://www.gstatic.com; object-src 'none'; connect-src wss: ws: https://minehub.de/ https://minehub.de:6008 https://minehub.de:6007 1 default-src 'none'; script-src 'self' https://*.googleadservices.com https://*.dynatrace.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://*.cxtrvl.com https://sandbox.tstllc.net *.sas.com *.aimatch.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cloud.webtype.com https://hello.myfonts.net https://*.googleapis.com https://*.cxtrvl.com 'unsafe-inline'; connect-src 'self' *.sas.com *.aimatch.com *.dynatrace.com https://*.cxtrvl.com *.foresee.com https://sandbox.tstllc.net; font-src 'self' https://cloud.webtype.com https://*.gstatic.com https://*.googleapis.com https://*.cxtrvl.com; img-src 'self' data: https://*.vacationsdirect.com https://*.cloudfront.net https://*.viator.com *.budget.com *.avis.com *.thrifty.com *.dollar.com *.rcstatic.com *.cartrawler.com *.enterprise.fr *.nationalcar.com *.alamo.com *.enterprise.com *.carhire-solutions.com https://*.cxtrvl.com *.cxloyalty.com https://*.tripadvisor.com https://pls.webtype.com *.orxenterprise.com https://www.google-analytics.com https://*.tripadvisor.com https://*.gstatic.com https://*.googleapis.com https://placehold.it https://placeholdit.imgix.net https://*.tacdn.com https://*.ehi.com reflected-xss block; form-action 'self' *.cxtrvl.com https://sandbox.tstllc.net/cruise; frame-ancestors *.sas.com *.aimatch.com; plugin-types application/pdf; frame-src ;object-src 'self' 1 default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat2.nic.cz https://test-ipv6.nic.cz https://*.test-ipv6.nic.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.test-ipv6.nic.cz https://*.labs.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://csp.nic.cz/report/ 1 default-src https:; script-src https://ewww.io https://ewww-io.exactdn.com 'unsafe-inline' 'unsafe-eval' https://checkout.stripe.com https://js.stripe.com https://api.carthook.com https://code.jquery.com https://beacon-v2.helpscout.net https://cdn.sucuri.net https://js-agent.newrelic.com https://bam.nr-data.net; style-src https://ewww.io https://fonts.googleapis.com https://cdn.sucuri.net 'unsafe-inline'; img-src https://ewww.io https://ewww-io.exactdn.com https://ewww-io.exactdn.com https://example.exactdn.com https://secure.gravatar.com https://ps.w.org https://q.stripe.com https://s.w.org https://referoo.co data:; font-src 'self' https://ewww-io.exactdn.com https://fonts.gstatic.com data:; 1 default-src 'self'; allow 'self'; script-src 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1 img-src 'self'; 1 form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://checkout.stripe.com https://www.paypal.com https://www.paypalobjects.com https://cdn.paddle.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'self' 1 child-src 'self' www.youtube.com accounts.google.com; connect-src *; default-src 'self'; img-src 'self' * storage.googleapis.com maps.googleapis.com images.pexels.com *.amazonaws.com www.localsearch.com.au maps.googleapis.com maps.gstatic.com *.localsearch.cloud *.googleusercontent.com *.facebook.com googleads.g.doubleclick.net pagead2.googlesyndication.com ssl.gstatic.com data:; font-src 'self' data: fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' * cdn.polyfill.io maps.googleapis.com connect.facebook.net/en_US/sdk.js *.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com tagmanager.google.com googletagmanager.com; style-src 'self' 'unsafe-inline' blob: tagmanager.google.com fonts.googleapis.com cdn.rawgit.com/milligram/milligram/master/dist/milligram.min.css fonts.googleapis.com/css; frame-src *.facebook.com *.google.com *.youtube.com *.gstatic.com googleads.g.doubleclick.net pagead2.googlesyndication.com 1 frame-ancestors 'self' *.iza.org; 1 frame-ancestors https://knowledge.cloudsecurityalliance.org https://360.articulate.com https://articulateusercontent.com 1 default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1 frame-ancestors https://pma.info 1 default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.comi *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.krxd.net *.krxd.net https://beacon.krxd.net https://cdn.krxd.net ; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net dotcom.nestlebeverages.acsitefactory.com *.google.co.in; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com https://www.googletagmanager.com *.krxd.net; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.doubleclick.net; report-uri /report-csp-violation 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-C2d/8Vo8ZgR52LL9PlnRgWe2B/9JiJZhKsUVE3YVpSM=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 reflected-xss block 1 default-src 'unsafe-inline' https://fonts.googleapis.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 1 default-src * 'unsafe-inline' cdn.ckeditor.com 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1 default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: http://www.cockovnik.cz http://www.vasecocky.cz; frame-ancestors 'self' 1 default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de https://www.betterplace.org https://betterplace-assets.betterplace.org https://i.vimeocdn.com https://raw.githubusercontent.com *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://okfde.github.io https://www.betterplace.org https://betterplace-assets.betterplace.org https://player.vimeo.com https://www.youtube-nocookie.com https://media.ccc.de https://challonge.com https://www.foodwatch.org/de/iframe/;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' https://static.frag-den-staat.de https://media.frag-den-staat.de;child-src blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://www.paypal.com https://pretix.eu fragdenstaat://authorize;report-uri https://sentry.okfn.de/api/4/csp-report/?sentry_key=b0305966ad35428b88f611c796792749; 1 script-src 'self' *.infosecurity-magazine.com https://admin.infosecurity-magazine.com:8080 https://cdn.ampproject.org static.ads-twitter.com *.addthisedge.com disqus.com *.disqus.com *.disquscdn.com *.googletagmanager.com *.googletagservices.com *.feathr.co adservice.google.co.uk *.doubleclick.net *.googlesyndication.com *.twitter.com *.twimg.com 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.brighttalk.com *.addthis.com *.youtube.com *.soundcloud.com *.vimeo.com *.instagram.com; style-src 'self' *.infosecurity-magazine.com cdn.jsdelivr.net *.disquscdn.com 'unsafe-inline' *.google.com *.googleapis.com *.bootstrapcdn.com *.twitter.com ; img-src 'self' data: https://www.gravatar.com *.googlesyndication.com t.co cdn.viglink.com *.disquscdn.com *.disqus.com *.infosecurity-magazine.com *.google.com *.google-analytics.com *.twitter.com *.googleapis.com *.google.co.uk *.doubleclick.net *.gstatic.com *.twimg.com *.feathr.co; font-src data: 'self' *.bootstrapcdn.com *.gstatic.com; connect-src 'self' https://admin.infosecurity-magazine.com:8080 wss://admin.infosecurity-magazine.com:8080 *.addthis.com *.doubleclick.net links.services.disqus.com csi.gstatic.com *.feathr.co; media-src 'self'; object-src 'self' *.twitter.com *.brighttalk.com; child-src 'self'; frame-src 'self' *.brighttalk.com *.infosecurity-magazine.com *.google.com *.addthis.com *.youtube.com *.twitter.com *.soundcloud.com *.vimeo.com disqus.com *.disquscdn.com *.instagram.com; frame-ancestors 'self' *.infosecurity-magazine.com; worker-src 'self'; form-action 'self' *.twitter.com; upgrade-insecure-requests; block-all-mixed-content; 1 frame-ancestors 'self' https://twitter.com; 1 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.samsung.com *.visa.com *.googleapis.com *.google-analytics.com *.kmda.gov.ua *.gstatic.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com; media-src 'self' blob: ; frame-ancestors 'self' gioc.kiev.ua *.gioc.kiev.ua suvorovskiy.com.ua *.suvorovskiy.com.ua *.kyivcity.gov.ua openosh.site cks.kiev.ua oschadbank.ua *.oschadbank.ua ukrticket.com.ua www.ukrticket.com.ua cks.com.ua kte.kmda.gov.ua *.kmda.gov.ua; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.parnassys.net/; connect-src 'self'; font-src 'self'; child-src 'self'; frame-src 'self' 1 default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl 1 sandbox allow-scripts allow-same-origin allow-forms ; 1 default-src 'self';object-src 'none';object-src allow-forms allow-same-origin allow-scripts;base-uri 'self';upgrade-insecure-requests;frame-ancestors 'none';script-src 'self' 'unsafe-inline' ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' ajax.aspnetcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com;font-src font-src 'self' ajax.aspnetcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com data:;img-src data: 'self'; 1 default-src 'self' *.google-analytics.com *.doubleclick.net *.salesforce.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com bam.nr-data.net *.google-analytics.com js-agent.newrelic.com *.stripe.com s3.amazonaws.com/trk.cetrk.com/; style-src 'self' 'unsafe-inline'; img-src 'self' *.google-analytics.com *.doubleclick.net *.salesforce.com user-event-tracker.crazyegg.com; frame-src 'self' *.stripe.com *.salesforce.com *.vimeo.com; child-src 'self' *.stripe.com *.salesforce *.vimeo.com; report-uri /report-csp-violation 1 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com dev.webkommunikation24.de *.gstatic.com *.youtube-nocookie.com *.paypalobjects.com *.paypal.com *.google.com;report-uri https://projekt2012.webkommunikation24.de/mods/bewerten/csp-log.php; 1 default-src 'self' *.spgpromos.com lacek.hs.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.spgpromos.com localhost:* lacek.hs.llnwd.net *.admarketplace.com *.google-analytics.com *.btstatic.com *.thebrighttag.com *.bing.com *.yimg.com *.yieldoptimizer.com *.googleadservices.com *.ampxchange.com *.yahoo.com *.serving-sys.com *.admarketplace.com *.admarketplace.net *.googletagmanager.com *.doubleclick.net *.signal.co *.facebook.com; object-src 'self' lacek.hs.llnwd.net; style-src 'self' 'unsafe-inline' lacek.hs.llnwd.net; img-src 'self' * data:; media-src 'self' lacek.hs.llnwd.net; frame-src 'self' lacek.hs.llnwd.net localhost:* *.spgpromos.com:* *.doubleclick.net; font-src 'self' lacek.hs.llnwd.net; connect-src 'self' lacek.hs.llnwd.net *.serving-sys.com *.spgpromos.com spgpromos.com 1 default-src 'self'; object-src 'none'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://js-agent.newrelic.com 'unsafe-inline'; img-src 'self' https://ssl.gstatic.com/ www.google-analytics.com www.gravatar.com secure.gravatar.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.facebook.com/ https://github.com/ https://api.twitter.com/; upgrade-insecure-requests; block-all-mixed-content; 1 frame-ancestors https://www.missoni.com/ https://www.missoni.com/ ; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: use.typekit.net www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com tagmanager.google.com maps.googleapis.com https://cdn.rawgit.com *.cookiebot.com www.googleadservices.com *.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com www.facebook.com *.google.com www.google.be google.nl; font-src 'self' *.typekit.net fonts.gstatic.com data:; connect-src 'self' performance.typekit.net www.google-analytics.com *.facebook.com; report-uri /report-csp-violation 1 default-src 'self';img-src 'self' *.vandenbroeleconnect.be;script-src 'self' 'unsafe-inline' *.google.com *.gstatic.com;style-src 'self' 'unsafe-inline' *.typekit.net; object-src 'none';font-src 'self' *.typekit.net;frame-ancestors 'none';frame-src 'self' 'unsafe-inline' *.google.com;sandbox allow-forms allow-same-origin allow-scripts;base-uri 'self'; 1 allow 'self'; frame-ancestors 'self' 1 child-src https://3dsecure-cardprocess.de masteradmin2.es-shops.de *.hotjar.com *.sparkassen-kreditkarten.de http://*.also.com *.webtrends.com *.youtube-nocookie.com *.also.com https://content.copmedia.de *.saferpay.com http://files.electronicsales.de *.webtrendslive.com *.addthis.com www.google.com 'self' 'unsafe-inline' *.youtube.com *.skrill.com *.facebook.net *.commerzfinanz.com; connect-src *.addthis.com *.hotjar.com *.google-analytics.com wss://*.hotjar.com *.pingdom.net https://graylog.hotjar.com:12443 'self' *.trustedshops.com; default-src 'self' 'unsafe-inline'; font-src data: *.cnetcontent.com fonts.gstatic.com *.trustedshops.com 'self'; form-action https://www.sofortueberweisung.de *.skrill.com https://www.minervafinance.de http://pay.skrill.com https://www.paypal.com *.sofort.com 'self'; img-src *.gzhls.at *.electronicsales.de img.billiger.de *.cnetcontent.com *.youtube-nocookie.com medien.shopwelt.de http://*.es-shops.de http://content.copmedia.de *.gstatic.com *.webtrendslive.com *.actebis-images.com *.windows.net *.copmedia.de http://*.commercesolution.de https://gzhls.at *.webtrends.com actebis-images.com http://cdn.cnetcontent.com *.geizkragen.de http://*.electronicsales.de images.ep-es.com *.trustedshops.com img.idealo.com *.pingdom.net *.youtube.com 'self' data: 'unsafe-inline' *.google-analytics.com *.facebook.com stats.g.doubleclick.net; media-src 'self'; script-src rum-static.pingdom.net *.webtrends.com *.addthis.com *.hotjar.com https://code.jquery.com *.webtrendslive.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://code.highcharts.com *.addthisedge.com *.googleadservices.com tagmanager.google.com *.sparkassen-kreditkarten.de *.saferpay.com *.cnetcontent.com 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.trustedshops.com *.skrill.com *.facebook.net *.commerzfinanz.com; style-src *.googleapis.com *.cnetcontent.com tagmanager.google.com 'self' 'unsafe-inline' *.trustedshops.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.ivideon.com https://yastatic.net https://*.yandex.ru https://mc.yandex.ru yandex.ru https://*.yandex.net https://*.gstatic.com http://fonts.gstatic.com https://*.googleapis.com *.i-exam.ru i-exam.ru https://mypage.i-exam.ru http://*.reformal.ru reformal.ru www.slideshare.net www.youtube.com; report-uri https://test.i-exam.ru/collector.php 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com cdn.iubenda.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com; img-src 'self' data: *.google-analytics.com *.jquery.com *.googleapis.com *.gstatic.com *.iubenda.com secure.gravatar.com; frame-src 'self' *.google.com *.youtube-nocookie.com *.iubenda.com; font-src 'self' *.gstatic.com *.fontawesome.com *.bootstrapcdn.com; connect-src 'self' *.google-analytics.com 1 default-src 'self' http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net ;frame-ancestors http://*.iwplay.com.tw http://*.iwan.com.tw *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src http://*.iwplay.com.tw http://*.iwan.com.tw fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw ; 1 default-src 'self' data: wss://*.altilly.com:2053 wss://*.altilly.com:2083 *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com; script-src 'self' 'nonce-e3839cb12effffc3ea251775aff4823d' *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com *.googleapis.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com/nr-1099.min.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com; report-uri /report-csp-violation 1 frame-ancestors 'self' thenationalcampaign.org 1 default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://swift-prod.prozorro.gov.ua https://openprocurement-storage-sandbox.s3.amazonaws.com https://cdn2.prozorro.gov.ua https://raw.githubusercontent.com/ https://rawgit.com/ https://openprocurement-storage.s3.amazonaws.com https://public.docs.openprocurement.org https://public.docs-sandbox.openprocurement.org https://lb.api-sandbox.openprocurement.org https://public.api.openprocurement.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn2.prozorro.gov.ua https://rawgit.com/ https://connect.facebook.net https://www.linkedin.com https://graph.facebook.com https://*.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://maps.googleapis.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com; frame-src 'self' https://www.youtube.com https://www.slideshare.net https://staticxx.facebook.com https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1 default-src 'self' data: localhost:* *.googleapis.com scontent.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com; frame-src 'self' waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com www.youtube.com www.google.nl www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com; script-src 'self' *.ytimg.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline'; connect-src https: http: ws: wss:; 1 default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self'; 1 default-src 'self'; script-src 'unsafe-inline' 'self' *.google-analytics.com *.addtoany.com *.rosacea.org *.amazonaws.com *.google.com *.gstatic.com; object-src 'self'; style-src 'self' *.googleapis.com *.mailchimp.com 'unsafe-inline'; img-src 'self' *.google-analytics.com *.doubleclick.net *.rosacea.org data:; media-src 'self'; frame-src 'self' *.addtoany.com *.force.com *.google.com; frame-ancestors 'self'; child-src 'self'; font-src *.googleapis.com 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1 frame-ancestors 'self' *.ratingruneta.ru ratingruneta.ru webvisor.com http://webvisor.com metrika.yandex.ru *.yandex.net 1 'self' 'none' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1 default-src www.aselsan.com.tr www.google-analytics.com www.youtube.com 'unsafe-inline' 'unsafe-eval' 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.kisd.de https://kisd.de https://*.typekit.net https://www.google-analytics.com https://*.googleapis.com; style-src https: 'unsafe-inline' https://*.kisd.de https://kisd.de https://*.typekit.net https://*.googleapis.com; 1 upgrade-insecure-requests; default-src 'self' https; connect-src 'self' plus.browsealoud.com ukpn.3chillies.co.uk m.addthis.com; font-src 'self' data: tangentlabs.github.io fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' tangentlabs.github.io hello.myfonts.net fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tangentlabs.github.io www.google.com www.gstatic.com maps.googleapis.com www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com s7.addthis.com m.addthisedge.com m.addthis.com plus.browsealoud.com www.browsealoud.com; img-src 'self' data: maps.gstatic.com maps.googleapis.com www.google-analytics.com prod3si.click4assistance.co.uk stats.g.doubleclick.net; frame-src 'self' s7.addthis.com www.youtube.com; 1 frame-ancestors https://www.dsquared2.com/ https://www.dsquared2.com/ ; 1 default-src 'self' catalog-avon.ru; frame-src 'self' catalog-avon.ru *.doubleclick.net *.gstatic.com *.googlesyndication.com vk.com *.yandex.ru *.yandex.net; connect-src 'self' catalog-avon.ru mc.yandex.ru *.gstatic.com *.googlesyndication.com; object-src 'self' catalog-avon.ru *.gstatic.com; font-src 'self' catalog-avon.ru *.gstatic.com;style-src 'self' 'unsafe-inline' catalog-avon.ru *.gstatic.com *.yandex.ru; img-src 'self' catalog-avon.ru yastatic.net yandex.st *.yandex.net *.yandex.ru vk.com counter.yadro.ru *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' catalog-avon.ru *.yandex.ru yandex.st vk.com *.google.com *.google-analytics.com *.gstatic.com *.googlesyndication.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de itzbund.de *.bka.de bka.de www.facebook.com; img-src 'self' piwik.itzbund.de *.itzbund.de pbs.twimg.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1 default-src 'self' *.sparmedo.de *.gstatic.com *.amazon-adsystem.com *.ssl-images-amazon.com *.apopixx.de *.google.com *.google.de *.googlecode.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.doubleclick.net d2gmuku56rwqoa.cloudfront.net *.youtube-nocookie.com data:; connect-src 'self' d2gmuku56rwqoa.cloudfront.net *.apopixx.de; script-src 'self' 'unsafe-eval' d2gmuku56rwqoa.cloudfront.net d31bfnnwekbny6.cloudfront.net *.amazon-adsystem.com 'unsafe-inline' www.google-analytics.com ajax.googleapis.com *.google.com *.googlesyndication.com *.twitter.com *.facebook.com *.inspectlet.com; style-src 'self' *.amazon-adsystem.com d2gmuku56rwqoa.cloudfront.net https://fonts.googleapis.com 'unsafe-inline'; 1 default-src 'self';font-src 'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src 'self' analytics.monkeytracker.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz connect.facebook.net kariera.rako.cz www.kariera.rako.cz;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net;child-src 'self' www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com www.facebook.com kariera.rako.cz www.kariera.rako.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com kariera.rako.cz www.kariera.rako.cz;object-src 'self' 1 connect-src 'self' wss: https://app.trustev.com https://zpa87232.live.dynatrace.com https://performance.typekit.net;script-src 'self' 'unsafe-inline' https: 'nonce-OgqmrdBzbfqPNsU7TCFlypALOGs=' 'strict-dynamic' https://www.google-analytics.com https://app.trustev.com https://www.googletagmanager.com https://connect.facebook.net https://use.typekit.net;style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.kwikrewards.com;font-src 'self' data: https://use.typekit.net;frame-src 'self' https://app.trustev.com https://www.facebook.com ;object-src 'none';base-uri 'none'; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: spscc.hobsonsradius.com 25livepub.collegenet.com 5p4rk13.com bbox.blackbaudhosting.com connect.facebook.net cse.google.com e.issuu.com fonts.googleapis.com loader.webspellchecker.net rw1.marchex.io scripts.mymarketingreports.com spscc.hobsonsradius.com translate.google.com translate.googleapis.com www.google-analytics.com www.googleapis.com www.google.com www.googletagmanager.com www.googleadservices.com www.tickcounter.com googleads.g.doubleclick.net siteimproveanalytics.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdnjs.cloudflare.com fonts.googleapis.com spscc.hobsonsradius.com translate.googleapis.com www.google.com; img-src 'self' 'unsafe-inline' data: 25livepub.collegenet.com bbox.blackbaudhosting.com clients1.google.com fonts.googleapis.com i.ytimg.com px.marchex.io spscc.edu spscc.hobsonsradius.com stats.g.doubleclick.net translate.google.com translate.googleapis.com www.facebook.com www.google-analytics.com www.googleapis.com www.google.com www.gstatic.com *.siteimprove.com googleads.g.doubleclick.net; media-src 'self' 'unsafe-inline'; frame-src 'self' 5p4rk13.com bbox.blackbaudhosting.com calendar.google.com connect.facebook.net cse.google.com e.issuu.com maps.google.com snapwidget.com staticxx.facebook.com www.facebook.com www.google.com www.tickcounter.com www.youtube.com googleads.g.doubleclick.net; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com staticxx.facebook.com www.google.com; connect-src 'self' translate.googleapis.com; report-uri /report-csp-violation 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-L/qkiqNhNT6Jq4VDPR0o1ApCrz0TyIg+HuouJKk5HB8=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src 'self' data: *.hz.nl *.hubspot.com www.google.com www.google.nl www.google-analytics.com www.googletagmanager.com www.facebook.com stats.g.doubleclick.net *.zopim.com via.placeholder.com maps.gstatic.com maps.googleapis.com maps.google.com 1 default-src 'self' *.fuelrats.com *.stripe.com wss://*.fuelrats.com; base-uri 'none'; script-src 'self' 'nonce-895863f1-caa9-4f8c-946e-78084da69fba' 'strict-dynamic' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.fuelrats.com *.stripe.com; img-src 'self' *.fuelrats.com *.stripe.com api.adorable.io *.wp.com; media-src 'self'; object-src 'self'; font-src 'self' fonts.gstatic.com 1 default-src 'self'; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com; img-src 'self' https://www.quorumsoftware.com https://qbsol-arhxo0vh6d1oh9i0c.stackpathdns.com www.google-analytics.com stats.g.doubleclick.net www.google.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com; script-src 'self' 'unsafe-inline' www.google-analytics.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com; 1 default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; child-src 'self' *; font-src 'self' *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1 default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com googletagmanager.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.emlgrid.com *.salesmanago.pl *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com static.ads-twitter.com analytics.twitter.com app.humdash.com ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.gravatar.com *.ggpht.com *.emlgrid.com *.salesmanago.pl *.ssl.gstatic.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com t.co/i/adsct app.humdash.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' *.luckyorange.net ws://localhost:3000 *.emlgrid.com *.salesmanago.pl *.google-analytics.com *.tagmanager.google.com app.humdash.com ;media-src 'self' *.youtube.com *.youtube-nocookie.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1 child-src t.svtrd.com youtube.com www.youtube.com *.doubleclick.net app4.premieserverplus.nl connect.facebook.net *.24sessions.com;connect-src 'self' maps.googleapis.com api.advieskeuze.nl *.usabilla.com;default-src 'none';font-src 'self' data: fonts.gstatic.com d6tizftlrpuof.cloudfront.net;form-action 'self' t.svtrd.com http://www.argenta.nl http://www.glb.argenta.nl connect.facebook.net;frame-ancestors 'none';img-src 'self' data: www.google-analytics.com *.doubleclick.net www.google.com www.google.be *.svtrd.com tdn.r42tag.com *.facebook.com d6tizftlrpuof.cloudfront.net *.usabilla.com *.googleadservices.net maps.gstatic.com maps.googleapis.com advieskeuzestorage.blob.core.windows.net *.advieskeuze.nl;manifest-src 'none';media-src *;object-src 'none';report-uri https://insurco.report-uri.io/r/default/csp/enforce;script-src 'self' 'unsafe-inline' 'unsafe-eval' tdn.r42tag.com www.google-analytics.com connect.facebook.net admin.relay42.com maps.googleapis.com *.usabilla.com d6tizftlrpuof.cloudfront.net *.svtrd.com *.24sessions.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.usabilla.com d6tizftlrpuof.cloudfront.net; 1 default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1 connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https: 'unsafe-inline'; object-src 'self' *.wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com *.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; media-src 'self' *.wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1 default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'self' 'unsafe-inline'; style-src tagmanager.google.com fonts.googleapis.com c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net *.google.com maps.googleapis.com *.gstatic.com www.google-analytics.com *.google.de stats.g.doubleclick.net 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de www.google-analytics.com 'self'; report-uri /backend/csp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ytimg.com *.youtube.com *.adobedtm.com; 1 default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de *.google.com *.twitter.com *.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de https://cms.deutsche-digitale-bibliothek.de/ *.twimg.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de https://cms.deutsche-digitale-bibliothek.de/ *.twimg.com *.twitter.com; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self' https://cms.deutsche-digitale-bibliothek.de/; connect-src *.akamaihd.net *.vimeo.com 'self' https://cms.deutsche-digitale-bibliothek.de/ *.twimg.com *.twitter.com *.fiz-karlsruhe.de; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de plusone.google.com accounts.google.com *.google.com *.twitter.com *.facebook.com *.youtube.com; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de 1 frame-ancestors 'self' https://*.googletagmanager.com https://themes.googleusercontent.com https://*.cloudfront.net https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.sumome.com https://*.doubleclick.net https://*.msn.com https://*.google.com https://*.twitter.com https://t.co https://*.google.be https://*.facebook.com https://*.newrelic.com https://bam.nr-data.net https://sumome-140a.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.ytimg.com https://cdncache-a.akamaihd.net https://*.youtube.com https://s.ytimg.com https://*.googlevideo.com https://*.addthis.com https://pbs.twimg.com 1 default-src 'self' *.elmleblanc.fr s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com; frame-ancestors 'self' https: bosch.mi4biz.net http://fs52-buderus-dev.kittelberger.net 1 default-src 'self' https://*.tv1.eu http://*.tv1.eu 1 script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1 default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://cdn.pendo.io https://app.pendo.io https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://antispamcloud.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://app.pendo.io data:; options inline-script eval-script 1 default-src 'self';font-src 'self' fonts.gstatic.com;connect-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz www.google.com; form-action 'self';frame-src 'self' www.youtube.com www.facebook.com;child-src 'self' www.youtube.com www.facebook.com;frame-ancestors 'self';img-src 'self' data: blob: www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com 1 frame-ancestors https://*.sknclinics.co.uk:* 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 1 default-src 'self'; connect-src 'self' http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1 child-src 'self' blob:; connect-src *; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' cbe.org.eg https://www.google-analytics.com data:; 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com tech-connect.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self' *.bourseauxservices.com *.google-analytics.com *.google.com *.facebook.com *.fbcdn.net *.fb.com *.facebook.net *.fb.net *.googlecode.com *.googleapis.com *.googlesyndication.com 1 allow 'self' *.asp-public.fr; options eval-script inline-script; connect-src 'self' *.asp-public.fr; frame-ancestors 'self' *.asp-public.fr; frame-src 'self' *.asp-public.fr https://3689183.fls.doubleclick.net; object-src 'self' *.asp-public.fr; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; img-src 'self' data: *.asp-public.fr https://logs177.xiti.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.asp-public.fr; 1 : sandbox allow-scripts 1 connect-src 'self' https://www.googleapis.com/customsearch/v1 ; frame-src 'self' https://www.youtube.com https://trk.adstrck123.com ; default-src 'self' ; img-src 'self' data: https://*.tmcdn.co.nz https://www.google.co.nz/ads https://www.google.com/ads https://address.nzpost.co.nz https://www.facebook.com https://www.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://address.nzpost.co.nz https://www.googletagmanager.com https://corporate.ft-analytics.com https://www.google-analytics.com ssl.google-analytics.com https://connect.facebook.net ; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.co-operativebank.co.nz ; media-src blob: ; font-src 'self' data: 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.centromedicosanbiagio.it *.odontoiatriasanbiagio.it *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com 1 default-src 'self' *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com; frame-ancestors 'self' https: bosch.mi4biz.net http://fs52-buderus-dev.kittelberger.net 1 frame-ancestors https://*.devpleno.com 1 default-src 'self' data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src 'self' data:; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' data:; media-src * 'self' data:; frame-src *; font-src *; connect-src * 'self' data: 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com https://*.fontawesome.com https://*.customsearch.ai;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai; report-uri /admin/config/system/seckit/csp-report 1 default-src self; script-src 'unsafe-inline' 'unsafe-eval' *; object-src none; style-src 'unsafe-inline' *; img-src * data:; media-src *; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com apis.google.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com https://get.mycounter.ua; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: gallery.pdaa.edu.ua https://stats.g.doubleclick.net https://www.google-analytics.com https://syndication.twitter.com https://r.i.ua https://get.mycounter.ua https://static.mycounter.ua https://counter.yadro.ru https://csi.gstatic.com https://wwwimages.adobe.com; media-src 'none'; frame-src 'self' www.facebook.com apis.google.com platform.twitter.com https://accounts.google.com https://docs.google.com https://www.youtube.com https://www.google.com syndication.twitter.com; font-src 'self'; connect-src 'self' www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1 default-src https: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; img-src https: data:; report-uri /admin/settings/seckit/csp-report 1 frame-ancestors liveshareeast3.seismic.com huron.seismic.com 1 frame-ancestors https://www.webmd.com; report-uri /report-csp-violation 1 default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com sp.zalo.me www.google.com bid.g.doubleclick.net api01-platform.stream.co.jp; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in; report-uri /report-csp-violation 1 default-src *.freelo.cz *.smartlook.com wss://client.relay.crisp.chat *.youtube.com 'self' 'unsafe-eval' 'unsafe-inline' data: *.twitter.com *.twimg.com *.instagram.com *.googletagmanager.com *.typekit.net *.googleadservices.com *.google-analytics.com *.facebook.net *.yandex.ru *.doubleclick.net *.facebook.com *.google.com *.google.cz *.jsdelivr.net *.jquery.com cdnjs.cloudflare.com *.vas-hosting.cz *.highcharts.com *.googleapis.com *.gopay.cz *.rb.cz *.paypalobjects.com *.gstatic.com *.yandex.net *.webvisor.com *.yandex.com *.crisp.chat; frame-src *.freelo.cz 1 default-src 'self';font-src 'self' fonts.gstatic.com *.flexi.cz smartsupp-widget-161959.c.cdn77.org;connect-src 'self' *.flexi.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www.google-analytics.com analytics.monkeytracker.cz app.mluvii.com wss://app.mluvii.com *.smartsupp.com ws://s26.smartsupp.com *.smartlook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.flexi.cz *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz *.cookiebot.com *.azureedge.net app.mluvii.com *.smartsuppchat.com smartsupp-widget-161959.c.cdn77.org ws://s26.smartsupp.com *.smartlook.com;form-action 'self' *.flexi.cz *.koop.cz *.kooportal.cz;frame-src 'self' www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net consent.azureedge.net app.mluvii.com *.koop.cz;child-src 'self' www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net consent.azureedge.net app.mluvii.com *.koop.cz;frame-ancestors 'self' app.mluvii.com *.koop.cz;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.flexi.cz *.ggpht.com *.imedia.cz *.facebook.com *.googlesyndication.com smartsupp-widget-161959.c.cdn77.org;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com app.mluvii.com smartsupp-widget-161959.c.cdn77.org;object-src 'self' 1 allow *; options inline-script eval-script; frame-ancestors 'self' https://www.mediaworld.it/; 1 allow ‘self’ 1 img-src 'self' data: blob: http://feather.aviary.com/ http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://feather.aviary.com/ https://dme0ih8comzn4.cloudfront.net/js/feather.js https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css http://feather.aviary.com/ https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/; connect-src 'self' http://cd.aviary.com/ https://api-ag.aviary.com/ https://feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com/ http://featherservices.aviary.com/ http://ip-api.com/; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/; media-src 'self'; object-src 'self'; frame-ancestors none 1 default-src 'self' blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/sdk.js www.google-analytics.com https://www.google-analytics.com apis.google.com plotdb.disqus.com a.disquscdn.com portal.cherritech.net; style-src 'self' 'unsafe-inline' www.google-analytics.com fonts.googleapis.com a.disquscdn.com; img-src 'self' data: blob: www.google-analytics.com www.facebook.com static.xx.fbcdn.net csi.gstatic.com *; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com; frame-src 'self' plotdb.io data: blob: *.facebook.com *.googleapis.com accounts.google.com disqus.com; connect-src 'self' data: blob: plotdb.com links.services.disqus.com *.tappayapis.com 1 default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; reflected-xss block; report-uri https://kvrlp.report-uri.io/r/default/csp/enforce; 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.gs1-germany.de https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://www.etracker.de https://*.etracker.com; style-src https: 'unsafe-inline' https://*.gs1-germany.de https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://www.etracker.de https://*.etracker.com; 1 default-src 'self'; script-src 'unsafe-inline' 'self' *.googleapis.com *.newrelic.com *.nr-data.net *.google-analytics.com *.google.com *.getsitecontrol.com *.gstatic.com *.kxcdn.com 'strict-dynamic' 'nonce-281fdadb3d137e271d9e9904'; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com *.bootstrapcdn.com; img-src 'self' * data:; frame-src 'self' *.google.com; font-src *.googleusercontent.com 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.apigee.com *.getsitecontrol.com *.apigee.net; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' data: http://www.google-analytics.com https://www.google-analytics.com http://*.google.com https://*.google.com http://*.gstatic.com:* https://*.gstatic.com:* http://*.googleapis.com https://*.googleapis.com https://yandex.ru http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.jivosite.com https://*.jivosite.com wss://*.jivosite.com http://yastatic.net https://yastatic.net http://bitrix.info https://bitrix.info http://twemoji.maxcdn.com https://twemoji.maxcdn.com http://youtube.com https://youtube.com http://*.youtube.com https://*.youtube.com http://*.1c-bitrix.ru https://*.1c-bitrix.ru http://sk-plotnik.ru https://sk-plotnik.ru https://*.venyoo.ru http://*.venyoo.ru wss://*.venyoo.ru http://*.leadia.ru https://socgate.ru http://com-sale.ru https://goalback.ru https://callbackhunter.com https://easymarkets.site http://vk.com https://connect.facebook.net https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://*.google.com https://*.google.com http://*.gstatic.com:* https://*.gstatic.com:* http://*.googleapis.com https://*.googleapis.com https://yandex.ru http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.jivosite.com https://*.jivosite.com wss://*.jivosite.com http://yastatic.net https://yastatic.net http://bitrix.info https://bitrix.info http://twemoji.maxcdn.com https://twemoji.maxcdn.com http://youtube.com https://youtube.com http://*.youtube.com https://*.youtube.com http://*.1c-bitrix.ru https://*.1c-bitrix.ru http://sk-plotnik.ru https://sk-plotnik.ru https://*.venyoo.ru http://*.venyoo.ru wss://*.venyoo.ru http://*.leadia.ru https://socgate.ru http://com-sale.ru https://goalback.ru https://callbackhunter.com https://easymarkets.site http://vk.com https://connect.facebook.net https://www.facebook.com; style-src 'self' 'unsafe-inline' http://www.google-analytics.com https://www.google-analytics.com http://*.google.com https://*.google.com http://*.gstatic.com:* https://*.gstatic.com:* http://*.googleapis.com https://*.googleapis.com https://yandex.ru http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.jivosite.com https://*.jivosite.com wss://*.jivosite.com http://yastatic.net https://yastatic.net http://bitrix.info https://bitrix.info http://twemoji.maxcdn.com https://twemoji.maxcdn.com http://youtube.com https://youtube.com http://*.youtube.com https://*.youtube.com http://*.1c-bitrix.ru https://*.1c-bitrix.ru http://sk-plotnik.ru https://sk-plotnik.ru https://*.venyoo.ru http://*.venyoo.ru wss://*.venyoo.ru http://*.leadia.ru https://socgate.ru http://com-sale.ru https://goalback.ru https://callbackhunter.com https://easymarkets.site http://vk.com https://connect.facebook.net https://www.facebook.com; img-src 'self' data: blob: http://www.google-analytics.com https://www.google-analytics.com http://*.google.com https://*.google.com http://*.gstatic.com:* https://*.gstatic.com:* http://*.googleapis.com https://*.googleapis.com https://yandex.ru http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.jivosite.com https://*.jivosite.com wss://*.jivosite.com http://yastatic.net https://yastatic.net http://bitrix.info https://bitrix.info http://twemoji.maxcdn.com https://twemoji.maxcdn.com http://youtube.com https://youtube.com http://*.youtube.com https://*.youtube.com http://*.1c-bitrix.ru https://*.1c-bitrix.ru http://sk-plotnik.ru https://sk-plotnik.ru https://*.venyoo.ru http://*.venyoo.ru wss://*.venyoo.ru http://*.leadia.ru https://socgate.ru http://com-sale.ru https://goalback.ru https://callbackhunter.com https://easymarkets.site http://vk.com https://connect.facebook.net https://www.facebook.com; font-src 'self' http://www.google-analytics.com https://www.google-analytics.com http://*.google.com https://*.google.com http://*.gstatic.com:* https://*.gstatic.com:* http://*.googleapis.com https://*.googleapis.com https://yandex.ru http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.jivosite.com https://*.jivosite.com wss://*.jivosite.com http://yastatic.net https://yastatic.net http://bitrix.info https://bitrix.info http://twemoji.maxcdn.com https://twemoji.maxcdn.com http://youtube.com https://youtube.com http://*.youtube.com https://*.youtube.com http://*.1c-bitrix.ru https://*.1c-bitrix.ru http://sk-plotnik.ru https://sk-plotnik.ru https://*.venyoo.ru http://*.venyoo.ru wss://*.venyoo.ru http://*.leadia.ru https://socgate.ru http://com-sale.ru https://goalback.ru https://callbackhunter.com https://easymarkets.site http://vk.com https://connect.facebook.net https://www.facebook.com; 1 default-src 'self';font-src 'self' fonts.gstatic.com kariera.ave.cz ave-kolin.cz www.kariera.ave.cz www.ave-kolin.cz;connect-src 'self' analytics.monkeytracker.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com c.imedia.cz kariera.ave.cz ave-kolin.cz www.kariera.ave.cz www.ave-kolin.cz www.googleadservices.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net ajax.googleapis.com track.adform.net;form-action 'self';frame-src 'self' www.youtube.com portal.envitech.eu *.imedia.cz http://portal.envitech.eu;child-src 'self' www.youtube.com portal.envitech.eu *.imedia.cz http://portal.envitech.eu;frame-ancestors 'self';img-src 'self' data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net maps.google.com c.imedia.cz *.google.com kariera.ave.cz ave-kolin.cz www.kariera.ave.cz www.ave-kolin.cz www.google.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com www.kariera.ave.cz www.ave-kolin.cz kariera.ave.cz www.ave-kolin.cz;object-src 'self' 1 default-src 'self' https://performance.typekit.net; block-all-mixed-content; connect-src 'self'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net data:; img-src 'self' data: https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://p.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://use.typekit.net https://js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; report-uri /nelmio/csp/report 1 script-src 'self' CSP_ALLOWED_LIST 'nonce-'; style-src 'self' CSP_ALLOWED_LIST 'nonce-'; connect-src 'self' CSP_ALLOWED_LIST ; frame-ancestors 'self' CSP_ALLOWED_LIST ; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net; media-src 'self' https: *.guinness-storehouse.com 1 default-src * data: 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'self' 'unsafe-inline' ; img-src * data: 'self' ; font-src * data: 'self' ; connect-src * 'self' ; media-src * 'self' ; object-src * 'self' ; frame-ancestors * 'self' ; form-action * 'self' ; 1 default-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com; style-src 'self' data: 'unsafe-inline' https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com; img-src * 'self' data:; font-src 'self' data: https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com; frame-src 'self' http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1 default-src 'self'; report-uri /home/admin/config/system/seckit/csp-report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: adbutler-fermion.com *.adbutler-luxon.com *.adsrvr.org *.ads-twitter.com *.bamboohr.com *.clicktotweet.com *.cmgdigital.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jeffersoncms.org *.jotform.com *.marchex.io *.quantcast.com *.quantserve.com *.quantcount.com *.scribd.com *.serving-sys.com *.sharethis.com *.slideshare.net *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.wakelet.com *.youtube.com *.yudu.com gis.fema.gov http://kff.org http://oig.hhs.gov http://rocket.nwood-kensett.k12.ia.us http://www.ncbi.nlm.nih.gov https://badge.facebook.com https://block.opendns.com https://capwiz.com https://cdn.tinymce.com https://centro.pixel.ad https://clickserv.pixel.ad https://clickserv.sitescout.com https://connect.facebook.net https://cqrcengage.com https://data.healthcare.gov https://dpm.demedex.net https://feedburner.google.com https://fonts.googleapis.com https://fusiontables.googleusercontent.com https://googleads.g.doubleclick.net https://hootsuite.com https://insight.adsrvr.org https://submit.jotform.us https://js.adsrvr.org https://match.adsrvr.org https://pixel.sitescout.com https://platform.twitter.com https://player.vimeo.com https://vimeo.com https://servedbyadbutler.com https://static.addtoany.com https://stats.g.doubleclick.net https://storify.com https://syndication.twitter.com https://t.co https://tags.bluekai.com https://texmed.medbuzz.com https://tma.custhelp.com https://uip.semasio.net https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.paypalobjects.com https://www.youtube.com https://www.votervoice.net pixel-geo.prfct.co public.slidesharecdn.com tag.marinsm.com tagmanager.google.com www.cms.gov www.powr.io; 1 default-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self' http://online-training.projectwet.org; child-src 'self' *; font-src 'self' *; connect-src 'self' *; report-uri /report-csp-violation 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-src: 'self' clients.savvior.com; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com ajax.googleapis.com cdnjs.cloudflare.com s7.addthis.com m.addthis.com m.addthisedge.com svc.webspellchecker.net atlas.bayside.vic.gov.au www.gstatic.com maps.googleapis.com edge.addthis.com www.googletagmanager.com www.google-analytics.com loader.webspellchecker.net s1.webspellchecker.net tagmanager.google.com cdn.siteimprove.net maps.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ajax.googleapis.com maxcdn.bootstrapcdn.com hello.myfonts.net svc.webspellchecker.net atlas.bayside.vic.gov.au tagmanager.google.com; img-src 'self' svc.webspellchecker.net atlas.bayside.vic.gov.au data: maps.gstatic.com maps.googleapis.com csi.gstatic.com ecouncil.bayside.vic.gov.au www.bayside.vic.gov.au ajax.googleapis.com m.addthis.com www.google-analytics.com s1.webspellchecker.net stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com www.addthis.com maps.google.com; frame-src 'self' s7.addthis.com bayside.vic.gov.au www.bayside.vic.gov.au ecouncil.bayside.vic.gov.au atlas.bayside.vic.gov.au www.google.com www.google.com.au edge.addthis.com www.youtube.com s1.webspellchecker.net www.webspellchecker.net www.googletagmanager.com www.vision6.com.au player.vimeo.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com atlas.bayside.vic.gov.au sxt.cdn.skype.com; connect-src 'self' m.addthis.com svc.webspellchecker.net s7.addthis.com cdn.siteimprove.net my2.siteimprove.com id.siteimprove.com www.google-analytics.com stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1 default-src 'none'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://syndication.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net; script-src 'self' 'sha256-qGasMkiuQrknroPnujuLsj4kayMH/rdyIASc8vMa2f8=' 'sha256-mcrX4BtCZKT0+iKaPn3g6goeSr2betzvK4ymmZdtr4Q=' 'sha256-cJbjqIQxSKZJy30LDuwpYzkymRcNemkZLi8+Us30pIs=' 'sha256-uWyJaHVDbuFxVv07b32tUOUofANFReQYSVdJP0O7yns=' 'sha256-DbfA7s5mgyjWmK5XGh8F/ilmij9mAwUcFFBi/JAT3I8=' 'sha256-cJMXI6s5uZRFX8/pUQTp20tjnvCNHVKQmv1n0FW83dg=' https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://www.google-analytics.com https://embed.tawk.to https://cdn.jsdelivr.net; img-src 'self' data: https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://syndication.twitter.com https://platform.twitter.com https://static-v.tawk.to https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://static-v.tawk.to; frame-src https://jobsaround.tv https://youtu.be https://www.youtube.com https://www.youtube-nocookie.com https://syndication.twitter.com https://platform.twitter.com https://va.tawk.to; connect-src 'self' https://*.tawk.to wss://*.tawk.to; media-src https://static-v.tawk.to; object-src 'self' 1 default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.brightcove.com *.brightcove.net *.zencdn.net *.boltdns.net *.brightcovecdn.com *.googletagmanager.com *.google-analytics.com *.msecnd.net *.visualstudio.com *.bizographics.com *.licdn.com *.ads-twitter.com *.twitter.com *.twimg.com *.addthis.com *.pardot.com *.linkedin.com *.addthisedge.com *.issuu.com;img-src 'self' data: about: t.co *.twitter.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twimg.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' *.twitter.com;media-src 'self' blob:;font-src 'self' data: *.zencdn.net;object-src 'self';connect-src 'self' *.addthis.com *.brightcove.com *.boltdns.net *.brightcovecdn.com;frame-src 'self' *.addthis.com *.twitter.com *.issuu.com *.google.com *.pardot.com *.guggenheimpartners.com; frame-ancestors 'self';base-uri 'self';form-action 'self' *.twitter.com *.pardot.com *.guggenheimpartners.com 1 default-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' *.zopim.com data:; script-src 'self' *.google-analytics.com *.googletagmanager.com *.zopim.com 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.zopim.com data: *.zopim.io data: *.google.com *.gstatic.com; connect-src 'self' wss://*.zopim.com; frame-src *.zopim.com *.google.com 1 reflected-xss 'block' 1 connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; report-to /csp-report; 1 font-src 'self' static.flatfy.com *.gstatic.com; frame-src 'self' www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.google.com/ads/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com fonts.googleapis.com *.gstatic.com; img-src 'self' data: https:; default-src 'self' static.flatfy.com *.gstatic.com 1 default-src https: 'unsafe-inline'; report-uri //report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.gravatar.com https://images.hcus-assets.com https://assets.hcus-assets.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net data: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.nr-data.net *.googleadservices.com *.maxymiser.net *.adobedtm.com *.doubleclick.net *.demdex.net *.ckeditor.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.ckeditor.com; img-src 'self' *.santander.co.uk *.google.com *.google.co.uk *.google.de *.google.es *.ckeditor.com; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net; font-src 'self' *.gstatic.com; connect-src 'self' *.demdex.net *.santander.co.uk *.google.co.uk; report-uri /auth_admin/config/system/seckit/csp-report 1 connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data:; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors 'self' *.winkbingo.com *.bingosys.net ; 1 default-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fastcdn.org *.cloudflare.com *.ytimg.com *.youtube.com *.addthis.com *.addthisedge.com *.googleapis.com *.googleapis.com *.google-analytics.com *.facebook.com *.pinterest.com; font-src 'self' *.gstatic.com; connect-src 'self' *.addthis.com *.google-analytics.com; frame-src 'self' *.unikum.se *.addthis.com *.youtube.com; img-src 'self' data: *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.etracker.com *.etracker.de ; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com; font-src *; img-src data: *; frame-ancestors 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; frame-src 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; object-src 'self'; media-src *; 1 frame-ancestors 'self' http://localhost http://*.raiffeisenmarkt24.de https://*.raiffeisenmarkt24.de http://*.raiffeisenmarkt.de https://*.raiffeisenmarkt.de http://*.agravis.tld https://*.agravis.tld http://mszapcman01.agravis.tld https://mszapcman01.agravis.tld http://mszapcman02.agravis.tld https://mszapcman02.agravis.tld 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' webcode.telekom-dienste.de fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com track.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com *.wbtrk.net lo.v.liveperson.net accdn.lpsnmedia.net *.facebook.net *.intelliad.de *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.cloudflare.com empathy-portal.de lpcdn.lpsnmedia.net; object-src 'self'; style-src 'self' 'unsafe-inline' webcode.telekom-dienste.de www.telekom.de fonts.googleapis.com; img-src data: 'self' cdn.smarthome.de webcode.telekom-dienste.de *.doubleclick.net fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com track.adform.net *.google.de *.google.com *.ytimg.com lpcdn.lpsnmedia.net *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com empathy-portal.de *.brodos.com *.facebook.com *.intelliad.de; media-src 'self' fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com track.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com lpcdn.lpsnmedia.net; frame-src 'self' *.rfihub.com t23.intelliad.de *.youtube-nocookie.com *.youtube.com lptag.liveperson.net lpcdn.lpsnmedia.net *.lo.cobrowse.liveperson.net server.lon.liveperson.net email-telekom.de shopsuche.telekom.de *.facebook.com *.facebook.net/; font-src 'self' *.gstatic.com data:; connect-src 'self' wss://gwe-dmz-cc.telekom.de https://gwe-dmz-cc.telekom.de; form-action 'self' shopsuche.telekomshop.de *.facebook.net *.facebook.com 1 default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://cdn.pendo.io https://app.pendo.io https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamlogin.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://app.pendo.io data:; options inline-script eval-script 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.tag4arm.com dev.visualwebsiteoptimizer.com cdn.mouseflow.com vcc-eu2.8x8.com connect.facebook.net app.vacancy-filler.co.uk secure.adnxs.com *.doubleclick.net services.postcodeanywhere.co.uk; default-src 'self' data:; style-src 'self' 'unsafe-inline' hello.myfonts.net tagmanager.google.com fonts.googleapis.com services.postcodeanywhere.co.uk; connect-src 'self' dev.visualwebsiteoptimizer.com www.tag4arm.com services.postcodeanywhere.co.uk; font-src 'self' hello.myfonts.net fonts.gstatic.com fonts.googleapis.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: www.google-analytics.com ssl.gstatic.com www.tag4arm.com centrepointorguk.azureedge.net dev.visualwebsiteoptimizer.com centrepointorguk.blob.core.windows.net www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net http://maps.googleapis.com www.google.com www.google.co.uk vcc-eu2.8x8.com img.youtube.com; frame-src 'self' vcc-eu2.8x8.com *.doubleclick.net www.youtube.com www.google.com connect.facebook.net www.facebook.com services.postcodeanywhere.co.uk staticxx.facebook.com; 1 default-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/; script-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/; style-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/ 1 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:;object-src 'self'; 1 script-src 'self';style-src 'self';img-src 'self' data:;font-src 'self';form-action 'self';frame-ancestors 'self';block-all-mixed-content 1 default-src 'self' https://*.fhstp.ac.at; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.youtube.com https://*.googleapis.com https://*.doubleclick.com https://app.visitlead.com https://cdn.socket.io https://code.jquery.com https://cdnjs.cloudflare.com https://*.twyn.com https://cdn.ravenjs.com https://*.pubble.io https://*.pusher.com https://*.mxpnl.com https://sjs.bizographics.com https://*.linkedin.com https://snap.licdn.com https://*.facebook.com https://*.facebook.net; connect-src 'self' wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://cis.fhstp.ac.at https://www.google-analytics.com https://stats.g.doubleclick.net https://api.visitlead.com https://ws.visitlead.com wss://api.visitlead.com wss://ws.visitlead.com https://rest.visitlead.com https://*.twyn.com https://*.pubble.io https://*.pusher.com wss://*.pusher.com wss://*.pusherapp.com https://*.mxpnl.com https://*.mixpanel.com https://*.facebook.com https://*.facebook.net; img-src 'self' data: http://*.fhstp.ac.at https://*.google-analytics.com https://*.doubleclick.net https://*.google.at https://*.google.com https://*.gstatic.com https://app.visitlead.com https://*.twyn.com https://cdn.twyn-group.com https://*.pubble.io https://s3-eu-west-1.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.linkedin.com; style-src 'self' 'unsafe-inline' https://*.ytimg.com https://*.googleapis.com https://*.google.com https://app.visitlead.com/ https://*.pubble.io; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pubble.io; frame-src 'self' http://edit.fhstp.ac.at https://*.vimeo.com https://*.youtube.com https://*.issuu.com https://*.soundcloud.com https://*.google.com https://cis.fhstp.ac.at https://stream.visitlead.com https://sjs.bizographics.com https://snap.licdn.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://filmspektakel.at/network/constructionsight/docs/cameras/live.php https://www.filmspektakel.at/network/constructionsight/docs/cameras/live.php; media-src 'self' data: https://app.visitlead.com http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4; report-uri https://sentry.fhstp.ac.at/api/2/security/?sentry_key=68e1b679f2224009948042a83a17f871 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yahoo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com *.googlesyndication.com data:; object-src *; style-src 'self' 'unsafe-inline' *.yahoo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com; img-src * data:; media-src *; frame-src *; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://code.jquery.com https://themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com www.theweedtube.com emb.d.tube player.twitch.tv www.twitch.tv; connect-src 'self' smoke.io rpc.smoke.io wss://rpc.smoke.io https://rpc.smoke.io pubrpc.smoke.io; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net assets.mantisadnetwork.com mantodea.mantisadnetwork.com 'sha256-9MdCJGZqoXb6/d816rvLgJt14oUMkZptgCfncCZfl5k=' secure.quantserve.com rules.quantcount.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1 base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com *.olark.com trafmag.utarget.ru *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com; object-src 'none'; img-src 'self' *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'none'; frame-src 'self' https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline'; connect-src 'self' *.gstatic.com https://securepubads.g.doubleclick.net; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1 connect-src 'self' https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1 frame-ancestors http://* 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safebrowsing.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.wijsproject.be *.google-analytics.com *.g.doubleclick.net *.visualwebsiteoptimizer.com *.febelfin-academy.be febelfin-academy.be *.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com *.hotjar.com *.visualwebsiteoptimizer.com snap.licdn.com px.ads.linkedin.com *.linkedin.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com;report-uri /csp/violation/report;connect-src in.hotjar.com *.febelfin-academy.be febelfin-academy.be *.hotjar.com linkedin.com wss://*.hotjar.com;frame-src www.youtube.com *.vimeo.com www.google.com *.moz.com vars.hotjar.com 1 allow * 'self' 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self'; img-src 'self' 'unsafe-inline' data:; connect-src https://dc.services.visualstudio.com 'self' https://*.cubiksconnect.com; frame-src 'self' https://*.vzaar.com:443 https://www.google.com:443; child-src 'self' https://*.vzaar.com:443; style-src 'self' 'unsafe-inline'; script-src https://*.vzaar.com:443 https://*.vo.msecnd.net:443 'self' https://dc.services.visualstudio.com 'unsafe-inline' 'unsafe-eval' https://www.google.com:443 https://www.gstatic.com:443; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com https://apis.google.com https://www.google.com pagead2.googlesyndication.com www.google-analytics.com www.google-analytics.com *.googletagservices.com *.googleadservices.com *.googleapis.com www.google.com ssl.gstatic.com *.doubleclick.net https://securepubads.g.doubleclick.net http://publisherconsole.appspot.com *.gstatic.com https://graph.facebook.com *.facebook.net https://vk.com https://login.vk.com https://cdn.api.twitter.com yandex.st share.yandex.ru https://mc.yandex.ru https://api.flickr.com; object-src 'self' http://www.gstatic.com pagead2.googlesyndication.com http://tpc.googlesyndication.com https://tpc.googlesyndication.com *.cdn.yandex.net; style-src 'self' 'unsafe-inline' ; img-src *; media-src 'self' *.cdn.yandex.net ; frame-src 'self' https://content.googleapis.com https://accounts.google.com googleads.g.doubleclick.net cm.g.doubleclick.net *.googlesyndication.com www.google.com www.youtube.com https://www.youtube.com http://publisherconsole.appspot.com http://tpc.googlesyndication.com https://cm.g.doubleclick.net *.facebook.com https://www.facebook.com https://s-static.ak.facebook.com vk.com login.vk.com; font-src * data:; connect-src 'self' *.gstatic.com www.youtube.com https://mc.yandex.ru mc.yandex.ru *.cdn.yandex.net; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com; 1 frame-ancestors 'self' *.transbank.cl *.portaltransbank.cl 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com:* *.addthisedge.com:* *.googleanalytics.com:* *.google-analytics.com:* *.googleapis.com:* *.googletagmanager.com:* *.google.com:* *.gstatic.com:* *.boroondara.vic.gov.au:* *.newrelic.com:* *.nr-data.net:* *.readspeaker.com:* *.loop11.com:* *.eyesdecide.com:* *.beaglex.com:* *.loggly.com:* siteimproveanalytics.com:* *.betterhealth.vic.gov.au:* *.addtoany.com:*; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com:*; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.addthis.com:* wss://api.beaglex.com:* *.beaglex.com:* *.loggly.com:* *.betterhealth.vic.gov.au:*; report-uri /report-csp-violation 1 : default-src 'self' *.googleapis.com *.googletagmanager.com 1 default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; font-src 'self'; frame-ancestors 'none' 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com web-start.org ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://*.wp.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com/analytics.js https://*.ampproject.org https://cdnjs.cloudflare.com https://ajax.googleapis.com www.google-analytics.com https://*.addthis.com https://*.facebook.com https://*.twitter.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.bootstrapcdn.com https://*.wp.com https://*.gravatar.com; style-src 'self' https://secure.gravatar.com https://*.wp.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.gravatar.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.doubleclick.net https://secure.gravatar.com www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.wp.com https://pixel.wp.com; frame-src 'self' www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://secure.gravatar.com https://*.wp.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.scanalert.com *.mcafeesecure.com *.emsinet.com *.emsiqa.com *.emsiuat.com *.emsinet-test.com 1 default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline'; img-src 'self' scontent.cdninstagram.com scontent.xx.fbcdn.net www.facebook.com syndication.twitter.com www.google-analytics.com i.ytimg.com https://external.xx.fbcdn.net data: https://chart.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com *.juicer.io; frame-src 'self' *; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 frame-ancestors 'self' piwik.currence.nl; 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https: http://img.en25.com/; connect-src https: wss: 1 default-src * 'self' 'unsafe-inline' 'unsafe-eval'; 1 frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 1 default-src 'self' *.fg.cz localhost localhost-promo;font-src 'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.fg.cz localhost-promo *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.fg.cz localhost-promo analytics.monkeytracker.cz https://connect.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com;form-action 'self' *.fg.cz localhost localhost-promo;frame-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz localhost localhost-promo *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com;child-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz localhost localhost-promo *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com;frame-ancestors 'self' *.fg.cz localhost localhost-promo;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.fg.cz localhost localhost-promo analytics.monkeytracker.cz *.doubleclick.net *.google.com *.facebook.com *.bileto.com *.google.cz *.zopim.com *.instagram.com *.cdninstagram.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.fg.cz localhost localhost-promo;object-src 'self' *.fg.cz localhost localhost-promo 1 default-src https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de; options inline-script 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com www.youtube.com s.ytimg.com; object-src 'self'; media-src 'self' *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.google-analytics.com *.twitter.com *.twimg.com *.youtube.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data:; 1 allow 'self'; img-src * ; script-src www.gstatic.com 'self' ajax.googleapis.com www.google.com browser-update.org ; font-src 'self' application ; style-src fonts.googleapis.com 'self' netdna.bootstrapcdn.com ; 1 default-src 'self' https://www.google-analytics.com 'unsafe-inline' cloud.typography.com www.youtube.com www.google.com www.gstatic.com cdnjs.cloudflare.com; script-src 'self' https://www.google-analytics.com 'unsafe-inline' cloud.typography.com www.youtube.com www.google.com www.gstatic.com cdnjs.cloudflare.com cdn.rawgit.com; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net data: cdn.rawgit.com raw.githubusercontent.com; font-src 'self' data:; report-uri /report-csp-violation 1 default-src 'self' ;options inline-script eval-script;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org; 1 default-src https: 'self'; block-all-mixed-content; connect-src https: 'self' syndication.twitter.com www.facebook.com; frame-src * www.facebook.com; img-src https: data: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com connect.facebook.net platform.twitter.com maps.googleapis.com; style-src https: 'self' 'unsafe-inline' 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri https://identity.mtech.fi/Core/v1/csp/report 1 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://ssl.google-analytics.com https://ajax.googleapis.com; style-src 'unsafe-inline' 'self'; reflected-xss filter 1 default-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.msecnd.net https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://s3.amazonaws.com https://script.crazyegg.com https://code.jquery.com https://samsungportal.dev.khws.co.uk; style-src 'self' data: 'unsafe-inline' ; img-src * data: ; font-src * 'self' data: ; connect-src 'self' https://dc.services.visualstudio.com; child-src 'self' www.google.com sdn.sitecore.net *.vimeo.com www.youtube.com samsungtvapps.co.uk; frame-ancestors 'self' ; report-uri https://3chillies.report-uri.io/r/default/csp/reportonly; 1 default-src 'self'; script-src 'self' https://auth.redburntoday.com/ https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com; img-src *; font-src 'self' data:; report-uri https://auth.redburntoday.com/csp/report 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com yourconnectivity.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri http://thqom.com/identity/csp/report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://insights.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu; report-uri /report-csp-violation 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 default-src https: 1 frame-ancestors 'self' *.trade.com 1 base-uri 'self' *.google.com; child-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; frame-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; connect-src 'self' wss://*.hotjar.com *.feefo.com *.hotjar.com *.investis.com *.twimg.com *.twitter.com *.doubleclick.net *.google-analytics.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: *; script-src 'self' gap: *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.investis.com *.surveymonkey.com *.twimg.com *.twitter.com unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.google.com *.gstatic.com *.twitter.com *.twimg.com 'unsafe-inline'; frame-ancestors 'self' *.doubleclick.net *.googletagmanager.com *.hotjar.com *.surveymonkey.com https://vars.hotjar.com *.noblehosted.com theparagongroup.sharepoint.com; referrer no-referrer; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=m56Ts2gmx41W7BgdqzLBQ4oqBS%2bNcO4JKXT2aQXu2X9rCEmt99shSuObGjcEczrKaAzdIVXLSnav9K4Hed%2bcz1Clhf8sUoZc%2fitAbVbpVNcmdYV%2ftSq4hzLH6BAlxw6l; report-to /SecurityUtils/rest/Report/ReportViolations?Params=m56Ts2gmx41W7BgdqzLBQ4oqBS%2bNcO4JKXT2aQXu2X9rCEmt99shSuObGjcEczrKaAzdIVXLSnav9K4Hed%2bcz1Clhf8sUoZc%2fitAbVbpVNcmdYV%2ftSq4hzLH6BAlxw6l; 1 frame-ancestors 'self' *.theatrebreaksonline.com theatrebreaksonline.com *.theatrebreaksonline.co.uk theatrebreaksonline.co.uk *.londoncitytheatre.com londoncitytheatre.com *.londoncitytheatre.co.uk londoncitytheatre.co.uk *.shortbreakvouchers.co.uk shortbreakvouchers.co.uk connoisseur-travel.co.uk *.connoisseur-travel.co.uk; 1 default-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.youtube.com https://stats.opportunity.de http://stats.opportunity.de https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'; connect-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' https://stats.opportunity.de https://maps.googleapis.com https://csi.gstatic.com https://maps.google.com https://maps.gstatic.com data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.google.com https://www.gstatic.com; 1 frame-ancestors https://*.telemotive.de https://www.absolventa.de https://absolventa.de 1 frame-ancestors 'self' ah4r.crm.dynamics.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 1 default-src 'none';script-src 'self' http://jquery.com; style-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://translate.google.com/translate_a/ 'unsafe-eval' https://translate.googleapis.com/translate_static/js/ https://translate.googleapis.com/translate_static/js/element/ https://translate.googleapis.com/translate_a/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://static.getclicky.com https://in.getclicky.com https://*.google.com http://*.google.com https://www.eventbrite.com.au https://form.jotform.co; style-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://*.google.com http://*.google.com ; img-src 'self' https://www.google-analytics.com/ https://www.gstatic.com/images/ https://www.google.com/images/ https://translate.googleapis.com/translate_static/ https://bbox.blackbaudhosting.com/webforms/images/ data: https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://*.google.com http://*.google.com https://ssl.gstatic.com; frame-src 'self' https://bbox.blackbaudhosting.com/webforms/custom/mongo/scripts/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://w.soundcloud.com/player/ https://user-e3mlril.cld.bz https://www.googletagmanager.com https://www.eventbrite.com.au; font-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ data: https://fonts.gstatic.com/s/opensans/v13/; connect-src 'self' https://svc.webspellchecker.net/spellcheck31/script/ https://translate.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1 img-src 'self' https://www.googleapis.com www.googleapis.com https://*.gstatic.com *.gstatic.com https://www.google-analytics.com www.google-analytics.com https://maps.googleapis.com maps.googleapis.com https://khms0.googleapis.com khms0.googleapis.com https://khms1.googleapis.com khms1.googleapis.com https://p.travelsmarter.net p.travelsmarter.net https://www.tripadvisor.co.uk www.tripadvisor.co.uk blob: data:; script-src 'self' https://unpkg.com unpkg.com https://www.youtube.com www.youtube.com https://www.google-analytics.com www.google-analytics.com https://www.googleapis.com www.googleapis.com https://maps.googleapis.com maps.googleapis.com https://platform.twitter.com platform.twitter.com https://www.googletagmanager.com www.googletagmanager.com https://tagmanager.google.com tagmanager.google.com https://www.peoplescollection.wales www.peoplescollection.wales https://www.casgliadywerin.cymru www.casgliadywerin.cymru https://ajax.googleapis.com ajax.googleapis.com https://static.tacdn.com static.tacdn.com https://www.tripadvisor.com www.tripadvisor.com 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *; font-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com esurf.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1 allow 'self' *.sekeha.com *.enamad.ir *.shaparak.ir; options inline-script eval-script; img-src *; script-src 'self' *.sekeha.com *.google-analytics.com *.doubleclick.net; style-src 'self' *.sekeha.com; frame-ancestors none; 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; 1 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval' 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; report-uri 'https://hrbrmstr.report-uri.com/r/d/csp/reportOnly'; 1 img-src 'self' data: http://feather.aviary.com/ http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ http://www.algomi.com/ http://1.tl813.com/ http://maps.googleapis.com http://www.algomi.com.php56-25.ord1-1.websitetestlink.com/ http://m.algomi.com/ http://eu8.heatmap.it http://algomi.com/ https://tracking.leadlander.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://feather.aviary.com/ https://dme0ih8comzn4.cloudfront.net/js/feather.js https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://api.carehome.co.uk http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js http://code.jquery.com/jquery-1.11.3.min.js https://code.jquery.com/jquery-2.2.0.min.js https://postcodes.io/postcodes/ https://code.jquery.com/ui/1.12.1/jquery-ui.js https://code.jquery.com/ui/1.12.1/jquery-ui.js http://u.heatmap.it/ http://www.algomi.com/ http://www.efvrgb12.com/ http://t.sf14g.com/ http://code.jquery.com/ http://1.tl813.com/ http://s7.addthis.com/ http://m.addthis.com/ http://m.addthisedge.com/ http://graph.facebook.com/ http://www.linkedin.com/ https://formalyzer.com/ https://snap.licdn.com https://px.ads.linkedin.com/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://api.carehome.co.uk/assets/css/widget.css https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css http://feather.aviary.com/ http://www.algomi.com/ https://f.vimeocdn.com/ http://cloud.typography.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://www.algomi.com/; connect-src 'self' http://cd.aviary.com/ https://api-ag.aviary.com/ https://feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com/ http://featherservices.aviary.com/ http://www.algomi.com/ http://m.addthis.com https://login.cmadvantage.co.uk; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://www.algomi.com/; media-src 'self'; object-src 'self'; frame-ancestors none 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.meine-weinwelt.de s3.eu-central-1.amazonaws.com weinwelt.cdn-aldi-sued.de stage-statistics.aldi-international.com statistics.aldi-international.com tracking.aldi-international.com stage-tracking.aldi-international.com videos.cdn-aldi-sued.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.meine-weinwelt.de weinwelt.cdn-aldi-sued.de www.youtube-nocookie.com walls.io stage-statistics.aldi-international.com statistics.aldi-international.com tracking.aldi-international.com stage-tracking.aldi-international.com; frame-src 'self' *.meine-weinwelt.de weinwelt.cdn-aldi-sued.de www.youtube.com www.youtube-nocookie.com walls.io videos.cdn-aldi-sued.de stage-statistics.aldi-international.com statistics.aldi-international.com; frame-ancestors 'self' *.meine-weinwelt.de weinwelt.cdn-aldi-sued.de statistics.aldi-international.com stage-statistics.aldi-international.com www.youtube-nocookie.com https://walls.io; 1 default-src https://infocon.org; https://www.infocon.org 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.cmog.org *.google-analytics.com *.hotjar.com *.adroll.com *.googleapis.com *.newrelic.com *.jquery.com *.nr-data.net *.google.com *.gstatic.com *.authorize.net *.facebook.net data:; object-src 'self' *; style-src 'self' 'unsafe-inline' *.cmog.org; img-src 'self' * data: blob:; media-src 'self' *.youtube.com *.youtu.be; frame-src *.cmog.org *.hotjar.com *.youtube.com *.google.com *.vimeo.com; frame-ancestors 'self' *.cmog.org *.hotjar.com; child-src *.cmog.org *.youtube.com *.hotjar.com; font-src *.cmog.org data: 'self' https://cdn.joinhoney.com https://fonts.gstatic.com; connect-src *.cmog.org https://*.hotjar.com wss://*.hotjar.com *.google-analytics.com *.optimalworkshop.com *.g.doubleclick.net *.facebook.net *.authorize.net; report-uri /report-csp-violation 1 default-src 'self';font-src 'self' fonts.gstatic.com;connect-src 'self' analytics.monkeytracker.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz www.google.com;form-action 'self';frame-src 'self' www.youtube.com https://www.google.com/ www.google.com;child-src 'self' www.youtube.com https://www.google.com/ www.google.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net blob: *.gst;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz;object-src 'self' 1 default-src 'self' *.google.com google.com *.jquery.com jquery.com *.twitter.com twitter.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleadservices.com googleadservices.com *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.optimizely.com optimizely.com *.googleapis.com googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com facebook.com *.highcharts.com highcharts.com *.bing.com bing.com gstatic.com *.gstatic.com *.doubleclick.net doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com google.com *.jquery.com jquery.com *.twitter.com twitter.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleadservices.com googleadservices.com *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.optimizely.com optimizely.com *.googleapis.com googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com facebook.com *.highcharts.com highcharts.com *.bing.com bing.com gstatic.com *.gstatic.com *.doubleclick.net doubleclick.net; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; child-src *.youtube.com youtube.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.youtube.com youtube.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* 1 default-src 'self'; connect-src 'self' https://www.google-analytics.com www.google-analytics.com *.salemove.eu *.salemove.com wss://*.salemove.eu https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://identity.mypfp.co.uk *.intelliflo.com https://player.vimeo.com *.docusign.net *.yodlee.com https://www.google.com/recaptcha/; img-src 'self' *.amazonaws.com data: *.intelliflo.com https://mypfp.co.uk *.salemove.eu https://libs.salemove.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://libs.salemove.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intelliflo.com *.salemove.eu *.salemove.com *.google-analytics.com https://www.gstatic.com https://www.google.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.salemove.com https://fonts.googleapis.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://www.googletagmanager.com http://www.google-analytics.com https://maps.googleapis.com https://www.images-home.com 1 block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://*.twimg.com https://bolenum.com https://*.bolenum.com;connect-src 'self' https://bolenum.com https://*.bolenum.com wss://bolenum.com wss://*.bolenum.com; img-src 'self' data: https://ssl.google-analytics.com https://s-static.ak.facebook.com https://*.twitter.com https://*.twimg.com https://bolenum.com https://*.bolenum.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' https://*.facebook.com https://*.twitter.com https://*.twimg.com; object-src 'none'; base-uri 'self' 1 default-src * data: 'unsafe-inline' 'unsafe-eval'; media-src * blob:; 1 default-src 'self' googleads.g.doubleclick.net https://pik.lapetition.be; script-src 'self' 'unsafe-inline' https://pik.lapetition.be data: pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com adservice.google.be adservice.google.com; img-src 'self' https://pik.lapetition.be data: storage.googleapis.com pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline';font-src 'self' fonts.googleapis.com;frame-ancestors 'self';object-src 'self';child-src googleads.g.doubleclick.net; 1 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.facebook.net *.facebook.com be.makitamedia.com *.google.com *.gstatic.com *.googleapis.com https://*.icmsmakita.eu *.makita.be *.google-analytics.com 1 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src *;connect-src * blob:;media-src * blob:;worker-src * blob:; 1 default-src 'self'; script-src 'self' yastatic.net cdn.socket.io iplayer.org main.yayoye.com.ua 'unsafe-eval' 'unsafe-inline' *.pix-cdn.org yandex.st www.gstatic.com ad.iplayer.org:3000 pagead2.googlesyndication.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; object-src *; style-src 'self' iplayer.org *.pix-cdn.org 'unsafe-inline'; img-src 'self' * data: *.pix-cdn.org www.liveinternet.ru pagead2.googlesyndication.com counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com main.yayoye.com.ua gamegame.2974600.pix-cdn.org; media-src 'self'; frame-src 'self' googleads.g.doubleclick.net *; font-src 'self'; connect-src 'self' iplayer.org api.iplayer.org mc.yandex.ru; report-uri https://caspr.io/endpoint/66066cdcb23dc03b223f90743a46265c96c10554feec61cf620e5a2768bc4a6f 1 policy-uri /'none' 1 default-src *; script-src 'self' 'unsafe-inline' 'sha256-X2Yk8vvCm34SEzMXwV0XmujT+YvxHaGo+bLxb9Zj1Pw=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1 policy-uri /* 1 allow ‘self’; frame-ancestors ‘self’ 1 ALLOW-FROM http://pictor.kz 1 img-src 'self' http://limelightgaming.net http://*.limelightgaming.net https://intern.limelightgaming.net http://discordapp.com https://discordapp.com http://*.discordapp.com https://*.discordapp.com https://steamuserimages-a.akamaihd.net https://ts3index.com http://prnt.sc http://*.prnt.sc prnt.sc *.prnt.sc http://prntscr.com http://*.prntscr.com prntscr.com http://dl.dropboxusercontent.com http://*.dl.dropboxusercontent.com dl.dropboxusercontent.com http://vgy.me http://*.vgy.me vgy.me *.vgy.me http://puu.sh http://*.puu.sh puu.sh *.puu.sh http://photobucket.com http://*.photobucket.com photobucket.com *.photobucket.com http://pinimg.com http://*.pinimg.com pinimg.com *.pinimg.com http://dropboxusercontent.com http://*.dropboxusercontent.com dropboxusercontent.com *.dropboxusercontent.com http://steamstatic.com http://*.steamstatic.com steamstatic.com *.steamstatic.com http://tinypic.com http://*.tinypic.com tinypic.com *.tinypic.com http://gravatar.com http://*.gravatar.com gravatar.com *.gravatar.com http://tumblr http://*.tumblr tumblr.com *.tumblr.com http://screenshot.net http://*.screenshot.net screenshot.net *.screenshot.net http://auplod.com http://*.auplod.com auplod.com *.auplod.com http://dropbox.com http://*.dropbox.com dropbox.com *.dropbox.com http://dropboxstatic.com http://*.dropboxstatic.com dropboxstatic.com *.dropboxstatic.com http://cloudflare.com http://*.cloudflare.com cloudflare.com *.cloudflare.com http://imgur.com http://*.imgur.com imgur.com *.imgur.com http://steampowered.com http://*.steampowered.com steampowered.com *.steampowered.com https://steamcommunity.com https://*.steamcommunity.com http://steamcommunity.com http://*.steamcommunity.com steamcommunity.com *.steamcommunity.com http://giphy.com http://*.giphy.com giphy.com *.giphy.com http://wikimedia.org http://*.wikimedia.org wikimedia.org *.wikimedia.org http://steamusercontent.com http://*.steamusercontent.com steamusercontent.com *.steamusercontent.com http://gametracker.com http://*.gametracker.com gametracker.com *.gametracker.com http://ggpht.com http://*.ggpht.com ggpht.com *.ggpht.com http://iconarchive.com http://*.iconarchive.com iconarchive.com *.iconarchive.com https://gyazo.com https://*.gyazo.com http://gyazo.com http://*.gyazo.com gyazo.com *.gyazo.com http://speedtest.net http://*.speedtest.net speedtest.net *.speedtest.net https://www.google-analytics.com; 1 frame-ancestors 'self' *.sscwp.org 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri https://tneducation.net/core/csp/report 1 default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-src 'self'; img-src 'self' data: https://ps.w.org https://s.w.org https://secure.gravatar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1 default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com http://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 1 frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1 child-src *.addthis.com *.youtube-nocookie.com masteradmin2.es-shops.de https://content.copmedia.de *.also.com http://files.electronicsales.de *.hotjar.com www.google.com https://3dsecure-cardprocess.de *.webtrends.com *.sparkassen-kreditkarten.de *.saferpay.com *.webtrendslive.com http://*.also.com 'self' 'unsafe-inline' *.youtube.com *.skrill.com *.facebook.net *.commerzfinanz.com; connect-src https://graylog.hotjar.com:12443 *.addthis.com *.hotjar.com wss://*.hotjar.com *.pingdom.net *.google-analytics.com 'self' *.trustedshops.com; default-src 'self' 'unsafe-inline'; font-src fonts.gstatic.com data: *.cnetcontent.com *.trustedshops.com 'self'; form-action *.sofort.com https://www.sofortueberweisung.de *.skrill.com https://www.paypal.com http://pay.skrill.com https://www.minervafinance.de 'self'; img-src img.idealo.com http://*.commercesolution.de http://cdn.cnetcontent.com actebis-images.com *.gzhls.at images.ep-es.com *.trustedshops.com *.electronicsales.de img.billiger.de *.youtube.com medien.shopwelt.de *.cnetcontent.com *.youtube-nocookie.com http://content.copmedia.de *.webtrendslive.com *.copmedia.de https://gzhls.at *.webtrends.com *.pingdom.net *.geizkragen.de *.gstatic.com http://*.electronicsales.de http://*.es-shops.de *.windows.net *.actebis-images.com 'self' data: 'unsafe-inline' *.google-analytics.com *.facebook.com stats.g.doubleclick.net; media-src 'self'; script-src *.saferpay.com https://code.highcharts.com *.cnetcontent.com *.hotjar.com *.googleadservices.com tagmanager.google.com *.webtrends.com *.sparkassen-kreditkarten.de *.addthis.com *.webtrendslive.com https://code.jquery.com https://cdnjs.cloudflare.com *.addthisedge.com https://maxcdn.bootstrapcdn.com rum-static.pingdom.net 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.trustedshops.com *.skrill.com *.facebook.net *.commerzfinanz.com; style-src tagmanager.google.com *.cnetcontent.com *.googleapis.com 'self' 'unsafe-inline' *.trustedshops.com 1 frame-ancestors *.scaledrone.com 1 frame-ancestors 'self' https://samtykke.skat.dk https://samtykke.demo.skat.dk 1 connect-src https://*.credimejora.com 'self' 'unsafe-inline' 'unsafe-eval' https://api-iam.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://api.hubspot.com;default-src https://*.credimejora.com 'self' 'unsafe-inline' 'unsafe-eval';font-src https://*.credimejora.com 'self' https://*.intercomcdn.com;frame-src 'self' https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://app.hubspot.com/;img-src https://*.credimejora.com 'self' data: https://s3.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.mx https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://*.visualwebsiteoptimizer.com https://*.facebook.com https://*.intercomcdn.com https://*.intercomassets.com https://*.googletagmanager.com https://js.hs-scripts.com https://js.hs-analytics.net/ https://api.usemessages.com/ https://track.hubspot.com/;media-src https://*.credimejora.com 'self' https://s3.amazonaws.com https://*.intercomcdn.com;object-src https://*.credimejora.com;script-src https://*.credimejora.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://notify.bugsnag.com/ https://connect.facebook.net https://*.facebook.com https://www.google.com https://www.google.com.mx https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://stats.g.doubleclick.net https://csi.gstatic.com/ https://www.google-analytics.com https://ajax.googleapis.com https://maps.google.com https://www.googletagmanager.com https://*.hotjar.com wss://*.hotjar.com https://ssl.mousestats.com https://www.mousestats.com https://widget.intercom.io https://api-ping.intercom.io https://api-iam.intercom.io https://js.intercomcdn.com https://static.intercomassets.com https://*.vwo.com https://*.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hs-analytics.net/ https://api.usemessages.com/ https://track.hubspot.com/ https://js.usemessages.com/;style-src https://*.credimejora.com 'self' 'unsafe-inline'; 1 default-src 'self' player.vimeo.com app.validic.com 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: dck0i7x64ch95.cloudfront.net app.validic.com www.edamam.com nyexercisedb.blob.core.windows.net content.motivationalliance.com; media-src 'self' content.motivationalliance.com; 1 default-src 'self'; child-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru mc.yandex.ru accounts.google.com content.googleapis.com; connect-src 'self' wss://seolib.ru:8018 mc.webvisor.org mc.webvisor.com https://*.jivosite.com ws://*.jivosite.com; font-src 'self' data: updates.seolib.ru seolib.ru fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru accounts.google.com content.googleapis.com; img-src 'self' data: favicon.yandex.net www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.webvisor.org ssl.gstatic.com www.gstatic.com www.google.com www.google.com.ua www.google.ru mc.yandex.ru reformal.ru media.reformal.ru http://traffic.alexa.com; media-src https://*.jivosite.com ws://*.jivosite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' updates.seolib.ru seolib.ru media.reformal.ru www.google-analytics.com www.googletagmanager.com tagmanager.google.com stats.g.doubleclick.net mc.webvisor.org d31j93rd8oukbv.cloudfront.net mc.yandex.ru www.google.com www.google.com.ua www.google.ru apis.google.com https://apis.google.com www.gstatic.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net https://*.jivosite.com ws://*.jivosite.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com seolib.ru www.google.com ajax.googleapis.com use.fontawesome.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net https://*.jivosite.com ws://*.jivosite.com; report-uri /csp/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net https://*.vimeo.com https://*.googletagmanager.com https://*.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.podbean.com https://*.pantheonsite.io https://*.thinglink.me https://*.thinglink.com https://*.github.com https://*.github.io https://*.googleapis.com https://*.gstatic.com https://*.youtube.com https://www.google.com https://d3js.org https://twitter.com/ https://*.twitter.com https://*.twimg.com data:; 1 default-src https://teracomse-test.teracom.se:443 1 default-src 'self' *.kak-sdelat-samoj.ru kak-sdelat-samoj.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kak-sdelat-samoj.ru kak-sdelat-samoj.ru *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.yandex.st *.yandex.ru *.yandex.ua *.yandex.net yandex.net yandex.st yandex.ru yandex.ua *.yastatic.net yastatic.net *.doubleclick.net *.google-analytics.com https://*.yandex.ru https://yandex.ru https://*.yastatic.net https://yastatic.net https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://gstatic.com https://*.googlesyndication.com; frame-src 'self' *.kak-sdelat-samoj.ru kak-sdelat-samoj.ru *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.yandex.st *.yandex.ru *.yandex.ua *.yandex.net yandex.net yandex.st yandex.ru yandex.ua *.yastatic.net yastatic.net *.doubleclick.net youtube.ru youtube.com *.youtube.ru *.youtube.com https://*.yandex.ru https://yandex.ru https://*.yastatic.net https://yastatic.net https://youtube.ru vk.com *.vk.com instagram.com *.instagram.com https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com; connect-src 'self' *.kak-sdelat-samoj.ru kak-sdelat-samoj.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.kak-sdelat-samoj.ru kak-sdelat-samoj.ru *.googleapis.com *.gstatic.com *.yandex.st *.yandex.ru *.yandex.ua *.yandex.net yandex.net yandex.st yandex.ru yandex.ua *.yastatic.net yastatic.net https://*.yandex.ru https://yandex.ru https://*.yastatic.net https://yastatic.net https://*.googleapis.com https://*.gstatic.com data:; font-src 'self' *.kak-sdelat-samoj.ru kak-sdelat-samoj.ru *.googleapis.com *.gstatic.com *.yandex.st *.yandex.ru *.yandex.ua *.yandex.net yandex.net yandex.st yandex.ru yandex.ua *.yastatic.net yastatic.net https://*.yandex.ru https://yandex.ru https://*.yastatic.net https://yastatic.net https://*.googleapis.com https://*.gstatic.com data:; img-src 'self' *.kak-sdelat-samoj.ru kak-sdelat-samoj.ru www.liveinternet.ru counter.yadro.ru *.googlesyndication.com *.doubleclick.net *.googleapis.com *.gstatic.com *.yandex.st *.yandex.ru *.yandex.ua *.yandex.net yandex.net yandex.st yandex.ru yandex.ua *.yastatic.net yastatic.net https://*.yandex.ru https://yandex.ru https://*.yastatic.net https://yastatic.net https://*.googlesyndication.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com data:; object-src 'self' *.gstatic.com https://*.gstatic.com 1 upgrade-insecure-requests; default-src 'self'; connect-src www.google-analytics.com https://o2.mouseflow.com cdn.mouseflow.com https://public-auth-dot-lucky-orange.appspot-preview.com stats.g.doubleclick.net https://pubsub.googleapis.com t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.tiles.virtualearth.net t1.ssl.ak.tiles.virtualearth.net t2.ssl.ak.tiles.virtualearth.net t3.ssl.ak.tiles.virtualearth.net api.luckyorange.com https://settings.luckyorange.net 'self' wss://in.visitors.live wss://visitors.live; font-src 'self' data: fonts.gstatic.com https://s3.amazonaws.com; frame-src 'self' mozbar.moz.com youtube.com www.youtube.com 6864908.fls.doubleclick.net; img-src www.google.co.in www.google.co.nz www.google.co.il www.google.com.ph www.google.kz www.google.be www.google.dk www.google.com.vn www.google.se www.google.fr www.google.hu www.google.co.in www.google.se www.google.nl www.google.ie www.google.de www.google.com.au www.google.com.pe www.google.ro www.google.ru www.google.com.sg www.google.co.th www.google.lk www.google.com.ng lh3.ggpht.com cbk0.googleapis.com www.bing.com khm0.googleapis.com khm1.googleapis.com t0.ssl.ak.tiles.virtualearth.net t1.ssl.ak.tiles.virtualearth.net t2.ssl.ak.tiles.virtualearth.net t3.ssl.ak.tiles.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net csi.gstatic.com maps.google.com maps.googleapis.com maps.gstatic.com data: google.com www.google.com www.google.co.uk stats.g.doubleclick.net https://d10lpsik1i8c69.cloudfront.net https://www.google-analytics.com 'self' www.google-analytics.com; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; script-src 'unsafe-inline' 'unsafe-eval' data: https://bat.bing.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://djtflbt20bdde.cloudfront.net https://cdn.segment.com ajax.googleapis.com ajax.cloudflare.com https://ajax.cloudflare.com about dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.bing.com maps.googleapis.com maps.google.com static-ssl.responsetap.com metrics.responsetap.com cdn.mouseflow.com https://cdn.mouseflow.com https://d10lpsik1i8c69.cloudfront.net https://secure.leadforensics.com https://www.google-analytics.com inline: 'self' static-cdn.responsetap.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com; style-src www.bing.com fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net inline: 'self' 'unsafe-inline'; child-src blob:; report-uri https://craftedcsp.report-uri.com/r/d/csp/enforce 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost wss://wsc.pozzito.com wss://paldesk.io https://googleads.g.doubleclick.net; 1 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-scripts.com *.addthis.com *.addthisedge.com *.linkedin.com *.pinterest.com *.facebook.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.gstatic.com *.google.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.usemessages.com *.hsleadflows.net *.googleadservices.com *.sumome.com *.doubleclick.net *.facebook.net *.b-cdn.net *.youtube.com *.ytimg.com *.kxcdn.com *.hubspot.com *.hsforms.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.kxcdn.com *.b-cdn.net *.google.com; img-src 'self' *.hubspot.com *.acquia-sites.com data: *.ckeditor.com *.webspellchecker.net sumo.com *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hubspot.net *.ytimg.com *.gstatic.com *.googleapis.com *.facebook.com *.google.co.za *.google.it *.google.co.uk *.google.co.id *.google.de *.google.pl *.google.fr *.google.ru *.google.cn *.google.es *.google.com.br *.google.co.nz *.google.com.pr *.google.hr *.google.com.pa *.google.at *.google.ca *.google.gr *.google.com.au *.google.com.hk *.google.com.ph *.google.com.tr *.google.fi *.google.co.jp *.google.com.kh *.google.com.my *.google.co.ke *.google.se *.google.co.il *.google.com.sg *.google.co.th *.google.co.in *.google.ae *.google.co.kr *.google.lk *.googletagmanager.com *.google.com.do *.google.bg *.google.rs *.google.hu *.google.pt *.google.ro *.google.com.co *.google.ch *.google.com.mx *.google.lv *.google.com.vn *.google.no; frame-src 'self' *.google.com *.addthis.com *.youtube.com *.vrcloud.co vrcloud.co *.vrcloud.com vrcloud.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.facebook.net *.hubspot.com; font-src 'self' *.gstatic.com *.addthis.com; connect-src 'self' *.addthis.com *.webspellchecker.net sumo.com *.hubspot.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk; report-uri /admin/config/system/seckit/csp-report 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' *.heatmap.it *.bing.com *.crisp.chat *.googletagmanager.com *.facebook.net *.twitter.com apis.google.com *.cloudflare.com *.jotformpro.com *.jotform.com *.jotfor.ms cdn.jsdelivr.net *.jotformeu.com *.tawk.to customerportal.opencrm.co.uk *.intercom.io *.google.com *.gstatic.com bat.bing.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval';child-src 'self' *.facebook.net *.twitter.com apis.google.com *.cloudflare.com *.jotformpro.com *.jotform.com *.jotfor.ms cdn.jsdelivr.net *.jotformeu.com *.tawk.to *.google.com *.gstatic.com bat.bing.com *.googletagmanager.com https:; frame-ancestors 'self' *;connect-src wss: 'self' *.crisp.chat *.tawk.to; font-src https: data: *.crisp.chat *.opencrm.co.uk *.gstatic.com *.tawk.to *.google.com *.gstatic.com bat.bing.com *.googletagmanager.com; 1 frame-ancestors 'self' shankswakefieldepermits.co.uk renewiwakefieldpermits.co.uk 1 default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netaachen.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de com https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://cdn.m-pathy.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.leadlab.click https://netcologne.lamapoll.de https://r.df-srv.de; 1 default-src 'none'; frame-src 'self' https://www.youtube.com http://www.youtube.com https://bid.g.doubleclick.net https://*.hotjar.com/ awaps.yandex.ru googleads.g.doubleclick.net www.google.com; img-src 'self' http://www.streamtest.net/ https://www.google.com https://www.facebook.com bat.bing.com bat.r.msn.com http://yapi.zoomsupport.com https://yapi.zoomsupport.com https://*.pckeeper.com http://*.pckeeper.com https://www.google-analytics.com www.google-analytics.com https://mc.yandex.ru mc.yandex.ru trk.cetrk.com https://*.doubleclick.net *.doubleclick.net *.flowplayer.org https://seal.websecurity.norton.com; script-src 'self' 'unsafe-eval' https://webcdn.streamtest.net http://sp.analytics.yahoo.com/ https://sp.analytics.yahoo.com https://cdn.jsdelivr.net https://connect.facebook.net https://*.yimg.com bat.bing.com *.hotjar.com http://yapi.zoomsupport.com https://yapi.zoomsupport.com https://*.pckeeper.com *.pckeeper.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.googleadservices.com www.googleadservices.com https://*.googleapis.com *.googleapis.com https://mc.yandex.ru mc.yandex.ru trk.cetrk.com https://dnn506yrbagrg.cloudfront.net dnn506yrbagrg.cloudfront.net https://*.newrelic.com *.newrelic.com https://s3.amazonaws.com s3.amazonaws.com https://seal.websecurity.norton.com; style-src 'self' 'unsafe-inline' https://webcdn.streamtest.net https://fonts.googleapis.com fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com *.flowplayer.org; font-src 'self' https://fonts.googleapis.com fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com; connect-src 'self' http://graylog.hotjar.com:12080 ws://*.hotjar.com http://crm.pckeeper.com http://chat-crm.pckeeper.com/ wss://*.hotjar.com *.hotjar.com https://pwgateway.com pwgateway.com https://mc.yandex.ru mc.yandex.ru https://api.paymentwall.com api.paymentwall.com; media-src ; object-src *.flowplayer.org; report-uri /index/csp-report?type=refused; 1 frame-ancestors http://cdn.clearguardgrab.com/ 1 script-src 'self' 'unsafe-inline' https://connect.facebook.net http://connect.facebook.net https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://js.adsrvr.org https://www.googleadservices.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com http://*.googleapis.com https://stackpath.bootstrapcdn.com http://stackpath.bootstrapcdn.com; img-src 'self' data: https://*.facebook.com https://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com http://*.gstatic.com https://stats.g.doubleclick.net https://translate.google.com; media-src 'self'; frame-src 'self' https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://*.youtube.com https://insight.adsrvr.org; frame-ancestors 'self'; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jotfor.ms *.jotform.com *.jotform.io *.jotformpro.com *.multiview.com *.paypal.com *.paypalobjects.com *.texmed.org *.twimg.com *.twitter.com *.unitednetworksofamerica.com *.yahooapis.com *.zkcdn.net code.jquery.com https://t.co; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' insights.hotjar.com 1 default-src 'self' data: mc.yandex.ru platform.twitter.com staticxx.facebook.com secure.livechatinc.com www.facebook.com staticxx.facebook.com www.youtube-nocookie.com web.facebook.com syndication.twitter.com i.ytimg.com; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com cdn.livechatinc.com cdnjs.cloudflare.com connect.facebook.net www.youtube.com s.ytimg.com www.google-analytics.com mc.yandex.ru platform.twitter.com secure.livechatinc.com cdn.livechatinc.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' s.ytimg.com; img-src * data:; media-src 'self' data:; frame-src 'self' accounts.google.com www.facebook.com www.livechatinc.com secure.livechatinc.com platform.twitter.com staticxx.facebook.com syndication.twitter.com www.youtube-nocookie.com www.youtube.com; font-src *; connect-src 'self' data: syndication.twitter.com www.youtube-nocookie.com secure.livechatinc.com https://mc.yandex.ru https://checkin.purechat.com/api/checkin *.purechat.com *.amazonaws.com 1 base-uri 'https://*.pchome.co.th'; 1 default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com https://mc.yandex.ru/metrika/watch.js https://mc.yandex.ru/metrika/watch.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com wam.solution.weborama.fr cstatic.weborama.fr www.nescafe.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ https://l3.evidon.com/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com mc.yandex.ru; report-uri /ru/report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.twitter.com; script-src 'self' 'unsafe-inline' *.googleapis.com:* *.google.com *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com:* *.highcharts.com cdn.jsdelivr.net:* *.twitter.com *.twimg.com data:; style-src 'self' 'unsafe-inline' *.googleapis.com:* cdn.jsdelivr.net:* *.twitter.com; img-src 'self' *.bootstrapcdn.com:* *.googleapis.com:* *.googleusercontent.com:* *.google-analytics.com *.twitter.com *.twimg.com *.gstatic.com data: ; frame-src 'self' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com * data:; child-src 'self' 'unsafe-inline' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.twimg.com; report-uri /report-csp-violation 1 frame-ancestors https://www.isabelmarant.com/ https://www.isabelmarant.com/ ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self';font-src 'self' 1 frame-ancestors 'self' goplus.localhost *.goplus.localhost; 1 frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1 default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.jquery.com *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com *.google-analytics.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.ckeditor.com *.googleapis.com *.gstatic.com *.local *.dotdemos.com *.jordanislamicbank.com *.google-analytics.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.static.com *.google.com *.consumercare.net *.econsumeraffairs.com *.juicer.io *.facebook.net *.addthis.com *.addthisedge.com *.twitter.com *.pinterest.com *.ckeditor.com *.newrelic.com *.nr-data.net *.weborama.fr *.googleadservices.com *.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.juicer.io *.bootstrapcdn.com *.ckeditor.com; img-src 'self' *.google-analytics.com *.google.com *.g.doubleclick.net *.googleapis.com *.xx.fbcdn.net *.facebook.com *.twitter.com data: *.juicer.io *.grupobimbo.com *.ckeditor.com *.imgur.com *.gstatic.com; frame-src 'self' *.google.com *.facebook.com *.addthis.com *.twitter.com *.vimeo.com *.youtube.com *.solution.weborama.fr *.g.doubleclick.net; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com *.googleusercontent.com *.facebook.net *.juicer.io; connect-src 'self' *.juicer.io *.addthis.com *.twitter.com *.facebook.com *.google-analytics.com *.g.doubleclick.net; report-uri /es/report-csp-violation, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 default-src='self' ssl.google-analytics.com fast.fonts.net 1 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src *; connect-src 'self'; 1 default-src 'self' style-src 'self' 'unsafe-inline'; 1 policy-uri /mystrokeguide.com:* 1 base-uri 'self' *.google.com; child-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; frame-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; connect-src 'self' wss://*.hotjar.com *.feefo.com *.hotjar.com *.investis.com *.twimg.com *.twitter.com *.doubleclick.net *.google-analytics.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: *; script-src 'self' gap: *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.investis.com *.surveymonkey.com *.twimg.com *.twitter.com unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.google.com *.gstatic.com *.twitter.com *.twimg.com 'unsafe-inline'; frame-ancestors 'self' *.doubleclick.net *.googletagmanager.com *.hotjar.com *.surveymonkey.com https://vars.hotjar.com *.noblehosted.com theparagongroup.sharepoint.com; referrer no-referrer; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=1c%2bfr5ysXlXGLsICZH8lAyRs6n9FQdNK73CXd2d8yFfiEPukdh56w1HaiUYOvCROxZDLcYes%2byR6T%2fzZKWrdORLEvscJsJAgFvJiQ6X%2bK3apR0DjC2vGfnvTWdalAcB%2b; report-to /SecurityUtils/rest/Report/ReportViolations?Params=1c%2bfr5ysXlXGLsICZH8lAyRs6n9FQdNK73CXd2d8yFfiEPukdh56w1HaiUYOvCROxZDLcYes%2byR6T%2fzZKWrdORLEvscJsJAgFvJiQ6X%2bK3apR0DjC2vGfnvTWdalAcB%2b; 1 allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.dhleasyshop.com http://*.dhleasyshop.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com https://*.cloudfront.net ; options inline-script eval-script 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' stage-statistics.aldi-international.com statistics.aldi-international.com stage-tracking.aldi-international.com tracking.aldi-international.com; img-src 'self' stage-statistics.aldi-international.com statistics.aldi-international.com stage-tracking.aldi-international.com tracking.aldi-international.com *.googleadservices.com *.doubleclick.net *.google.com *.google.de data:; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com http://code.createjs.com http://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google-analytics.com http://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com http://crunchips.de http://www01.crunchips.dwprev.com http://crunchips.dwprev.com http://ogp.me http://netdna.bootstrapcdn.com http://code.jquery.com http://fast.fonts.net https://hello.myfonts.net http://hello.myfonts.net https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://nicnacs.de https://fast.fonts.net 1 block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://app.getrefurls.com https://www.googletagmanager.com https://www.google-analytics.com https://ws.sharethis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com/ajax/libs/es6-shim/0.35.3/es6-shim.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://unpkg.com/vue@2.5.17/dist/vue.js https://unpkg.com/vee-validate@2.1.0-beta.9/dist/vee-validate.js https://*.hotjar.com; object-src 'self' https://*.flickr.com; style-src 'self' 'unsafe-inline' https://app.getrefurls.com https://ws.sharethis.com https://*.hotjar.com; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://app.getrefurls.com https://*.facebook.net https://*.facebook.com https://*.hotjar.com; media-src 'self' https://*.vimeo.com https://*.youtube.com; frame-src 'self' https://*.vimeo.com https://*.youtube.com https://ws.sharethis.com https://*.deltalloydlife.be https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.google.com https://*.hotjar.com; font-src 'self'; connect-src 'self' https://*.sharethis.com https://*.doubleclick.net; report-uri /en/report-csp-violation 1 default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.googleapis.com; img-src 'self' *.google-analytics.com; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.google.com ; font-src 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com; report-uri /en_GB/report-csp-violation 1 default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com *.krxd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.nestlebeverages.acsitefactory.com es.factory.nescafe.com *.krxd.net spain.nestlebeverages.acsitefactory.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ *.krxd.net https://l3.evidon.com/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com; report-uri /es/report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1 default-src 'self' *.soundcloud.com *.sndcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com tagmanager.google.com; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com; frame-src 'self' *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com/; report-uri /report-csp-violation 1 script-src 'self' cdn.httparchive.org www.google-analytics.com use.fontawesome.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net lux.speedcurve.com 'nonce-Cp0XCdAlqljvBW4o'; img-src 'self' discuss.httparchive.org avatars.discourse.org www.google-analytics.com s.g.doubleclick.net stats.g.doubleclick.net; connect-src 'self' cdn.httparchive.org discuss.httparchive.org cdn.rawgit.com www.webpagetest.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1 default-src 'self';font-src 'self' *.kb-pojistovna.cz;connect-src 'self' *.kb-pojistovna.cz *.komercpoj.cz maps.googleapis.com *.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.komercpoj.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.google.com *.kb-pojistovna.cz *.google.cz;form-action 'self' *.kb-pojistovna.cz cz *.komercpoj.cz *.kb.cz;frame-src 'self' www.youtube.com *.komercpoj.cz *.kb.cz;child-src 'self' www.youtube.com *.komercpoj.cz *.kb.cz;frame-ancestors 'self' *.komercpoj.cz *.kb.cz;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.google.com *.google.cz *.komercpoj.cz *.kb.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.komercpoj.cz;object-src 'self' 1 default-src 'self';font-src 'self' fonts.gstatic.com;connect-src 'self' analytics.monkeytracker.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz maps.google.com *.googleapis.com www.google.com; form-action 'self';frame-src 'self' www.youtube.com;child-src 'self' www.youtube.com;frame-ancestors 'self';img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.gstatic.com maps.google.com *.googleapis.com www.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz 1 frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1 script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.google-analytics.com googleapis.com ajax.googleapis.com maps.googleapis.com cdn.tinymce.com www.civildefence.govt.nz civildefence.govt.nz 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'self'; script-src 'self' ajax.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com data:;connect-src 'self' fonts.googleapis.com fonts.gstatic.com netdna.bootstrapcdn.com; report-uri https://infostation.dart.org/Sitefinity/Authenticate/OpenID/csp/report 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.rangefinders.com 1 base-uri 'none'; default-src 'self'; connect-src 'self' https://*.gstatic.com *.gstatic.com https://*.hubspot.com *.hubspot.com https://*.facebook.net *.facebook.net https://facebook.com facebook.com https://*.google.com *.google.com https://apis.google.com apis.google.com https://*.google.co.uk *.google.co.uk https://*.hs-scripts.com *.hs-scripts.com https://*.hs-analytics.net *.hs-analytics.net https://*.doubleclick.net *.doubleclick.net https://*.hs-analytics.net *.hs-analytics.net https://fonts.gstatic.com fonts.gstatic.com https://fonts.googleapis.com fonts.googleapis.com https://*.googletagmanager.com *.googletagmanager.com https://*.googleadservices.com *.googleadservices.com https://*.google-analytics.com *.google-analytics.com https://googleadservices.com googleadservices.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://player.vimeo.com player.vimeo.com https://fpdl.vimeocdn.com fpdl.vimeocdn.com https://*.usemessages.com *.usemessages.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://checkforcloudflare.selesti.com checkforcloudflare.selesti.com; frame-ancestors 'self'; frame-src 'self' https://*.gstatic.com *.gstatic.com https://*.slideshare.net *.slideshare.net https://*.youtube.com *.youtube.com https://*.vimeo.com *.vimeo.com https://*.google.com *.google.com https://*.doubleclick.net *.doubleclick.net; img-src 'self' https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com https://*.google.co.uk *.google.co.uk https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.facebook.com *.facebook.com https://*.doubleclick.net *.doubleclick.net https://*.hubspot.com *.hubspot.com https://*.facebook.com *.facebook.com https://*.doubleclick.net *.doubleclick.net https://*.google.se *.google.se https://*.google.co.il *.google.co.il https://*.google.co.jp *.google.co.jp https://*.google.ie *.google.ie https://*.google.com.ua *.google.com.ua blob: data:; media-src https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://*.vimeocdn.com *.vimeocdn.com https://player.vimeo.com player.vimeo.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.googletagmanager.com *.googletagmanager.com https://apis.google.com apis.google.com https://*.google-analytics.com *.google-analytics.com https://*.googleadservices.com *.googleadservices.com https://*.facebook.net *.facebook.net https://*.doubleclick.net *.doubleclick.net https://*.hs-scripts.com *.hs-scripts.com https://*.hs-analytics.net *.hs-analytics.net https://*.google.co.in *.google.co.in https://*.google.com.ua *.google.com.ua https://*.google.com.au *.google.com.au https://*.google.ie *.google.ie https://*.google.fr *.google.fr https://*.google.ae *.google.ae https://*.google.ru *.google.ru https://*.google.de *.google.de https://*.google.co.il *.google.co.il 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com *.googleapis.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/selesti; report-to https://poirot.selesti.com/api/violation/selesti; 1 default-src 'self' https://cdn.canada.ca https://platform.twitter.com https://maxcdn.bootstrapcdn.com https://stats.tpsgc-pwgsc.gc.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.tpsgc-pwgsc.gc.ca/piwik.js https://d3js.org/d3.v5.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://stats.tpsgc-pwgsc.gc.ca; report-uri /fr/report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com *.highcharts.com cdn.jsdelivr.net:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* cdn.jsdelivr.net:*; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com:* *.googleusercontent.com:* *.google-analytics.com *.webspellchecker.net stats.g.doubleclick.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com:* cdn.jsdelivr.net:* *.googleapis.com:*; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' code.jivosite.com mc.yandex.ru www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jivosite.com https://localhost:24738 mc.yandex.ru www.google-analytics.com; font-src 'self'; style-src 'self' 'unsafe-inline' code.jivosite.com mc.yandex.ru www.google-analytics.com; connect-src 'self' code.jivosite.com http://localhost:24738 https://localhost:24738 mc.yandex.ru www.google-analytics.com; img-src 'self' * data:; frame-src 'self' https: mailto:; child-src 'self' https: mailto:; 1 nosniff 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.g.doubleclick.net https://s.ytimg.com/yts/jsbin/ *.googleadservices.com *.google.com *.google.cz http://platform.linkedin.com https://www.transguardgroup.com 1 default-src https: 'self' https://*.googleusercontent.com wss://inspectletws.herokuapp.com https://cdn.inspectlet.com https://mijn.mkbservicedesk.nl https://app.readspeaker.com https://*.googleapis.com https://*.chkmkt.com wss://ws1.hotjar.com; script-src https: 'self' 'unsafe-inline'; style-src 'self' https://* 'unsafe-inline'; img-src 'self' https://shared.piwik.prisma-it.com https://veiliginternetten.nl data: 1 default-src 'none'; script-src 'sha256-VuNUSJ59bpCpw62HM2JG/hCyGiqoPN3NqGvNXQPU+rY=' 1 default-src 'self';font-src 'self' fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com;form-action 'self' *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl;frame-src 'self' www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net;child-src 'self' www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net;frame-ancestors 'self';img-src 'self' data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl;object-src 'self' 1 default-src https://www.regionorebrolan.se:443;script-src *.google.com ssl.google-analytics.com ssl.webserviceaward.com *.orebroll.se www.regionorebrolan.se https://js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline' ssl.webserviceaward.com;img-src *.orebroll.se ssl.google-analytics.com ssl.webserviceaward.com www.regionorebrolan.se 'self' data:;media-src rstts.readspeaker.com app.readspeaker.com streamio.com;frame-src *.youtube.com app.readspeaker.com rstts.readspeaker.com media.readspeaker.com www.regionorebrolan.se https://streamio.com;connect-src rstts.readspeaker.com;report-uri https://www.regionorebrolan.se/csp-report 1 default-src 'self' *.youtube.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.googleapis.com *.doubleclick.net *.activebuilder.com *.activebuilder.local *.google-analytics.com *.googletagmanager.com *.facebook.com data:; style-src 'self' 'unsafe-inline' *.halkbank.com.tr *.gstatic.com *.google.com *.activebuilder.com *.activebuilder.local *.googleapis.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' *.halkbank.com.tr *.google.com *.gstatic.com *.google.com.tr *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.facebook.com *.doubleclick.net *.creative-serving.com; 1 default-src 'self' 'unsafe-inline' https://*.cutie.cafe/ https://groupbundl.es/ https://*.groupbundl.es/ https://cdn.cutie.cafe; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://groupbundl.es/; style-src https://fonts.googleapis.com/ 'self' 'unsafe-inline' https://groupbundl.es/; worker-src blob:; img-src 'self' https://*.cutie.cafe/ https://groupbundl.es/ https://*.groupbundl.es/ https://cdn.cutie.cafe data:; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer origin-when-cross-origin; 1 style-src 'self' 'unsafe-inline' 1 default-src 'unsafe-inline' https://*.googleapis.com https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com https://*.googleapis.com https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self' https://*.googleapis.com https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 1 block-all-mixed-content; child-src 'self' www.google.com www.google-analytics.com www.gstatic.com; frame-src https://id.invicta.pl/ www.google.com www.google-analytics.com www.gstatic.com; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.pl www.google.com www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com https://id.invicta.pl/; style-src 'self' 'unsafe-inline' www.google-analytics.com; report-uri /en/csp/report 1 object-src 'self' *.google.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com 1 default-src 'self';font-src 'self' data: fonts.gstatic.com localhost:8888 *.mapy.cz;connect-src 'self' analytics.monkeytracker.cz localhost:8888 *.google.com *.googleapis.com www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.googleadservices.com localhost:8888 *.mapy.cz https://api.mapy.cz;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' www.youtube.com *.iplatba.cz localhost:8888;child-src 'self' www.youtube.com *.iplatba.cz localhost:8888;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie localhost:8888 *.mapy.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com localhost:8888 *.mapy.cz;object-src 'self' 1 allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src *; media-src *; frame-src 'self' 1 style-src 'unsafe-inline' 'self' http: https: ; 1 frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.test01.netivity.nl https://matrabike.test01.netivity.nl http://www.google.com 1 script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com trustedsurf.com ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1 allow 'self'; options inline-script eval-script; frame-ancestors 'none' 1 default-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://trck.spoteffects.net https://trck.spoteffects.net http://www.youtube.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; child-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://m.lotto.de https://m.lotto.de http://www.lotto.de https://www.lotto.de http://miframe.lotto.de http://iframe.lotto.de https://miframe.lotto.de https://iframe.lotto.de http://www.youtube.com https://www.youtube.com http://trck.spoteffects.net https://trck.spoteffects.net; connect-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://www.googleapis.com https://www.googleapis.com; font-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://fonts.gstatic.com https://fonts.gstatic.com data: ; img-src http://eurojackpot.de https://eurojackpot.de http://www.eurojackpot.de https://www.eurojackpot.de http://trck.spoteffects.net https://trck.spoteffects.net data: 1 default-src 'none'; manifest-src 'self'; frame-src https://googleads.g.doubleclick.net; connect-src 'self'; style-src 'self' 'unsafe-inline' https://css.qmeta.net; script-src 'self' 'unsafe-inline' data: https://cdn.ampproject.org adservice.google.de adservice.google.com https://partnernet.qmeta.net https://pagead2.googlesyndication.com https://js.qmeta.net; img-src 'self' https://img.qmeta.net https://www.google.com data:; object-src 'self' blob:; 1 default-src 'self' https://go.online-ident.ch tag.myaspectra.ch; script-src https://www.islonline.net tag.myaspectra.ch https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ; font-src 'self' https://fonts.gstatic.com ; child-src 'self' https://go.online-ident.ch https://www.google.com ; img-src 'self' tag.myaspectra.ch 1 default-src 'self' www.youtube.com; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri /nelmio/csp/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.ethicspoint.eu; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.ethicspoint.eu *.navexglobal.com *.pendo.io *.truste.com *.appdynamics.com; img-src 'self' data: analytics.ethicspoint.eu *.truste.com *.pendo; frame-src 'self' 'unsafe-eval' analytics.ethicspoint.eu *.navexglobal.com *.policytech.com; frame-ancestors 'self' 1 img-src 'self' https://*.google.com https://maxcdn.bootstrapcdn.com https://*.google.com.au https://*.damstratech.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.damstra.com.au data: https://www.google-analytics.com; connect-src 'self' https://embed.doorbell.io https://sentry.io https://companyweb.damstra.com.au; font-src 'self' data: https://embed.doorbell.io https://maxcdn.bootstrapcdn.com https://*.damstratech.com; frame-src 'self' https://www.payway.com.au https://*.google.com https://companyweb.damstra.com.au https://opengate.damstra.com.au https://*.damstratech.com; media-src 'self'; object-src 'self'; 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; report-uri https://login.mla.com.au/core/csp/report 1 frame-ancestors www.flyreiser.no secure.rentalcars.com brands.datahc.com leiebil.flyreiser.no 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com:443 https://ajax.googleapis.com:443 https://code.highcharts.com:443 https://cloud.highcharts.com:443 https://www.youtube.com:443 https://s.ytimg.com:443 https://app.claymap.com:443; style-src 'self' 'unsafe-inline' https://fast.fonts.net; img-src 'self' blob: https://*.amazonaws.com:443 https://www.google-analytics.com:443 https://konjunkturbarometer1.imgix.net:443 data:; font-src 'self' https://fast.fonts.net data:; frame-src https://www.youtube.com:443; connect-src 'self' https://cdn.plyr.io:443; report-uri https://vangenplotz.report-uri.io/r/default/csp/enforce; 1 base-uri 'none'; default-src 'none'; child-src https://www.googletagmanager.com/ns.html https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.jove.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk https://*.jic.ac.uk; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com https://secure.gravatar.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.algolianet.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; report-uri https://sentry.io/api/1295424/security/?sentry_key=cd968711cb3249ac9e21bf82518da232&sentry_environment=production; report-to https://sentry.io/api/1295424/security/?sentry_key=cd968711cb3249ac9e21bf82518da232&sentry_environment=production; 1 default-src 'self' *.google-analytics.com:* *.morgansindall.com:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com:* *.twimg.com:* *.civiccomputing.com:* *.google-analytics.com:* *.google.com:* *.gstatic.com:* *.morgansindall.com:*; object-src 'self' *.twitter.com:* *.twimg.com:* *.morgansindall.com:*; style-src 'self' 'unsafe-inline' *.twitter.com:* *.twimg.com:* *.morgansindall.com:*; img-src 'self' *.twitter.com:* *.twimg.com:* *.google-analytics.com:* data: *.civiccomputing.com *.morgansindall.com:*; media-src 'self' *.morgansindall.com:*; frame-src 'self' *.twitter.com:* *.twimg.com:* *.google.com:* *.youtube.com:* *.quartalflife.com *.morgansindall.com:* *.investis.com:* *.brightcove.net:* *.rackcdn.com:*; font-src 'self' *.morgansindall.com:* data:*; connect-src 'self' *.morgansindall.com:*; report-uri /report-csp-violation 1 default-src 'self' *.google-analytics.com:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.musedevelopments.com:* *.twitter.com:* *.twimg.com:* *.civiccomputing.com:* *.google-analytics.com:* *.google.com:* *.gstatic.com:* https://www.gstatic.com:* https://www.google.com:* https://cdn.syndication.twimg.com:* https://platform.twitter.com:*; object-src 'self' *.twitter.com:* *.twimg.com:*; style-src 'self' *.musedevelopments.com:* 'unsafe-inline' *.twitter.com:* *.twimg.com:*; img-src 'self' *.musedevelopments.com:* *.twitter.com:* *.twimg.com:* *.google-analytics.com:* data: *.civiccomputing.com:* https://syndication.twitter.com:* https://pbs.twimg.com:*; media-src 'self'; frame-src 'self' *.twitter.com:* *.twimg.com:* *.google.com:* *.youtube.com:* https://www.google.com:*; font-src 'self'; connect-src 'self'; report-uri /report-csp-violation 1 frame-src 'self' www.youtube.com www.miniclip.com 1 default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/bootbox.js/4.4.0/bootbox.min.js 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; 1 default-src 'self' https://browser-update.org 'unsafe-inline' 'unsafe-eval' 1 default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de https://*.google.com platform.twitter.com https://*.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de null cdn.syndication.twimg.com https://*.twitter.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de null platform.twitter.com; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self'; connect-src *.akamaihd.net *.vimeo.com 'self' null cdn.syndication.twimg.com https://*.twitter.com; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de https://plusone.google.com https://accounts.google.com https://*.google.com platform.twitter.com https://*.facebook.com *.youtube.com; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de 1 default-src 'self' www.google-analytics.com stats.g.doubleclick.net fonts.gstatic.com fonts.googleapis.com youtube.com www.youtube.com www.youtube-nocookie.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org widget.immobilienscout24.de ogulo.de widget.planoplan.com connect.facebook.net www.facebook.com staticxx.facebook.com www.paypal.com; script-src 'self' www.google-analytics.com stats.g.doubleclick.net fonts.gstatic.com fonts.googleapis.com youtube.com www.youtube.com www.youtube-nocookie.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org widget.immobilienscout24.de ogulo.de widget.planoplan.com connect.facebook.net www.facebook.com staticxx.facebook.com www.paypal.com; options inline-script unsafe-eval;report-uri /includes/php/cspreporting.php; 1 frame-ancestors 'self' http://jobspreader.com https://jobspreader.com http://job-server.net https://job-server.net http://www.jobnews.info https://www.jobnews.info 1 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.tsviewer.com static.tsviewer.com www.gstatic.com www.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src * data:; media-src 'self'; frame-src 'self' www.google.com; font-src 'self'; connect-src 'self' 1 default-src 'self'; script-src 'self'; object-src 'self'; style-src 'self'; img-src 'self' data:; media-src 'self'; worker-src 'self'; font-src 'self'; connect-src 'self' 1 frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsforyou.com 1 upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob: filesystem:; form-action 'self' https: wss:; frame-ancestors 'self'; sandbox allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation 1 default-src 'none'; img-src 'self'; style-src 'self' 1 default-src 'self'; object-src 'self'; script-src 'self' 1 default-src ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.entrecode.de https://www.youtube.com https://www.youtu.be *.facebook.com v2.zopim.com *; object-src ; style-src 'unsafe-inline' *; img-src * data: blob:; media-src *; child-src 'self' *.youtube.com *.youtu.be *; font-src * data:; connect-src *.entrecode.de * data:; manifest-src 1 frame-ancestors 'self' http://jobspreader.com https://jobspreader.com http://interactive.videomotion.de https://interactive.videomotion.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 frame-ancestors 'self' http://pudtoday 1 referrer no-referrer 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data:; report-uri https://login.gordian.com/csp/report 1 default-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com 1 script-src 'self' 'unsafe-inline' blob: *.nickspizzaonline.com *.foodtecsolutions.com:* *.google.com *.opentable.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.facebook.com https://connect.facebook.net https://cdn.syndication.twimg.com https://js.hs-scripts.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://salesiq.zoho.com/widget https://campaigns.zoho.com https://maillist-manage.com https://crm.zoho.com https://js.zohostatic.com https://vts.zohopublic.com https://unpkg.com *.adroll.com *.cloudfront.net; frame-ancestors 'self' 'unsafe-inline' blob: *.nickspizzaonline.com *.foodtecsolutions.com:* *.google.com *.opentable.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.facebook.com https://connect.facebook.net https://cdn.syndication.twimg.com https://js.hs-scripts.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://salesiq.zoho.com/widget https://campaigns.zoho.com https://maillist-manage.com https://crm.zoho.com https://js.zohostatic.com https://vts.zohopublic.com https://unpkg.com *.adroll.com *.cloudfront.net; 1 default-src https://*.wamnet.com:443 https://*.wamnet.co.uk:443; script-src https://*.wamnet.com https://*.wamnet.co.uk https://www.google-analytics.com https://ssl.p.jwpcdn.com https://jwpltx.com 'unsafe-eval' 'unsafe-inline'; style-src https://*.wamnet.com https://*.wamnet.co.uk https://fonts.googleapis.com https://ssl.p.jwpcdn.com https://jwpltx.com 'unsafe-inline'; img-src https://*.wamnet.com https://*.wamnet.co.uk https://www.google-analytics.com https://ssl.p.jwpcdn.com https://jwpltx.com; font-src https://*.wamnet.com https://*.wamnet.co.uk https://fonts.gstatic.com https://ssl.p.jwpcdn.com https://jwpltx.com; connect-src https://*.wamnet.com https://*.wamnet.co.uk https://www.google-analytics.com; 1 frame-ancestors apps.facebook.com flydreamers.com 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.jquery.com *.webspellchecker.net *.addtoany.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com *.exchange.jo track.adform.net img04.en25.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net *.eloqua.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com c1.adform.net; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com track.adform.net; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://platform.twitter.com https://platform.twitter.com http://connect.ok.ru https://connect.ok.ru https://cdn.onesignal.com https://*.doubleclick.net https://onesignal.com http://*.googletagservices.com https://yastatic.net http://*.yandex.net https://*.yandex.net http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com feeds.feedburner.com feedburner.google.com counter.rambler.ru http://*.yandex.ru https://*.yandex.ru *.avtoed.com http://*.gstatic.com https://*.gstatic.com http://yandex.st https://yandex.st http://vk.com https://vk.com http://vk.comcdn.connect.mail.ru https://vk.comcdn.connect.mail.ru http://mc.yandex.ru https://mc.yandex.ru http://*.google-analytics.com https://*.google-analytics.com; object-src 'self' http://*.youtube.com https://*.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.gstatic.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://onesignal.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com; img-src * 'self' data: http://mc.yandex.ru https://mc.yandex.ru http://yastatic.net https://yastatic.net; media-src 'self'; frame-src 'self' http://connect.ok.ru https://connect.ok.ru http://platform.twitter.com https://platform.twitter.com https://onesignal.com http://*.avtoed.com http://orphus.ru http://*.yandex.net https://*.yandex.net http://*.yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net https://yandexadexchange.net http://*.yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net http://yastatic.net https://yastatic.net http://*.youtube.com https://*.youtube.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://connect.mail.ru https://connect.mail.ru http://vk.com https://vk.com; font-src 'self' http://*.gstatic.com https://*.gstatic.com; connect-src 'self' https://onesignal.com https://*.yandex.net http://yandex.ru https://yandex.ru http://*.yandex.ua https://*.yandex.ua http://*.youtube.com https://*.youtube.com http://*.google-analytics.com https://*.google-analytics.com http://*.yandex.ru https://*.yandex.ru http://*.gstatic.com https://*.gstatic.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.st *.vk.com *.republer.com *.gonews2.net *.darangi.ru *.footurist.ru *.adone.ru *.videoseed.ru *.bdzhhjnml.pw *.videoburner2015.com *.weborama.fr *.ytimg.com *.apicaller.ru *.level1cdn.com *.mayvbm.com *.boolads.com *.thor-media.ru *.2mdn.net *.rontar.com *.admantic.ru *.actionpay.ru *.pc2ads.ru *.bdwbxmzmpu.ru *.real6traf.ru *.rt-sign.ru *.rt-ns.ru *.nutkaekwcm.ru *.umdxxosugh.ru *.luxadv.com *.adlabs.ru *.luxup.ru *.tizerlady.biz *.begun.ru *.betrad.com *.doubleclick.net *.rutarget.ru *.acint.net *.sape.ru *.adriver.ru *.kavanga.ru *.targetix.net *.smi2.net *.bidswitch.net *.r24-tech.com *.yandex.ru *.tizerlady.com *.ladytizer.com *.tizerlady.info *.dutrmedi.ru *.dumedia.ru *.admitad.com *.100im.net *.sociomantic.com *.am15.net *.betweendigital.com *.advertur.ru *.mixmarket.biz *.faggrim.com *.pay-click.ru *.smaclick.com *.advombat.ru *.marketgid.com *.adonweb.ru *.recreativ.ru *.yandex.net vsekratko.ru *.pay-click.ru *.smi2.ru *.allskazki.ru *.schema.org *.googleapis.com *.liveinternet.ru *.dt00.net *.mail.ru *.rambler.ru *.imgsmail.ru *.gstatic.com *.yandex.st *.googlesyndication.com *.youtube.com *.vk.com *.google-analytics.com; object-src 'self' *.videoseed.ru *.begun.ru *.2mdn.net *.actionpay.ru https://advertur.ru *.adriver.ru *.kavanga.ru *.r24-tech.com *.admitad.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.php-d.com *.imrk.net *.r24-tech.com *.sociomantic.com *.recreativ.ru; img-src 'self' data: 31.168.230.211 *.audsp.com *.republer.com *.smartyads.com *.adlabs.ru *.uptolike.com *.datamind.ru *.gonews2.net *.bposterss.net *.lugiy.ru *.adone.ru *.bdzhhjnml.pw *.2mdn.net *.ladytizer.org *.mzstatic.com *.thor-media.ru *.tm1438387200.ru *.betrad.com *.begun.ru *.googlesyndication.com *.admantic.ru *.rontar.com *.windowsphone.com *.apple.com *.android.com *.actionpay.ru *.pc2ads.ru *.partnerna5.ru *.rt-image.ru *.luxup.ru *.luxadv.com *.tizerlady.biz *.pushkin-live.ru *.adhigh.net *.1dmp.io *.adtarget.me *.rutarget.ru *.gemius.pl *.acint.net *.qservz.com *.tns-counter.ru *.adriver.ru *.doubleclick.net *.hubrus.com *.kavanga.ru *.targetix.net *.smi2.net *.whisla.com *.intencysrv.com *.bidswitch.net *.r24-tech.com *.yandex.ru *.tizerlady.com *.ladytizer.com *.tizerlady.info *.admitad.com *.am15.net *.ghmedia.ru *.betweendigital.com *.sociomantic.com *.smaclick.com *.ladyclick.ru *.wbunder.com *.adnow.com *.adxxx.com *.gravatar.com *.allskazki.ru *.smi2.net *.mixmarket.biz *.pay-click.ru *.smaclick.com *.advombat.ru *.marketgid.com *.smi2.ru *.adonweb.ru *.recreativ.ru *.yandex.net *.vsekratko.ru *.allskazki.ru *.schema.org *.googleapis.com *.liveinternet.ru *.dt00.net *.mail.ru *.allskazki.ru *.smaclick.com *.advombat.ru *.yadro.ru *.tovarro.com *.facetz.net *.gravatar.com *.vk.com *.yastatic.net *.rambler.ru *.google-analytics.com; media-src 'self'; frame-src 'self' *.kavanga.ru *.weborama.fr *.betrad.com *.solocpm.com *.googlesyndication.com *.creativecdn.com *.sniperlog.ru *.begun.ru *.rt-sign.ru *.adtarget.me *.imrk.net *.rutarget.ru *.betweendigital.com *.qservz.com *.sociomantic.com *.exebid.ru *.adhigh.net *.targetix.net *.hubrus.com *.adriver.ru *.doubleclick.net *.intencysrv.com *.whisla.com *.bidswitch.net *.yandex.ru *.dutrmedi.ru *.dumedia.ru *.admitad.com *.acint.net *.datamind.ru *.am15.net *.yastatic.net *.recreativ.ru *.mail.ru *.yandex.ru *.youtube.com *.doubleclick.net *.vk.com; font-src 'self' *.pushkin-live.ru; connect-src 'self' *.marketgid.com *.doubleclick.net *.google-analytics.com *.yandex.ru *.gstatic.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.com https://*.heatmap.it; 1 default-src https:; frame-src https://vars.hotjar.com https://www.googletagmanager.com https://e.issuu.com/embed.html https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://s7.addthis.com/static/ https://www.facebook.com/tr/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://m.addthisedge.com/live/ https://*.addthis.com/ https://e.issuu.com/embed.js https://dnn506yrbagrg.cloudfront.net/pages/scripts/0022/9283.js https://7217441.collect.igodigital.com/collect.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1619154008352119 https://www.google-analytics.com/plugins/ua/ec.js https://jobadder.com/widgets/V1/Jobs/RenderJobList https://apps.jobadder.com/widgets/V1/Jobs/RenderJobList https://jobadder.com/widgets/V1/Jobs/RenderJobDetails; connect-src 'self' https://api.compassion.com.au https://concierge.compassion.com.au https://*.algolia.net https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com/j/collect https://www.facebook.com/tr/ https://jobadder.com/widgets/V1/Error/LogError https://apps.jobadder.com/widgets/V1/Error/LogError https://m.addthis.com/live/red_lojson/100eng.json; img-src 'self' data: https://media.ci.org https://images.ctfassets.net https://images.contentful.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://stats.g.doubleclick.net/r/collect https://nova.collect.igodigital.com/c2/7217441/track_page_view https://www.facebook.com/tr/ https://nova.collect.igodigital.com/c2/7217441/track_cart https://nova.collect.igodigital.com/c2/7217441/track_conversion https://auproddownloads.blob.core.windows.net/compassion/ https://jobadder.com/widgets/ https://apps.jobadder.com/widgets/ http://*.tile.openstreetmap.org/ https://server.arcgisonline.com/ArcGIS/ https://d33wubrfki0l68.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.au/ads/ga-audiences 1 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 1 allow 'self'; media-src *; img-src *; script-src 'self' https://avisite.com.br; style-src 'self'; 1 default-src 'self' https://*.linksynergy.com https://mysafe.link https://*.facebook.com https://*.amazon-adsystem.com https://*.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://*.gstatic.com https://translate.yandex.net https://api.giphy.com https://mysafe.link https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://code.highcharts.com https://*.gstatic.com https://*.googleapis.com https://media.twiliocdn.com https://mysafe.link https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.google.com https://*.google.com.br; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: http://parceiroimg.maquinadevendas.com.br https://*.sephora.com.br https://*.giulianaflores.com.br https://*.googlesyndication.com https://mproxy.banner.linksynergy.com https://ad.linksynergy.com https://maps.googleapis.com https://twitter.github.io https://twemoji.maxcdn.com https://media0.giphy.com https://media1.giphy.com https://media2.giphy.com https://media3.giphy.com https://*.gstatic.com https://mysafe.link https://*.google-analytics.com https://*.gravatar.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://*.gstatic.com https://*.google.com https://*.googleapis.com; worker-src 'self' blob: ; frame-src 'self' https://*.facebook.com https://mysafe.link https://*.doubleclick.net; font-src 'self' https://*.gstatic.com data: https://*.googleapis.com https://cdnjs.cloudflare.com 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com *.googleapis.com *.typekit.net *.webspellchecker.net; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.gstatic.com *.googleapis.com *.gstatic.com *.webspellchecker.net; media-src 'self'; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googleapis.com *.gstatic.com https://static1.squarespace.com *.typekit.net *.webspellchecker.net; connect-src 'self' *.google-analytics.com *.typekit.net *.webspellchecker.net; frame-src 'self' *.vimeo.com *.youtube.com *.vimeo.com *.youtube.com *.webspellchecker.net; font-src 'self' data: *.googleapis.com *.gstatic.com *.googleapis.com *.gstatic.com *.typekit.net; report-uri https://tokybd.report-uri.io/r/default/csp/enforce 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com connect.facebook.net platform.twitter.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://platform.twitter.com *.optnmstr.com https://*.optnmstr.com *.googleapis.com https://*.googleapis.com; object-src 'self' *.youtube.com youtube.com https://*.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com; img-src 'self' img.youtube.com stats.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.twitter.com external.xx.fbcdn.net *.googleapis.com https://img.youtube.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.twitter.com https://external.xx.fbcdn.net https://stats.g.doubleclick.net https://*.googleapis.com *.optnmstr.com https://*.optnmstr.com *.amazonaws.com https://*.amazonaws.com *.google.com https://*.google.com *.google.ca https://*.google.ca *.google.es https://*.google.es pom.fbsocialapp.co; frame-src 'self' www.smartsource.ca *.youtube.com *.facebook.com nam-prod-pe-public.s3.amazonaws.com https://www.smartsource.ca https://*.youtube.com https://*.facebook.com https://nam-prod-pe-public.s3.amazonaws.com *.twitter.com https://*.twitter.com; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.optnmstr.com https://*.optnmstr.com *.facebook.com https://*.facebook.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google.com; font-src fonts.gstatic.com; form-action 'self'; connect-src 'self'; child-src 'self'; object-src 'none' 1 frame-ancestors 'self' *.omronhealthcare.ca *.omronhealthcare.com http://10.196.1.55:8000; 1 frame-ancestors *; 1 default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.google.com www.nitrokey.com; object-src 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com; img-src 'unsafe-inline' 'self' safari-extension www.nitrokey.com data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com; font-src 'unsafe-inline' 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com data:; connect-src 'self' https://api.github.com; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'self' *.macromedia.com; options eval-script; 1 frame-ancestors 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com; frame-src 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com; 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; upgrade-insecure-requests; style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline'; 1 default-src 'self' mediaplatform.streamingmediahosting.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' maxcdn.bootstrapcdn.com www.google-analytics.com developers.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src * data:; font-src 'self' data: maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1 default-src 'self'; style-src 'self' code.jquery.com use.fontawesome.com 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-bviLPwiqrYk7TOtr5i2eb7I5exfGcGEvVuxmITyg//c=' 'sha256-MammJ3J+TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o=' 'sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A=' 'sha256-+zzuded9+DHoztKyASJeCkVU0gxvYNWMUIQM7x//CB4=' 'sha256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M=' 'sha256-WCg1a4AhMGgFRCQG5w+hgG+Q2j8Ygrbd+2dgjByIOIU=' 'sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8='; script-src 'self' code.jquery.com use.fontawesome.com cdnjs.cloudflare.com ajax.aspnetcdn.com maxcdn.bootstrapcdn.com 'sha384-bPV3mA2eo3edoq56VzcPBmG1N1QVUfjYMxVIJPPzyFJyFZ8GFfN7Npt06Zr23qts' 'sha256-CNgHUH5JiYOHsJyxoLnqaY4+MNwB6jIlV4tClLOVPUI=' 'sha256-36BiXRdqUnjLTnhlvfi55NDkRIBh8dDVkhIZt48ZMPg=' www.google.com www.gstatic.com ;frame-src www.google.com;font-src 'self' use.fontawesome.com; img-src 'self' code.jquery.com; 1 frame-ancestors 'self' http://www.lugaro.com http://www.manfredijewels.com http://www.dutyfreediplomatic.com 1 style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com stackpath.bootstrapcdn.com fonts.gstatic.com; font-src 'self' data: fast.fonts.net fonts.googleapis.com stackpath.bootstrapcdn.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.gstatic.com www.googleadservices.com www.google-analytics.com tracedseals.starfieldtech.com imagesak.secureserver.net www.youtube.com s.ytimg.com cdn.ywxi.net s3-us-west-2.amazonaws.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com; child-src 'self' www.youtube.com www.veexinc.com:8443; 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.google.com maps.googleapis.com; img-src 'self' csi.gstatic.com maps.google.com; 1 default-src 'self';font-src 'self' fonts.gstatic.com data: static.zotabox.com;connect-src 'self' analytics.monkeytracker.cz ws://s2.getsmartlook.com *.getsmartlook.com wss://s2.getsmartlook.com api-test.vivtracking.com *.addthis.com *.feynmanhopeful.eu feynmanhopeful.eu *.addthis.com *.hotjar.com ws://ws1.hotjar.com wss://ws1.hotjar.com *.smartlook.com ws://*.hotjar.com wss://*.hotjar.com stats.zotabox.com www.facebook.com *.vivtracking.com onesignal.com *.onesignal.com *.exponea.com jsonip.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz www.google.com *.youtube.com *.ytimg.com cdn.rawgit.com www.googleadservices.com api.myx.cz secure.myxheat.com infolinka.crmnutricia.cz rec.getsmartlook.com www.sc.pages04.net nutricia-cz.performax.cz https://connect.facebook.net *.google.pl *.google.cz *.google.sk *.google.ro *.google.fr nutricia.vivtracking.com *.addthis.com cdn.feynmanhopeful.eu m.addthisedge.com *.ibillboard.com *.facebook.net *.hotjar.com *.jsdelivr.net static.zotabox.com www.facebook.com *.doubleclick.net *.onesignal.com onesignal.com *.exponea.com jsonip.com *.cookiebot.com *.azureedge.net;form-action 'self' www.facebook.com *.facebook.net;frame-src 'self' www.youtube.com infolinka.crmnutricia.cz ut.performax.cz *.vivtracking.com *.addthis.com *.ibillboard.com *.bbelements.com ip.casalemedia.com *.adscale.de *.hotjar.com *.doubleclick.net *.facebook.com *.azureedge.net;child-src 'self' www.youtube.com infolinka.crmnutricia.cz ut.performax.cz *.vivtracking.com *.addthis.com *.ibillboard.com *.bbelements.com ip.casalemedia.com *.adscale.de *.hotjar.com *.doubleclick.net *.facebook.com *.azureedge.net;frame-ancestors 'self';img-src 'self' data: *.gstatic.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.facebook.com *.fbcdn.net *.youtube.com c.imedia.cz www.google.cz www.google.com infolinka.crmnutricia.cz secure.myxheat.com *.pages04.net placeholdit.imgix.net placehold.it *.google.pl *.google.cz *.google.sk *.google.ro *.google.fr *.google.ie *.ibillboard.com *.bidswitch.net *.ctnsnet.com *.programattik.com file.zbcdn.net *.zotabox.com *.hotjar.com *.klubmaminek.cz *.googleusercontent.com *.exponea.com https://exponea-usercontent.s3-eu-central-1.amazonaws.com ;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.onesignal.com onesignal.com;object-src 'self' *.ibillboard.com 1 default-src 'self';font-src 'self' data: fonts.gstatic.com;connect-src 'self' analytics.monkeytracker.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz www.google.com tagmanager.google.com *.maxcdn.com;form-action 'self';frame-src 'self' www.youtube.com;child-src 'self' www.youtube.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com maps.google.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net tagmanager.google.com *.maxcdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz;object-src 'self' 1 default-src 'self';font-src 'self' data: fonts.gstatic.com localhost:8888;connect-src 'self' analytics.monkeytracker.cz localhost:8888 *.google.com *.googleapis.com www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.imedia.cz *.googleadservices.com googleads.g.doubleclick.net track.adform.net https://im9.cz;form-action 'self' localhost:8888;frame-src 'self' www.youtube.com *.iplatba.cz localhost:8888 *.imedia.cz;child-src 'self' www.youtube.com *.iplatba.cz localhost:8888 *.imedia.cz;frame-ancestors 'self' localhost:8888;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie https://iplatba.cz localhost:8888 *.imedia.cz *.heureka.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com localhost:8888;object-src 'self' 1 default-src 'self';font-src 'self' data: fonts.gstatic.com *.zopim.com;connect-src 'self' analytics.monkeytracker.cz ws://*.zopim.com wss://*.zopim.com app.mluvii.com wss://app.mluvii.com https://www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com www.googleadservices.com analytics.monkeytracker.cz www.google.com *.zopim.com pt app.mluvii.com connect.facebook.net https://www.facebook.com;form-action 'self' www.patro.cz 3dsecure.gpwebpay.com;frame-src 'self' www.youtube.com www.patro.cz 3dsecure.gpwebpay.com app.mluvii.com samoobsluha.tescomobile.cz;child-src 'self' www.youtube.com www.patro.cz 3dsecure.gpwebpay.com app.mluvii.com samoobsluha.tescomobile.cz;frame-ancestors 'self' www.patro.cz 3dsecure.gpwebpay.com app.mluvii.com;img-src 'self' data: *.google.cz *.google.com *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.zopim.io *.zopim.com app.mluvii.com www.facebook.com *.placeholder.com;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com analytics.monkeytracker.cz app.mluvii.com;object-src 'self' 1 default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; connect-src 'self'; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com; 1 default-src 'self' 87.237.215.243 dns1.sentig.se *.google.com *.facebook.com *.googleapis.com *.jsdelivr.net ; script-src 'self' *.jsdelivr.net *.google-analytics.com *.google.com *.facebook.com *.gstatic.com *.twitter.com *.youtube.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' ;style-src * 'unsafe-inline' ;img-src 'self' * ;frame-src * ; font-src * ;media-src 'self' *.gstatic.com ; object-src 'self' *.gstatic.com ; connect-src 'self' *.gstatic.com *.youtube.com *.ytimg.com ; report-uri /tmp/ ; 1 child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' vit.tube wss://peer.vit.tube https://media.vit.tube https://jussi.vit.tube api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1 upgrade-insecure-requests; form-action: http://go.aclara.com/*; 1 default-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline' data: blob:; media-src 'self'; frame-src *; font-src * 'unsafe-inline' data: blob:; connect-src *; report-uri /report-csp-violation 1 default-src script-src 'self' style-src * 'unsafe-inline' img-src * frame-src * font-src 'self' data: 1 default-src ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google-analytics.com *.typekit.com *.addthis.com *.addthisedge.com *.chartbeat.com *.infogram.com *.jquery.com unpkg.com *.newrelic.com *.nr-data.net; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' unpkg.com; img-src 'self' 'unsafe-inline' data: *.twimg.com *.typekit.net *.google-analytics.com *.doubleclick.net *.chartbeat.net *.tinypic.com *.wmflabs.org; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' datawrapper.dwcdn.net *.addthis.com *.google.com *.infogram.com *.jquery.com; frame-ancestors 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' *.typekit.com; connect-src 'self' 'unsafe-inline' *.addthis.com *.typekit.net; report-uri //report-csp-violation 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.sharethis.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.sharethis.com *.googleapis.com *.gstatic.com; img-src 'self' *.google-analytics.com *.google.com stats.g.doubleclick.net *.googleapis.com *.ggpht.com *.facebook.com *.xx.fbcdn.net *.ytimg.com data *.sharethis.com *.googleapis.com *.gstatic.com; frame-src 'self' *.google.com https://*.fls.doubleclick.net *.sharethis.com *.googleapis.com *.youtube.com; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com *.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'self' data:; script-src 'self' data: 'unsafe-inline' *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net connect.facebook.net *.hotjar.com cdnjs.cloudflare.com *.branch.io branch.io *.link *.doubleclick.net *.licdn.com *.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; img-src * data:; media-src *; frame-src 'self' *.doubleclick.net youtube.com *.hotjar.com *.facebook.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src *; report-uri https://jetsmarter.com/api/v1/forms/csp-report/ 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google.com *.google-analytics.com *.googleapis.com *.vimeocdn.com *.youtube.com *.ytimg.com https://*.typekit.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.myfonts.net https://*.typekit.net; img-src 'self' data: *.addthis.com https://*.cdninstagram.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.typekit.net *.ytimg.com; connect-src 'self' *.addthis.com *.google-analytics.com https://*.typekit.net; frame-src 'self' *.addthis.com *.vimeo.com *.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.typekit.net; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/; img-src *; font-src https://use.fontawesome.com/; report-uri https://login.libraryconnect.com/csp/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com maps.googleapis.com use.typekit.net cdnjs.cloudflare.com www.google-analytics.com bam.nr-data.net connect.facebook.net platform.twitter.com gmc.lingotek.com pixel.mathtag.com platform.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fast.fonts.net gmc.lingotek.com; frame-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com; child-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com; report-uri /report-csp-violation 1 default-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.arnoldbread.com *.brownberry.com *.oroweat.com *.econsumeraffairs.com *.consumercare.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.consumercare.net *.econsumeraffairs.com *.google.com cdn.jsdelivr.net *.facebook.net *.likebtn.com *.pinterest.com *.facebook.com *.typekit.com *.trackduck.com *.sharethis.com dnn506yrbagrg.cloudfront.net *.mousestats.com *.m4dc.com data: ; object-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline' *.arnoldbread.com *.brownberry.com *.oroweat.com *.trackduck.com *.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.likebtn.com *.typekit.net *.sharethis.com; img-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.gravatar.com *.google-analytics.com *.trackduck.com *.google.com stats.g.doubleclick.net *.facebook.com *.googleapis.com cdn.jsdelivr.net *.typekit.net *.sharethis.com *.blob.core.windows.net *.dev-2.development-preview.com *.gstatic.com gravatar.com gtrk.s3.amazonaws.com *.google.co.in/ads data:; media-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; frame-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com *.sharethis.mgr.consensu.org *.sharethis.com *.m4dc.com; font-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.typekit.com data: *.typekit.net *.trackduck.com; connect-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com *.facebook.com *.trackduck.com *.sharethis.com wss: data: *.gravatar.com *.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.nr-data.net *.bam.nr-data.net *.nr-data.com *.google-analytics.com *.googleapis.com *.gstatic.com *.maps.google.com *.stats.g.doubleclick.net *.g.doubleclick.net *.google.com *.google.ca *.cloud.google.com; img-src * data:; report-uri /admin/config/system/seckit/csp-report 1 script-src 'self' *.safehelpline.org safehelpline.org cdnjs.cloudflare.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.safehelpline.org safehelpline.org; report-uri //report-csp-violation 1 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; 1 frame-ancestors 'self' 57.191.128.253:8080 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://applet.danid.dk http://pbs.122.2o7.net https://codefileclient.danid.dk/ 1 default-src 'self' data: *.halkbank.com.tr *.doubleclick.net t.co *.facebook.com *.facebook.com.tr *.gstatic.com *.google.com *.google.com.tr *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.creative-serving.com *.ads-twitter.com *.twitter.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' connect.facebook.net *.cloudflare.com *.google-analytics.com *.fontawesome.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com; img-src 'self' data: *.google-analytics.com *.doubleclick.net thewilhelmsens.com *.facebook.com; media-src 'self'; frame-src 'self' *.youtube.com *.spotify.com *.facebook.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com data: https: http: 1 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com 1 frame-ancestors *.taichung.travel travel.taichung.gov.tw 1 frame-ancestors *.traveltaoyuan.com.tw 1 frame-ancestors www.bps.ac.uk 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com connect.facebook.net platform.twitter.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://platform.twitter.com *.optnmstr.com https://*.optnmstr.com *.googleapis.com https://*.googleapis.com; object-src 'self' *.youtube.com youtube.com https://*.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com; img-src 'self' img.youtube.com stats.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.twitter.com external.xx.fbcdn.net *.googleapis.com https://img.youtube.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.twitter.com https://external.xx.fbcdn.net https://stats.g.doubleclick.net https://*.googleapis.com *.optnmstr.com https://*.optnmstr.com *.amazonaws.com https://*.amazonaws.com *.google.com https://*.google.com *.google.ca https://*.google.ca *.google.es https://*.google.es; frame-src 'self' www.smartsource.ca *.youtube.com *.facebook.com nam-prod-pe-public.s3.amazonaws.com https://www.smartsource.ca https://*.youtube.com https://*.facebook.com https://nam-prod-pe-public.s3.amazonaws.com *.twitter.com https://*.twitter.com; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.optnmstr.com https://*.optnmstr.com *.facebook.com https://*.facebook.com *.optmnstr.com https://*.optmnstr.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com connect.facebook.net code.jquery.com www.googletagservices.com www.adbox.lt googleapis.com www.googleadservices.com vjs.zencdn.com www.audiklubas.com partner.googleadservices.com pagead2.googlesyndication.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com; object-src 'self' http://fcatripura.gov.in; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com http://fcatripura.gov.in https://www.nic.in; media-src 'self' https://www.youtube.com/; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' http://backoffice.e-cigre.org/ 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vtb.ge; object-src 'self'; frame-src 'self' https://*.vtb.ge 1 default-src 'none'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; frame-src https:; connect-src https:; manifest-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com/tr/; base-uri 'self' https://optimize.google.com/optimize/editor/; object-src 'none' 1 style-src 'self' 'unsafe-inline'; img-src 'self' veracitystatic.azureedge.net brandcentral.dnvgl.com veracitycdn.azureedge.net veracity.azureedge.net veracitytest.azureedge.net veracityprod.azureedge.net www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.no; media-src 'self' brandcentral.dnvgl.com veracityprod.blob.core.windows.net veracitycdn.azureedge.net veracitystatic.azureedge.net; script-src 'self' veracitycdn.azureedge.net az416426.vo.msecnd.net 'sha256-LWcVEiDjx05b33xbBBIZs8ahHb1nQyE8/TTVR7wakjg=' 'sha256-fdGgXQ5YKQNCmXceMA0rWC7DAV3A5WUvXj5v0GI1ML8='; report-uri /v1/csp-violations 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gorodaru.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src 'self' *.doubleclick.net *.googletagservices.com *.google.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1 default-src 'self' https://www.youtube.com https://s7.addthis.com https://staticxx.facebook.com https://*.google.it https://www.google.com https://static-v.tawk.to https://static-v.tawk.to ; frame-ancestors 'none'; connect-src 'self' https://va.tawk.to/; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://connect.facebook.net https://m.addthisedge.com https://s7.addthis.com https://m.addthis.com https://graph.facebook.com https://widgets.pinterest.com https://www.linkedin.com https://cdn.jsdelivr.net ; object-src 'none' https://static-v.tawk.to; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://cartonrent.com https://www.cartonrent.com/images/logo.png https://stats.g.doubleclick.net https://www.facebook.com https://static-v.tawk.to/*; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com https://www.youtube.com 1 frame-ancestors www.flyrejser.dk secure.rentalcars.com brands.datahc.com lejebil.flyrejser.dk 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https *.cloudfront.net *.googleapis.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net graph.facebook.com rum-static.pingdom.net 1 "default-src 'self' *.twitter.com *.holyspirit.ab.ca *.google-analytics.com" 1 upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com https://vk.com https://*.vk.com https://me-talk.ru https://*.me-talk.ru https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://www.google.com https://yastatic.net; object-src 'self' https://*.youtube-nocookie.com https://*.youtube.com; style-src 'self' 'unsafe-inline'https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.me-talk.ru https://me-talk.ru https://www.google.com https://ajax.googleapis.com; img-src 'self' https://*.me-talk.ru https://maps.googleapis.com https://*.gstatic.com https://vk.com https://*.vk.com https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://*.maps.yandex.net data: https://www.cs-cart.com; frame-src 'self' https://www.google.com https://ajax.googleapis.com https://*.youtube-nocookie.com https://*.youtube.com https://*.me-talk.ru https://me-talk.ru; font-src 'self' data: https://*.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://me-talk.ru https://*.me-talk.ru; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://*.gstatic.com 1