Values for x-content-security-policy:
default-src 'self'; img-src *; media-src * data:; 1,387
frame-ancestors 'self' 439
allow 'self'; 87
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 65
default-src 'self'; script-src 'self'; 59
img-src *; media-src * data:; 54
report-uri /report-csp-violation; upgrade-insecure-requests 47
report-uri /report-csp-violation 47
upgrade-insecure-requests; 37
default-src 'self' 'unsafe-inline' 36
upgrade-insecure-requests 21
default-src 'self' 21
default-src 'self'; 20
frame-ancestors 'none' 19
default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 17
allow 'self'; media-src *; img-src *; script-src *; style-src *; 15
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; worker-src 'self' blob:; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; report-to https://glsgroup.report-uri.io/r/default/csp/enforce; 14
default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 12
sandbox allow-scripts allow-popups allow-same-origin; 11
default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 10
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 10
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 9
frame-ancestors 'self'; 9
frame-ancestors https://*.marketo.com 8
block-all-mixed-content 8
script-src 'self' 8
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 8
allow-scripts allow-popups allow-same-origin; 7
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 7
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 7
frame-ancestors 'self' weleda.sabio.de 7
7
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 7
nosniff 6
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 6
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 6
self 6
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob: 6
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 6
frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 6
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 6
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 5
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors files.prismic.io;frame-src vercel.live prismic.io *.prismic.io *.oncehub.com *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src *.prismic.io;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io *.mida.so www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' https://*.mida.so;worker-src 'self'; 5
frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com https://eu-dg.knowmax.ai; 5
default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com *.openstreetmap.org'unsafe-inline' 'unsafe-eval' data: 5
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 5
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 5
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thebalancemoney.com; upgrade-insecure-requests; 4
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com wss://widget-mediator.zopim.com ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com pod-28.zendesk.com https://widget-mediator.zopim.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com  4
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 4
child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com https://*.qualified.com; connect-src 'self' *.googlesyndication.com pi.pardot.com go.jaggaer.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self'  *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self' *.doubleclick.net *.google.com blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com www.googletagmanager.com promo.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self' *.bing.com *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms https://*.qualified.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self'  s.w.org app.qualified.com mediastream:; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' tracking.intentsify.io https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net  js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr  'unsafe-inline' ; style-src 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com  cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self'  blob: *.qualified.com;  upgrade-insecure-requests; 4
frame-ancestors * 4
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'none'; script-src 'self'; style-src 'self' 'sha256-c7UXWUzN0H2d6Esy8XO3YkQZDAZlKfdWIsW1bupteNY=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; form-action 'self' 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 4
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 4
img-src ; media-src  data:; 4
frame-ancestors 'self' *.volusion.com 4
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.southernliving.com; upgrade-insecure-requests; 3
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.parents.com; upgrade-insecure-requests; 3
style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://app.guestoo.de https://my.visme.co 3
frame-ancestors www.red-gate.com; 3
frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 3
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 3
base-uri 'self' https://*.vbrick.com;child-src 'self' https://*.vbrick.com;connect-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com  https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com  https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3
frame-ancestors https://*.randstad.es; 3
default-src 'self'; img-src *; media-src * data: 3
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 3
frame-ancestors https://app.storyblok.com/ 3
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 3
default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at  https://*.google-analytics.com  https://*.google.com  https://*.google.at  https://*.doubleclick.net  https://*.youtube.com  https://youtu.be https://*.ytimg.com  https://*.facebook.com  https://*.vimeocdn.com  https://vimeo.com  https://*.vimeo.com  https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at  https://*.youtube.com   https://*.googletagmanager.com  https://*.google-analytics.com  https://*.hotjar.com  https://*.facebook.net  https://*.g.doubleclick.net  https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com  https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com  https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com  https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/; report-uri /report-csp-violation 3
frame-ancestors *; report-uri /report-csp-violation 3
default-src 'self' ws: wss: blob: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com; font-src 'self' 'unsafe-inline' data: http://cdn.storelocatorwidgets.com http://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com webchat.keyreply.com fonts.gstatic.com kit-free.fontawesome.com https://edge.addthis.com; connect-src 'self' ws: wss: blob: https://geocode.arcgis.com https://log.storelocatorwidgets.com https://b.tiles.expressmaps.com https://a.tiles.expressmaps.com http://markers.storelocatorwidgets.com https://markers.storelocatorwidgets.com https://tiles.expressmaps.com wss://nhg.app.keyreply.com nhg.app.keyreply.com maps.googleapis.com www.google-analytics.com https://v1.addthis.com m.addthis.com https://edge.addthis.com https://api-public.addthis.com https://l.sharethis.com https://datasphere-sbsvc.sharethis.com https://bcp.crwdcntrl.net; frame-src 'self' www.google.com youtu.be www.youtube.com http://s7.addthis.com https://edge.addthis.com https://www.nhgp.com.sg http://t.sharethis.com; frame-ancestors 'self'; img-src * data: maps.gstatic.com *.googleapis.com *.ggpht.com *.storelocatorwidgets.com blob: https://www.wh.com.sg https://cmswh.com.sg; media-src 'self' data: keyreply.blob.core.windows.net youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss: blob: data: https://geocode.arcgis.com https://tiles.expressmaps.com ajax.googleapis.com https://cdn.storelocatorwidgets.com http://cdn.storelocatorwidgets.com maps.googleapis.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://www.wh.com.sg https://cmswh.com.sg https://platform-api.sharethis.com https://t.sharethis.com ;  script-src-elem 'self' 'unsafe-inline' ws: wss: blob: https://geocode.arcgis.com/ http://loc.storelocatorwidgets.com/ www.googletagmanager.com www.youtube.com ajax.googleapis.com cdn.storelocatorwidgets.com nhg.app.keyreply.com maps.googleapis.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://platform-api.sharethis.com https://api.mapbox.com; style-src 'self' 'unsafe-inline' data: ajax.googleapis.com s7.addthis.com http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://edge.addthis.com nhg.app.keyreply.com maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com; object-src 'self' youtu.be www.youtube.com https://api.mapbox.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.quarticon.com/ https://info.quarticon.com/; img-src 'self' data: https://s.w.org/ https://secure.gravatar.com/ https://cdn.pixabay.com/ https://*.quarticon.com/ https://quarticon.com/; object-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; frame-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; 3
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-7hy9d9la9-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 3
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 3
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3
default-src "self"; img-src *; media-src * data:; 3
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 3
frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 2
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.allrecipes.com; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellhealth.com; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.marthastewart.com; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.eatingwell.com; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.treehugger.com; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.bhg.com; upgrade-insecure-requests; 2
base-uri 'self'; default-src 'self' *.photonengine.com; block-all-mixed-content; connect-src 'self' *.photonengine.com *.azure.com *.addsearch.com *.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://static.cloudflareinsights.com; frame-ancestors 'self'; frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io *.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' *.photonengine.com *.azure.com https://*.google-analytics.com https://*.googletagmanager.com blob: data:; object-src 'self' *.photonengine.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com https://www.gstatic.com *.azure.com https://*.google-analytics.com https://*.googletagmanager.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.foodandwine.com; upgrade-insecure-requests; 2
frame-ancestors 'self' *.boursorama.com *.boursobank.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.liveabout.com; upgrade-insecure-requests; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com code.jquery.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com *.virtualearth.net cdn.ckeditor.com *.google.com *.evergage.com code.jquery.com; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com *.googletagmanager.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'  2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com 'self' https://webapps.itmc.tu-dortmund.de https://service.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 'self' 2
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2
default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/ https://to.go.saleswingsapp.com/ https://tr.snapchat.com https://tr6.snapchat.com/p https://texthelp.tfaforms.net https://analytics.formassembly.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/ https://sc-static.net https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ https://texthelp.tfaforms.net https://s.saleswingsapp.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/ https://texthelp.tfaforms.net https://www.tfaforms.com; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net https://texthelp.tfaforms.net https://event.on24.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/  https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.wikimedia.org *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com  *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 2
default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/ https://open.spotify.com/ https://australianunity.esaas.inmoment.com.au/cgi-bin/qwebcorporate?idx=QJYD2R https://beyondblue.tfaforms.net/ https://turningpoint.raiselysite.com/ https://turningpoint.raiselysite.com/downer https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/ https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/ https://prod-donation-form.vercel.app/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://api.stripe.com https://maps.googleapis.com; frame-ancestors 'self' pages.sitecorecloud.io https://beyondblue-npsp.my.salesforce-sites.com; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; child-src 'self'; font-src 'self' data; form-action https:; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; worker-src 'none' 2
base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one *.contentsquare.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se audience.ws.apsis.one *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; connect-src 'self' https://api.friendlycaptcha.com https://piwik.bzga.de 2
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
connect-src 'self' 2
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org https://player.vimeo.com/ https://www.recaptcha.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onelogin.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/;; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:;; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com;; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl  https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net  data:; object-src 'none'; 2
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com *.google.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 2
frame-ancestors 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mista.ua https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.adtrafficquality.google *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com  https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org https://polyfill.io/ wikimapia.org https://*.jsdelivr.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com syndicatedsearch.goog *.googletagservices.com *.adtrafficquality.google *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org *.adsensecustomsearchads.com https://www.tiktok.com/; 2
frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: * 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com datawrapper.dwcdn.net *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 2
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
frame-ancestors https://*.holman.com *.holmancadillac.com *.holmanhondacentennial.com *.holmanhonda.com *.audisandiego.com *.audiflatirons.com *.audiboulderservice.com *.audipembrokepines.com *.audifortwashington.com *.holmanfordmapleshade.com *.holmanfordturnersville.com *.holmanlincolnmapleshade.com *.princetonbmw.com *.bmwofmtlaurel.com *.bmwoffortlauderdale.com *.bmwofpembrokepines.com *.bmwtigard.com *.kuniautocenter.com *.jaguarsandiego.com *.landroversandiego.com *.landroverdenver.com *.landroverlynnwood.com *.lexusofportland.com *.lexusofportland.com *.lexusofseattle.com *.holmaninfiniti.com *.holmantoyota.com *.lauderdalemini.com *.miniofmtlaurel.com *.porschesandiego.com *.mbvansmapleshade.com *.holmanmotorcars.com *.holmanauto.com *.holmancollision.com *.riskpartners.com *.holmancollision.com *.holmantransportationrrg.com *.holmanvinfastfortlauderdale.com *.holmanineosgranider.com *.studio.porschesandiego.com *.audisandiegofashionvalley.com *.lexusofgreenwoodvillage.com *.holmanineosgrenadier.com 2
default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.pstmn.io https://zer-poc.bzst.de  *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
default-src 'self'; block-all-mixed-content; child-src blob:; connect-src 'self' data https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.googleadservices.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://js.zi-scripts.com https://analytics.inzynk.io https://collector4.leadinfo.net https://collector.leadinfo.net https://api.leadinfo.com https://ws.zoominfo.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; font-src 'self' data: data fonts.gstatic.com; frame-src https://*.youtube.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://prod1.solutions.webfg.ch https://*.google.com https://td.doubleclick.net https://www.coface.fr https://pwm-image.trendmicro.com https://edge.media-server.com; img-src 'self' data: data blob https://tr.line.me https://*.lfeeder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://*.hsforms.com https://*.hubspot.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; object-src 'none'; script-src 'self' blob 'sha256-r5XNBZKG5SuRALRop397WzCpL6A7PPnVeJHjxu4dYoM=' 'sha256-PvjejqLYd3NWAQbuI5ztPkrH0+NbIyvfHcohUy/cDgY=' 'sha256-ixt9cJSW7l/TjcAHQwIkthvmNXKVhbctw0KIBmfT3vI=' 'sha256-TBFB22YzPYBT6rIyeICABgKnf6AS2XlCon7PlKpqwx0=' 'sha256-Mdr7Elzu0r9o/uLCgHaqqkGF/Cjybl8xHE3xxAJOpvE=' 'sha256-Fac3ZJh9Y/mUcXMm30RrYwSt3wFvJ7dvzNvifF3wz9o=' 'sha256-j7hX0Eb40FknxDtJlw+/vJUvnDRI62XPkRyAgR5yDPs=' 'sha256-7vg2+gdz1/ftFJq3ZBimCuYwW04BTLPk0Z8E7kVeGHY=' 'sha256-VyY8SEWR8lMYk6OETYa7fhiLcLnQwdZtN03ECJL48t0=' 'sha256-XbnphNbfccFW7zQZOKk1NECfmmjWeq0cg1FwHrMZZ3A=' 'sha256-nVZbCRzRQSuWk+9W2ls61mQODCppOVf74kz9tIVcvD8=' 'sha256-oIOkXW3jJVB3WzdBAFDW1Y+ploUa4qVp1mqHQeZ7U+Q=' 'sha256-uILB4C9XYyBWeOx5+XQDrAjrU4EsdqN9Ms3lKdPVl58=' 'sha256-fEneWIDmgpMHym15EtxErZC6ZUMtKxivpJeC0XmqQGc=' 'sha256-tAWD8lytuBP8gEXDAj+ZibUssoc3mxK0Qpx5aFn8TT4=' https://*.lfeeder.com https://tags.inzynk.io https://cdn.leadinfo.net https://plugin.sopro.io https://d.line-scdn.net https://js.zi-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://googleads.g.doubleclick.net https://*.gstatic.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hs-scripts.com https://*.linkedin.com https://*.licdn.com https://*.google.com https://*.google.fr; style-src 'self' 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src blob: 2
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.vimeo.com code.jquery.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com  tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com *.player.vimeo.com *.viralsweep.com js.adsrvr.org cdn.userway.org *.vimeo.com analytics.tiktok.com *.pinterest.com; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com  *.quantserve.com  *.vimeo.com  code.jquery.com 2
default-src https: 'self' blob:;script-src https: 'unsafe-inline' 'unsafe-eval' 'self';script-src-elem https: 'self' 'unsafe-inline';object-src https: 'self' blob:;frame-src 'self' blob: https:;style-src 'unsafe-inline' https: data: 'self';font-src https: data:;img-src * data: 'self';connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://*.usw2.pure.cloud wss://intercept-api.questionpro.com; frame-ancestors https://embed.questionpro.com; 2
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 2
frame-ancestors 'self' https://*.felgenoutlet.de 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com cognitoforms.com *.cognitoforms.com typekit.net *.typekit.net; frame-ancestors 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; frame-src 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; img-src * data: blob: 'unsafe-inline'; report-uri /nelmio/csp/report 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 2
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 2
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 2
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de web.cmp.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: uct.service.usercentrics.eu app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' web.cmp.usercentrics.eu app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 2
block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu https://ct.pinterest.com https://*.clarity.ms/; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://f1-contest.com https://desk.zoho.eu https://ar.salta.com https://www.googletagmanager.com https://td.doubleclick.net https://ct.pinterest.com; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com; upgrade-insecure-requests 2
frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tour.klapty.com/; 2
default-src 'self'; \
        script-src 'self' https://ssl.google-analytics.com; \
        img-src 'self' https://ssl.google-analytics.com 2
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2
block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee *.suvekeskus.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com www.googletagmanager.com embed.figma.com www.figma.com; report-uri /csp/report 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://piwik.bioeg.de/ ; frame-src *.frcapi.com 2
frame-ancestors https://www.degussa-goldhandel.de https://news.degussa-goldhandel.de https://www.degussa-adventskalender.de https://media.degussa-goldhandel.de 2
img-src * data:; media-src * data: blob:; 2
policy-uri /'none' 2
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * https:; 2
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' www.youtube.com *.digiaccess.org 2
frame-ancestors 'self' https://app.storyblok.com/ 2
style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 2
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 2
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 2
default-src 'self' localhost static.formstack.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: siteimproveanalytics.com js-agent.newrelic.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com browser-update.org api.eventcalendarapp.com *.formstack.com www.google.com www.gstatic.com web2.production.gyantts.com *.vimeocdn.com cdnjs.cloudflare.com hcaptcha.com newassets.hcaptcha.com stripe.com *.stripe.com *.stripecdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.visualweboptimizer.com app.vwo.com api.eventcalendarapp.com *.gstatic.com fonts.googleapis.com s3.amazonaws.com *.typekit.net *.vimeocdn.com cdnjs.cloudflare.com js.stripe.com; img-src * data:; media-src assets.gyant.com; form-action 'self' *.formstack.com https://bellin.org http://bellin.docksal.site:8080; frame-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; frame-ancestors 'self'; child-src 'self' blob: www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; font-src 'self' data: fonts.gstatic.com *.typekit.net api.eventcalendarapp.com s3.amazonaws.com *.formstack.com; connect-src 'self' bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com wss://web2.production.gyantts.com web2.production.gyantts.com *.hcaptcha.com stripe.com *.stripe.com; base-uri 'self'; report-uri /report-csp-violation 2
default-src 'self' *.region1.google-analytics.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://api2.abtasty.com try.abtasty.com *.region1.google-analytics.com *.analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gstatic.com z.moatads.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://lisa.kleio.ai https://gnosis.kleio.ai https://autodm-api-2xv1b1jq.ew.gateway.dev;connect-src 'self' https://measurement-api.criteo.com https://mtmvxcv.pa-cd.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gtm.js wss://*.bing.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://comptoir.jobs.beetween.com https://lisa.kleio.ai https://gnosis.kleio.ai https://autodm-api-2xv1b1jq.ew.gateway.dev;img-src 'self' https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.google.com editor-assets.abtasty.com *.contentsquare.net https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com data: *;child-src blob:;worker-src blob:;style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://gum.criteo.com https://qa-assistant.abtasty.com try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;font-src 'self' data: fonts.gstatic.com common-fonts.abtasty.com;frame-src 'self' https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://bid.g.doubleclick.net https://qa-assistant.abtasty.com csxd.comptoirdesvoyages.fr *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://lisa.kleio.ai;object-src 'none' 2
default-src 'self' *.google.com *.axa-assistance.cz *.axa-assistance.sk *.axa-assistance.pl *.axa-assistance.at *.axa-assistance.hu 2
frame-ancestors https://*.procampaign.net 2
reflected-xss block 2
frame-ancestors 'self' https://*.etracker.com 2
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu yommaserver.synology.me:5001 piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 2
default-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 2
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2
default-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://login.microsoftonline.com http://login.microsoftonline.com login.microsoftonline.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 2
default-src 'self'; block-all-mixed-content; connect-src sentry.trexima.sk 'self' https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.googlesyndication.com https://*.doubleclick.net https://ct.leady.com https://t.leady.com https://ads.worki.sk https://*.tiktok.com; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com https://trexima.ladesk.com https://2-vbus-de.ladesk.com videoservis.tasr.sk www.youtube.com www.facebook.com https://*.doubleclick.net https://*.googlesyndication.com https://*.ladesk.com https://*.googletagmanager.com; img-src 'self' data: *.googleusercontent.com *.worki.sk http.cat http.dog https://*.facebook.com https://*.google.com https://*.google.sk https://*.googletagmanager.com https://*.googlesyndication.com https://*.gstatic.com https://cdn-cookieyes.com https://*.doubleclick.net https://trexima.ladesk.com https://ct.leady.com https://t.leady.com via.placeholder.com; manifest-src 'self' https://dev.worki.sk/ https://dev.worki.sk/site.webmanifest https://stage.worki.sk/ https://stage.worki.sk/site.webmanifest https://www.worki.sk/ https://www.worki.sk/site.webmanifest https://*.worki.sk/*; script-src 'self' ajax.googleapis.com code.jquery.com www.google.com https://*.facebook.net https://*.facebook.com 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.googleadservices.com https://*.doubleclick.net/ https://cdn-cookieyes.com/ https://*.googlesyndication.com https://trexima.ladesk.com https://ct.leady.com https://ads.worki.sk https://*.tiktok.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com/; report-uri /nelmio/csp/report 2
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gtranslate.net connect.facebook.net/en_US/sdk.js stats.st-denis.cloud-ed.fr translate.google.com *.googleapis.com *.formnx.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com; img-src 'self' data: blob: apicivique.s3.eu-west-3.amazonaws.com cdn.gtranslate.net plainecommune.fr fonts.gstatic.com www.gstatic.com www.google.fr translate.googleapis.com *.google.com; frame-src *; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' apicivique.s3.eu-west-3.amazonaws.com/jvalogo.svg cdn.gtranslate.net stats.st-denis.cloud-ed.fr connect.facebook.net *.googleapis.com *.formnx.com translate.google.com *.gstatic.com; upgrade-insecure-requests 2
default-src 'self'; style-src 'self' 'unsafe-inline' 2
default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://x.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; 2
frame-ancestors 'self' localhost:* *.tason.com 2
default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: www.googletagmanager.com https://*.nhs.uk; connect-src 'self' www.googletagmanager.com https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie  https://*.google.nl https://*.webspellchecker.net 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.people.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.investopedia.com; upgrade-insecure-requests; 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thoughtco.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.ew.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellmind.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thespruce.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.realsimple.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.travelandleisure.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.lifewire.com; upgrade-insecure-requests; 1
default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-Wy+rQpe1WDY59FR2CbDh2Q=='; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.health.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.instyle.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.seriouseats.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.simplyrecipes.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thespruceeats.com; upgrade-insecure-requests; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-zE7rTkIKccqnKs52bRvlUQgV3beYoUQo6WnG9jVa+ZEnJXGi'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.brides.com; upgrade-insecure-requests; 1
default-src 'self'  *.destatis.de *.bewacherregister.de; base-uri 'self' *.bewacherregister.de; connect-src 'self' *.destatis.de interamt.de piwik.itzbund.de *.itzbund.de *.bewacherregister.de; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de *.bewacherregister.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net c19.bundesbots.de *.bewacherregister.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de c19.bundesbots.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de c19.bundesbots.de ; child-src blob: *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ c19.bundesbots.de www9.idev.nrw.de www.idev.nrw.de storymaps.arcgis.com stba.maps.arcgis.com *.dashboard-deutschland.de  shinymikrosimapp.azurewebsites.net start.video-stream-hosting.de data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com  *.destatis.de piwik.itzbund.de c19.bundesbots.de *.bewacherregister.de; frame-ancestors 'self' *.destatis.de statistikportal.bwl.doi-de.net *.statistikportal.de ; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellfit.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.byrdie.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.shape.com; upgrade-insecure-requests; 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com vimeo.com *.vimeo.com *.youtube.com cdn.bokeh.org *.bokeh.org *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com vimeo.com *.vimeo.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.tripsavvy.com; upgrade-insecure-requests; 1
default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
connect-src * 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net *.sentry-cdn.com *.adobedtm.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com *.wistia.com; img-src 'self' www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms id.rlcdn.com segments.company-target.com tags.srv.stackadapt.com ad.doubleclick.net www.google.co.in *.prod.acquia-sites.com *.apple.com *.advanceinsurance.com data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.wistia.net *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com bcbsks.data.adobedc.net adobedc.demdex.net; upgrade-insecure-requests 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se klimatanpassningsradet.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js https://platform.twitter.com https://challenges.cloudflare.com https://cdn.mouseflow.com https://cdn.jsdelivr.net/npm/search-insights@2.17.3; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com  https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/ https://www.googletagmanager.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thesprucepets.com; upgrade-insecure-requests; 1
object-src none 1
default-src https: 1
frame-ancestors 'self' *.boursobank.com; object-src *.boursorama.com *.boursobank.com *.brsimg.com 1
frame-ancestors 'self' bam.harri.com harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com new.harri.com fr.new.harri.com es.new.harri.com ru.new.harri.com de.new.harri.com pl.new.harri.com ar.new.harri.com tr.new.harri.com internal-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com internal-temp-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com live.harri.com liveschedule.harri.com; 1
frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thesprucecrafts.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1
default-src 'self' http: https: go.addigy.com https://*.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com https://*.pantheonsite.io;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https:  pages.addigy.com;img-src 'self' data: https://app-app.addigy.com https://www.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com  http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://aorta.clickagy.com https://b.sf-syn.com https://dev.visualwebsiteoptimizer.com https://alb.reddit.com https://forms.hsforms.com https://track.hubspot.com https://*.linkedin.com https://ps.eyeota.net https://match.adsrvr.org https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://ml314.com https://obseu.bzcclandlord.com https://cm.g.doubleclick.net https://perf-na1.hsforms.com/ https://forms-na1.hsforms.com/ https://assets.calendly.com/ https://c.clarity.ms/ https://c.bing.com/;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.myrecipes.com; upgrade-insecure-requests; 1
default-src 'self' data: 'unsafe-inline' bitrix.info uaas.yandex.ru vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' bitrix.info abt.s3.yandex.net api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; font-src 'self' fonts.googleapis.com; 1
frame-ancestors 'self' *.iza.org; 1
frame-ancestors https://*.omantel.om 1
frame-src 'self' www.google.com/recaptcha/api2/ vars.hotjar.com *.hotjar.io api.razorpay.com/v1/checkout/public intercom-sheets.com www.google.com/maps/embed/v1/place *.doubleclick.net; frame-ancestors https://tracxn.com https://platform.tracxn.com 1
default-src *.maaap.it *.ddev.site *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ingest.sentry.io *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline'; block-all-mixed-content; font-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; frame-src *.ddev.site *.adform.net *.calameo.com *.culture.fr *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.tiktok.com *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org *.x.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; img-src *.ddev.site *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline'; script-src *.ddev.site *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://tarteaucitron.io inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline' 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.liquor.com; upgrade-insecure-requests; 1
frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com nbcolympics.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://cdn.popupsmart.com  https://cdnjs.cloudflare.com https://cbpfgms.github.io https://connect.facebook.net https://partner.googleadservices.com https://www.googleadservices.com  https://googleads.g.doubleclick.net https://*.clarity.ms https://c.bing.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com fonts.googleapis.com https://www.google.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://cdn.popupsmart.com https://use.fontawesome.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data: https://mvsfservicefabricusva.blob.core.windows.net; frame-src 'self' https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://embed.mediavalet.com *.un.org https://cdnapisec.kaltura.com  https://datawrapper.dwcdn.net https://app.powerbi.com https://vimeo.com https://player.vimeo.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://*; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.agriculture.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.peopleenespanol.com; upgrade-insecure-requests; 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.learnreligions.com; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-VAflsyR7uj0S8qI6a7WjgA==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
default-src https:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' http: www.google-analytics.com ajax.googleapis.com; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.mydomaine.com; upgrade-insecure-requests; 1
child-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru/ ; connect-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru/  wss://coapi.myoffice.team data:; font-src 'self' data: cdn.myoffice.team boards.myoffice.team; frame-ancestors auth.myoffice.team boards.myoffice.team cdn.myoffice.team docs.myoffice.team files.myoffice.team links.myoffice.team mail.myoffice.team im.ncloudtech.ru im.ncloudtech.ru; frame-src 'self' blob: coapi.myoffice.team auth.myoffice.team boards.myoffice.team cdn.myoffice.team docs.myoffice.team links.myoffice.team  crash-reports.myoffice.ru/ mail.myoffice.team im.ncloudtech.ru im.ncloudtech.ru; img-src 'self' data: blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru/ ; media-src 'self' blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team crash-reports.myoffice.ru/ ; object-src 'self' blob: coapi.myoffice.team; report-uri https://coapi.myoffice.team/csp-report; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.myoffice.team boards.myoffice.team; style-src 'self' 'unsafe-inline' cdn.myoffice.team boards.myoffice.team; default-src 'none' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.clickandboat.com/frontend-assets/master/elements/ https://assets.clickandboat.com/frontend-assets/master/ https://assets.clickandboat.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com pagead2.googlesyndication.com www.google.com www.googletagmanager.com www.googleadservices.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io d.impct.site https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com pixels.spotify.com pixel.byspotify.com evnt.byspotify.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com bytedance: sslocal:; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.clickandboat.com/frontend-assets/master/ https://assets.clickandboat.com/frontend-assets/master/elements/ blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.doubleclick.net secure.adnxs.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com www.google.ae www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.il www.google.co.jp www.google.co.uk www.google.com www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.mt www.google.com.mx www.google.com.tr www.google.com.ua www.google.cz www.google.de www.google.dk www.google.dz www.google.es www.google.fr www.google.gp www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com x.bidswitch.net r.casalemedia.com id5-sync.com ad.360yield.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ad.yieldlab.net sync.1rx.io wjzjfj.clickandboat.com gum.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com csm.fr3.eu.criteo.net; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.clickandboat.com/frontend-assets/master/elements/ https://assets.clickandboat.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com browser.sentry-cdn.com fast.ssqt.io pixel.byspotify.com 'unsafe-inline' 'nonce-1p1ewcZh5V7dsWLHXW9MwQ=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.clickandboat.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com www.gstatic.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; report-uri https://o417216.ingest.us.sentry.io/api/4506020607492097/security/?sentry_key=3c14ba189cc8cb536d95fb1b6fe67298 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 1
default-src 'self'; script-src 'self' https://youtube.com/ https://cnes.matomo.cloud/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://www.tiktok.com https://www.instagram.com/ https://platform.twitter.com/ https://www.myadvent.net/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ https://*.cnes.fr; object-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://*.cnes.fr; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io/css/ cdn.tarteaucitron.io/css/ https://fonts.googleapis.com/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/; img-src 'self' data: https://i.ytimg.com https://*.tile.openstreetmap.fr 'unsafe-inline' https://tarteaucitron.io/log/ tarteaucitron.io/log/ https://content.milibris.com/ https://*.cnes.fr; media-src 'self' https://podcast.cnes.fr/ https://www.podcast.cnes.fr/ https://*.cnes.fr; frame-src 'self' https://youtube.com https://www.youtube.com player.vimeo.com  youtube.com www.youtube.com https://youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://videotheque.cnes.fr/ https://app.myadvent.net/ https://www.facebook.com/ https://www.linkedin.com/  https://www.instagram.com/ https://platform.twitter.com/  https://www.tiktok.com/ https://open.spotify.com/ https://*.twitch.tv https://*.cnes.fr; frame-ancestors 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://tarteaucitron.io/ tarteaucitron.io https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://*.cnes.fr; child-src 'self'  https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://cdn.cafeyn.co; connect-src 'self' 'unsafe-inline' https://cnes.matomo.cloud/ https://cdn.matomo.cloud/cnes.matomo.cloud/ https://tags.data-driven.fr cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://content.milibris.com/ https://www.tiktok.com  https://*.cnes.fr 1
default-src 'self'; script-src 'report-sample' 'self' https://contaazul.my.salesforce.com/embeddedservice/5.0/client/liveagent.esw.min.js https://d.la1-c2-ia4.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://d.la1-c2-ia5.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://www.googletagmanager.com/gtag/js; style-src 'report-sample' 'self' https://contaazul.my.salesforce.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://contaazul.my.salesforce.com; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://653a851cb68e7c6a2aefe900.endpoint.csper.io/?v=0; worker-src 'self'; 1
script-src 'nonce-cfcf8a54-53cd-4117-9055-f1d42e6ffeef' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com https://download1.pornbox.com download1.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect https://*.googleapis.com *.googleapis.com https://*.firebaseio.com *.firebaseio.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://fonts.gstatic.com fonts.gstatic.com data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://accounts.google.com accounts.google.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com apis.google.com https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com  auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com youtu.be *.youtu.be gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net *.g.doubleclick.net addthis.com *.addthis.com 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com www.googleadservices.com www.google.com *.googleadservices.com *.google.com googleads.g.doubleclick.net bid.g.doubleclick.net *.g.doubleclick.net snap.licdn.com *.snap.licdn.com *.licdn.com p.adsymptotic.com *.adsymptotic.com *.googlesyndication.com googlesyndication.com cdn.linkedin.oribi.io www.google.com.eg *.google.com.eg *.mainstay.com addtoany.com *.addtoany.com googleapis.com *.googleapis.com noembed.com *.noembed.com plyr.io *.plyr.io cdn.jsdelivr.net *.clarity.ms surveymonkey.com *.surveymonkey.com https://*.consentmanager.net https://*.cookieinformation.com *.cookieyes.com cdn-cookieyes.com; report-uri /report-csp-violation 1
frame-src 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi customer.cludo.com; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai boost-files-general-eu-west-1-test.s3-eu-west-1.amazonaws.com boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com; media-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai *.monitor.azure.com *.cdn.applicationinsights.io customer.cludo.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai youtube.com *.in.applicationinsights.azure.com js.monitor.azure.com api.cludo.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org 1
X-Content-Security-Policy 1
default-src 'self' *.medimpact.com data:;; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com cdnjs.cloudflare.com *.google-analytics.com *.vimeo.com  *.youtube.com  *.medimpact.com *.unpkg.com unpkg.com; object-src 'self' *.medimpact.com data:;; style-src 'self' 'unsafe-inline' *.unpkg.com unpkg.com; img-src 'self' *.google-analytics.com  *.medimpact.com *.googletagmanager.com data:;; media-src 'self'  *.medimpact.com data:;; frame-src *.vimeo.com *.youtube.com  *.medimpact.com; frame-ancestors  *.medimpact.com; font-src 'self' * data:;; connect-src 'self' *.google-analytics.com *.vimeocdn.com  *.medimpact.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' webhost1.ru d.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru  *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.bitrix24.ru *.roistat.com privacy-cs.mail.ru top-fwz1.mail.ru infird.com *.sbis.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.dailypaws.com; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.spd.de https://api.spendino.de https://maps.googleapis.com https://altruja.de https://www.verbavoice.net https://*.raisenow.com https://cdn.jsdelivr.net https://*.datatrans.com ; img-src 'self' data: https://*.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://*.openstreetmap.de https://images.admiralcloud.com https://*.micropayment.de https://cdn.jsdelivr.net ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://*.spd.de https://dpa-electionslive.s3.amazonaws.com https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://www.youtube.com https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://www.verbavoice.ne https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://*.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://t3prod.admiralcloud.com https://player.admiralcloud.com https://gateway.spendino.de https://*.datatrans.com ; style-src 'self' 'unsafe-inline' https://*.spd.de https://fonts.googleapis.com https://assets.raisenow.io https://cdn.jsdelivr.net ; connect-src 'self' https://*.spd.de https://altruja.de wss://ws-eu.pusher.com https://*.raisenow.io https://*.raisenow.com ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' data: https://*.spd.de https://fonts.gstatic.com https://assets.raisenow.io ; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
base-uri 'self';child-src 'none';connect-src 'self' webpack://* *.algolia.net *.algolianet.com *.adnxs.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io privacyportal-fr.onetrust.com bat.bing.com geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com *.googleadservices.com *.facebook.com googleads.g.doubleclick.net *.hotjar.io *.google-analytics.com metrics.relaischateaux.com *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com api.widget.botmind.ai;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self' *.adyen.com *.adyenpayments.com;frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com recaptcha.net www.google.com www.googletagmanager.com *.adyen.com;img-src 'self' data: blob: www.relaischateaux.com *.gstatic.com *.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com www.facebook.com ib.adnxs.com *.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com *.googletraveladservices.com *.googletagmanager.com googleads.g.doubleclick.net *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com d1m7xnn75ypr6t.cloudfront.net cdn.worldweatheronline.com loremflickr.com c1.tacdn.com www.tripadvisor.com www.tripadvisor.fr assets.relaischateaux.com static.tacdn.com;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com recaptcha.net www.gstatic.com www.google.com *.adyen.com *.actito.be secure-hotel-tracker.com *.googleadservices.com *.yahoo.com *.yahoodns.net *.yimg.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com *.googletagmanager.com;worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self' data: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com nonce-0688f2011cf32c6c471ed4de1e1b983a *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net https://cdn.jsdelivr.net/npm/choices.js@4/public/assets/scripts/choices.min.js https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/645ce8e8af0302001ab5296a.js; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob: www.googletagmanager.com; media-src 'self' data: https: blob:; frame-src 'self' data: blob: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1
default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.hlisb.com.my https://www.hlb.com.kh https://www.hlbank.com.sg https://www.hlbank.com.vn https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my  https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my https://10.103.8.91 wss://10.103.8.91 1
default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com www.googleadservices.com googleads.g.doubleclick.net *.tags.srv.stackadapt.com tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com cdn.userway.org tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com  s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net ad.doubleclick.net *.google.ca *.gstatic.com *.googletagmanager.com tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com alb.reddit.com  s.yimg.com sp.analytics.yahoo.com; media-src 'self' 'unsafe-inline' youtube.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com  onelink-edge.com  googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com bid.g.doubleclick.net *.company-target.com youtu.be tags.srv.stackadapt.com  dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com  s.yimg.com sp.analytics.yahoo.com *.pub.sfmc-content.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com; child-src 'self' blob: dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com config.reddit.com www.redditstatic.com conversions-config.reddit.com ct.pinterest.com s.yimg.com analytics.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1
frame-ancestors 'self' https://*.allhomes.com.au 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de  'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.midwestliving.com; upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src  'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de *.webview.isb-mopa.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; Content-Security-Policy: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src  'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; X-Webkit-CSP: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de*.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src  'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; font-src 'self' https://hcss-styleguide.azureedge.net https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' cdn.pendo.io; img-src 'self' https://purecatamphetamine.github.io; object-src 'none'; frame-src 'self'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation; connect-src 'self' https://localhost:7279; navigate-to 'self' https:; base-uri 'self'; 1
default-src 'self'; script-src 'self'; object-src 'none'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; script-src-elem: cdn.dashjs.org; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self' datawrapper.dwcdn.net; 1
default-src 'self' *.crazyegg.com https://www.clarity.ms https://*.clarity.ms https://brandfolder.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://93903118.adoric-om.com/adoric.js cdn.pushcrew.com *.crazyegg.com https://brandfolder.com https://script.crazyegg.com https://www.youtube.com https://bat.bing.com https://bat.bing.com/bat.js https://www.youtube.com/s/player/652ba3a2/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/s/player/9135c2ab/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__en.js https://www.google.com/recaptcha/api.js https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com https://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js https://play.vidyard.com https://play.vidyard.com https://connect.facebook.net https://app-sj04.marketo.com https://munchkin.marketo.net https://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com https://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://brandfolder.com https://static.adoric.com/adoric.v9.11.min.css *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://dev.visualwebsiteoptimizer.com/static/latest/styles/themes/light-1975c1b85dd0e3c2ab714e934485e6dc.css https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com https://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://090-bzj-603.mktoutil.com https://o.clarity.ms/collect https://n.clarity.ms/collect https://brandfolder.com *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://e.clarity.ms/collect https://app.adoric-om.com https://www.google.com https://r3.visualwebsiteoptimizer.com https://s.clarity.ms/collect https://u.clarity.ms/collect https://q.clarity.ms/collect https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://script.crazyegg.com https://v.clarity.ms/collect https://z.clarity.ms/collect https://i.clarity.ms/collect https://bat.bing.com https://pagead2.googlesyndication.com https://r.clarity.ms/collect https://d.clarity.ms/collect https://h.clarity.ms/collect https://api.nelioabtesting.com https://googleads.g.doubleclick.net/pagead/landing https://b.clarity.ms/collect https://www.google.com/pagead/landing https://l.clarity.ms/collect https://k.clarity.ms/collect https://j.clarity.ms/collect https://a.clarity.ms/collect https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://play.vidyard.com https://play.vidyard.com https://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://090-bzj-603.mktoresp.com https://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com https://brandfolder.com https://aurora.videojet.com https://sketchfab.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com https://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com https://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.crazyegg.com https://cdn.jsdelivr.net/npm/emoji-datasource-google@7.0.2/img/google/64/1f449.png https://ce-user-images.s3.amazonaws.com https://fonts.gstatic.com https://r3.visualwebsiteoptimizer.com https://cdn.videojet.com https://bat.bing.com https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org https://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com https://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com  https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://2.gravatar.com https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.videojet.com https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' blob: https://www.videojet.com/8f800ce3-8244-4b89-89b5-f03508f5a826 https://www.videojet.com/17d37230-7797-4321-a585-61ea33fad9f3 https://www.videojet.com/cc4a4225-3925-4a45-9842-5933b7d1004b https://www.videojet.com/56d54f80-c9ab-4331-b33f-e06b66dc3b0d https://www.videojet.com/4a05e78f-8c13-4b73-b62e-cf1df09d0daf https://www.videojet.com/450800d5-f8dd-4adc-9cee-572a40fcf72d https://www.videojet.com/77112999-e527-4268-a2e0-3fc213b55130 https://www.videojet.com/35be1011-2e28-417c-8a5e-7f73009dc4f4 https://www.videojet.com/852f27a1-4c63-4e96-b551-09b8f4c8fec9 https://www.videojet.com/7f16fe24-41b5-48db-84d6-22eba56fbc4b https://www.videojet.com/0b2010b5-5b14-4954-8230-e5816ffb81e5 https://www.videojet.com/346cc51c-f115-4697-9b12-446a731a14ce https://www.videojet.com/16590a3a-1258-41d0-aa21-eb1844b7c560 https://www.videojet.com/b6d93fc6-05bb-4ce9-9e4a-80cf090dc381 https://www.videojet.com/64a77bc7-a7fe-4ba2-93d4-9c66636966c6 https://www.videojet.com/37656ea4-dd66-4da7-9bc8-0e8454b7f99d https://www.videojet.com/0c3580f6-3734-462d-b2b3-ec419e4341aa https://www.videojet.com/af68f78b-610e-437a-b4b5-72e77a2e56cb https://www.videojet.com/0a433153-d644-4a90-9e9d-2a6798084d16 https://www.videojet.com/5fb9fe23-9ef9-4843-a751-337ccd9d9ff7 https://www.videojet.com/176f0f62-9ad1-4968-a8c0-bf0cef77d9df https://www.videojet.com/01e5614d-ef9b-4ee9-aabf-d467a15efe37 https://www.videojet.com/d0efd544-1d21-412c-b5df-f4bb1e962a0e https://www.videojet.com/41077642-ba17-4a59-8c15-b88998d01515 https://www.videojet.com/f5dcab1f-c82e-4e77-a4a3-bda49f73c4b8 https://www.videojet.com/2714c20b-65e2-44de-b392-7de6d9ed1d0b https://www.videojet.com/00d52daf-2ce5-43d5-8aa5-bada1ae6bb35 https://www.videojet.com/c2a9034a-2113-47b0-95e0-ba70f153ada0 https://www.videojet.com/5e605692-361b-4b3b-8e35-f390a089aec5 https://www.videojet.com/8c980ae2-aee2-49ae-a310-01d4ec69b200 https://www.videojet.com/93a2e38a-1795-4548-a9d5-77016b60d2da https://www.videojet.com/da4bf386-65f8-48d1-9320-7bc8baffb942 https://www.videojet.com/27924d43-ac34-4b4f-9dc8-8c4044b64419 https://www.videojet.com/053c2f2d-12c6-4c7a-ad65-dc3a9fa37e11 https://www.videojet.com/8a8ed960-d9e4-4e75-bcee-b10b973e5538 https://www.videojet.com/4b26b4de-e236-45b4-a332-dcbcab49a215 https://www.videojet.com/6589a4db-4107-48fe-b7ec-a64dfde8efe4 https://www.videojet.com/90e5c3a7-ace9-4cfd-850c-a7cf3bb63a7f https://www.videojet.com/876a4b1e-29d5-4aa9-b700-d19e22919ab3 https://www.videojet.com/be48ff17-3c5f-4363-a81d-fc019f7989d9 https://www.videojet.com/b513495a-d5af-406f-956b-ea8f707d3c83 https://www.videojet.com/9412d8a5-1a32-4101-8a63-6b1f6e039630 https://www.videojet.com/a05777b4-dd1a-4c6c-b531-2f6723deae8d https://www.videojet.com/8d61af98-d917-4429-94b1-0936842ac333 https://www.videojet.com/c134f1fc-70df-4ad4-a498-20f0037e8c5c https://www.videojet.com/c17d1145-be66-4f9c-b6eb-92acdfcf315d https://www.videojet.com/7e685416-f3f7-4121-a4f1-174f7f0c3bec https://www.videojet.com/c696b255-535b-4608-81b7-39e0806df13a https://www.videojet.com/61bd0fb4-b015-40bb-96c9-130e3b985be0 https://www.videojet.com/46892d75-c151-4707-b51c-2292d2d6d65f https://www.videojet.com/f118d694-df45-4bcf-bd4d-aab3b7aeee33 https://www.videojet.com/48017537-929e-4ad5-9757-e67b262d45df https://www.videojet.com/117795bb-b988-48b3-9b0f-5db989c4b691 https://www.videojet.com/1cafafe3-39ff-4f4f-b692-5e038933fc7d https://www.videojet.com/b0936365-29d0-426c-ae87-760d4b3613da https://www.videojet.com/14adb335-c443-4497-ba6a-62aeec9d5f68 https://www.videojet.com/22033d11-8285-45c6-9096-42f6f039514c https://www.videojet.com/d006e5b8-84f5-4676-9727-f926834dcc6c https://www.videojet.com/101e1222-bf33-40be-863f-81ee6807c9c4 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/54d65f82-d9d5-4f40-b356-5ff2bfa1ede5 https://www.videojet.com/c27ea47d-1ace-4499-8f48-dd365c2c2cff https://www.videojet.com/67328adb-ce0e-44d8-89ff-907cec9a9572 https://www.videojet.com/2c5dac11-53be-45bd-a1bf-9158e0c258e9 https://www.videojet.com/6c37e40f-eef0-425f-afd2-07cf2902f0c8 https://www.videojet.com/b03ab104-a4cc-490a-8c46-1e6ec48ab5ab https://www.videojet.com/043af784-9c5c-4edd-bff3-38c5eb2f5768 https://www.videojet.com/3585e1e8-d56e-4662-92db-efd1a3f74c40 https://www.videojet.com/3dbad550-e88f-4360-b5d8-9c9281e07435 https://www.videojet.com/095ee2b7-26bc-4836-8d0a-74706fecb366 https://www.videojet.com/00ad9452-3529-4ce0-9ed6-1eaff508d2e9 https://www.videojet.com/114b0a18-57c7-4663-9c1a-527928629afc https://www.videojet.com/32e1040a-1837-41a2-a9f0-af59f6b3b271 https://www.videojet.com/429959ec-3e8a-4c07-9fab-c386491ccd9b https://www.videojet.com/3b662cf4-d714-41f9-bc28-e984e2646ec5 https://www.videojet.com/60497885-22f7-4d78-b232-8a03496a511a https://www.videojet.com/975addda-33ab-419b-be30-f8f28cbcbed2  https://www.videojet.com/fdd687c5-3a20-455e-93a8-249ca0be729b https://www.videojet.com/6d404870-636e-4a2e-90c0-23ff00ec0091 https://www.videojet.com/6a51256c-7fc3-48c4-8ba2-4c2fed76f3fd https://www.videojet.com/159c39b4-c875-49e1-afee-1484faed62e2 https://www.videojet.com/489d5d2c-4da2-4d03-ba13-d691b2048e29 https://www.videojet.com/6ef4e507-36a9-4608-b214-b25fc9f3826c https://www.videojet.com/10d5333b-d694-4260-8849-5409a982f4f2 https://www.videojet.com/7f6f422a-f91d-4566-a955-280febef40f0 https://www.videojet.com/642c9f9a-9c7f-48af-a8bc-b11952d37dbf https://www.videojet.com/70a6aac0-b30b-45dc-a2bf-26c7d77b18fc https://www.videojet.com/a671e91f-8658-4818-ba3f-27a99afbe204 https://www.videojet.com/0d0cc83f-b381-4158-8b09-3694096c6fe6 https://www.videojet.com/440cf408-5c40-42b4-a359-749f3acac925 https://www.videojet.com/36214bec-996a-4e05-970a-d241d12f2db8 https://www.videojet.com/926a8753-53b5-4ad4-a62c-4713dbd1c37f https://www.videojet.com/c9d5afaf-a0aa-4db7-b518-d967b3d81b36 https://www.videojet.com/1295068b-cdb0-46ed-819a-deec0a6a36bd https://www.videojet.com/a644a86c-7519-4f37-aea1-b6d2f9fdc74d https://www.videojet.com/3c3628c1-5a46-41af-a537-db43daeef27f https://www.videojet.com/eaee86f7-2def-47cd-a2da-c205fd59ff74 https://www.videojet.com/d474b2a2-dfbd-4839-801c-7bfa3d00d171 https://www.videojet.com/2bc12286-5f03-4415-8f6b-0b18c6c90678 https://www.videojet.com/53cde3ea-2d8d-4289-aa7e-64e16b22c213 https://www.videojet.com/3243adbf-8aa3-4fa5-8666-2ec5bdb6f8b7 https://www.videojet.com/08a2f4c8-c23c-41fa-b029-ea7e111c1514 https://www.videojet.com/3191c924-2f60-4df2-b958-218e0b9b123e https://www.videojet.com/91a64e33-4c05-4b24-b405-a8461f7f1322 https://www.videojet.com/9600bcf4-3d06-4e24-b9af-7acd859cf28a https://www.videojet.com/0a315fd7-f8d2-4b2b-915b-77c4bd3c0217 https://www.videojet.com/7ab9984b-8cab-4783-b2ab-2427d3b33600 https://www.videojet.com/32afd7a5-fa8b-4d05-8146-ef4a0a4369ab https://www.videojet.com/84173372-c53e-4ed0-8ffe-bdbb31359feb https://www.videojet.com/cf6e098c-906f-4e75-b259-dd7e1c6a0786 https://www.videojet.com/d1fc4e99-bda5-42fd-ac03-2b4ec19dc3ac https://www.videojet.com/3e11e14c-6fe1-45e3-b8bd-5f2339b05902 https://www.videojet.com/e25e662a-d923-4559-aee9-e5fa12862a4f; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.thirdiron.com/ https://maps.googleapis.com https://www.youtube.com/ https://www.google.com https://www.gstatic.com/; img-src 'self' data: https://thirdiron.com https://assets.thirdiron.com https://assets.thirdiron.com https://secure.gravatar.com; object-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; frame-src 'self' data: https://www.elegantthemes.com/ https://www.youtube.com/ https://www.google.com; 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.woodmagazine.com; upgrade-insecure-requests; 1
default-src *;script-src 'self' 'nonce-ziGBdtLpCt/eLC440xVNjgrNB0HDN1hXr+mwFesBPec='; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com cdn.jsdelivr.net *.akamaihd.net *.ceros.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net *.facebook.com *.ceros.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.lowi.es https://lowi.es; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; connect-src * 'self' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com 1
base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://*.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-h2l31fm32-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com fonts.googleapis.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio;frame-src 'self' https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1
frame-ancestors 'self' https://*.pmsuryaghar.gov.in; script-src 'self' https://gis.pmsuryaghar.gov.in 'unsafe-inline' https://mapservice.gov.in https://js.arcgis.com; script-src-elem 'self' https://gis.pmsuryaghar.gov.in 'unsafe-inline' https://mapservice.gov.in https://js.arcgis.com; object-src 'none'; worker-src 'self' https://js.arcgis.com blob:; 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://gtm.zone-secure.net https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/ *.woosmap.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.googletagmanager.com *.google.com *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com *.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com *.centrakor.com https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io *.woosmap.com https://purecatamphetamine.github.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com *.google.com *.googletagmanager.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/ https://service.zone-secure.net/ *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.google.com *.googletagmanager.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net https://metrics.centrakor.com;base-uri 'self';media-src 'self' data: *.flbx.io;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.youtube.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com youtu.be *.youtube.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-src 'self' player.vimeo.com *.youtube.com *.youtube-nocookie.com youtu.be *.youtube.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com youtu.be *.youtube.com *.ytimg.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com bat.bing.net *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de *.moviexchange.com unpkg.com *.adtrafficquality.google ad.turn.com; block-all-mixed-content 1
default-src 'self';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline';connect-src 'self';font-src 'self';style-src 'self' 'unsafe-inline'; 1
default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data:; frame-ancestors 'self'; 1
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://gateway.mobbeel.com/ mobbeel.com *.mobbeel.com 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de  www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1
script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com  *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self'; frame-src 'self' centredeservices.alturing.eu www.youtube.com www.youtube-nocookie.com *.chronopost.fr *.weborama.fr www.googletagmanager.com mmtro.com www.zenaps.com *.doubleclick.net www.awin.com marketingplatform.google.com *.chronoshop2shop.fr *.chronoshop2shop.com  *.cookiebot.com; form-action 'self' *.chronopost.fr *.chronoshop2shop.com *.chronoshop2shop.fr http:; default-src 'self' data: *.googleusercontent.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.aticdn.net  *.cookiebot.com *.xiti.com *.abtasty.com *.chronopost.fr *.chronoshop2shop.fr *.chronoshop2shop.com *.cloudflare.com cdn.jsdelivr.net *.facebook.net *.facebook.com *.googleapis.com *.doubleclick.net *.mmtro.com *.weborama.fr *.metaffiliation.com www.dwin1.com *.clarity.ms *.google.com *.google.fr *.googlesyndication.com lantern.roeye.com lantern.roeyecdn.com *.googleadservices.com 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; default-src * data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' data: https://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline' 'unsafe-eval' https://web106.reachmee.com https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://cdn.plyr.io https://player.vimeo.com https://static.cloud.coveo.com https://cdn.jsdelivr.net https://view.ceros.com https://jamesleist.com https://clientweb.passle.net https://cdn.iframe.ly https://safespaces.azurewebsites.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com; style-src 'self' data: 'unsafe-inline' https://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.plyr.io https://static.cloud.coveo.com https://jamesleist.com https://safespaces.azurewebsites.net https://www.gstatic.com; img-src * 'self' data: https://*.hotjar.com https://jamesleist.com; font-src 'self' data: https://*.hotjar.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com https://jamesleist.com https://safespaces.azurewebsites.net; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://jamesleist.com; frame-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com https://view.ceros.com https://jamesleist.com https://www.podcaster.de https://w.soundcloud.com https://open.spotify.com/  https://cdn.iframe.ly; frame-ancestors 'self' https://*.twobirds.com https://viewer.foleon.com https://sdn.sitecore.net 1
base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
allow *; options inline-script eval-script; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.aboutespanol.com; upgrade-insecure-requests; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com cdn.tailwindcss.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com www.googletagmanager.com *.upviral.com ;connect-src 'self' bd1.zortrax.com stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com zortrax.us14.list-manage.com *.list-manage.com  *.wistia.com *.litix.io 3dprint.zortrax.com *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com www.google.com *.facebook.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com *.imaginativeenterprising-intelligent.com *.mouseflow.com *.clarity.ms *.publuu.com *.buzzsprout.com *.lfeeder.com cdn.ckeditor.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com *.cloudflare.com *.avl-marketing.com *.clarity.ms *.amazonaws.com *.lfeeder.com *.kununu.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at *.publuu.com publuu.com *.buzzsprout.com publications.avl.com www.googletagmanager.com; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com *.mouseflow.com *.cloudflare.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com *.mouseflow.com *.clarity.ms bat.bing.com; report-uri /report-csp-violation 1
default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1
frame-ancestors 'self' forms.saib.com.sa *.saib.com.sa; report-uri /report-csp-violation 1
default-src 'self'nosniff 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.gsb.bund.de; media-src 'self' *.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-Qfn7cDzVWid0i6CG' *.mypurecloud.ie js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js bat.bing.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net bat.bing.net adservice.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.mypurecloud.ie wss://*.mypurecloud.ie *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.* bat.bing.net ad.doubleclick.net adservice.google.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' *.mypurecloud.ie blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl www.googletagmanager.com player.springcast.app;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv  *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; img-src 'self' 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1
default-src blob: https: wss: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.google.com/ads/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://b.6sc.co/ https://app-sj27.marketo.com/ https://go.scaledagile.com/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://static.smartrecruiters.com/ https://*.company-target.com/ https://www.smartrecruiters.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://s.company-target.com/ https://scaledagilenetwork.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://www.google.com/ https://www.google.com/ads/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://cdn.vidyard.com/ https://cdn.vidyard.com/thumbnails/18287566/TcTilRh6vhdyHxZi9F4VIQ.png https://play.vidyard.com/ https://id.rlcdn.com/ https://b.6sc.co/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.linkedin.com/* https://go.scaledagile.com/ https://www.googletagmanager.com/ https://segments.company-target.com/ https://scaledagile.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://scaledagilenetwork.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; 1
default-src 'self' https://www.googletagmanager.com https://connect.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.userway.org https://cdn.gtranslate.net https://cdn.agentbot.net https://static.addtoany.com https://cdn.jsdelivr.net https://www.youtube.com https://vimeo.com https://player.vimeo.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://d335luupugsy2.cloudfront.net https://www.facebook.com https://*.facebook.net https://*.fbcdn.net https://snap.licdn.com/ https://avi-web-scripts.s3.us-east-1.amazonaws.com https://avi.unisabana.edu.co https://www.clarity.ms; object-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.userway.org https://static.canva.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com; img-src 'self' 'unsafe-inline' https://usabana.widen.net https://cdn.gtranslate.net https://objectstorage.us-ashburn-1.oraclecloud.com https://cdn.userway.org data: https://cdn.jsdelivr.net https://previews.us-east-1.widencdn.net https://i.ytimg.com https: blob: https://static.canva.com; media-src 'self'  'unsafe-eval' https://agentcore.s3.amazonaws.com https://usabana.widen.net https://previews.us-east-1.widencdn.net https://youtu.be https://www.youtube.com https://vimeo.com https://player.vimeo.com data: https: blob: https://static.canva.com; frame-src 'self' https://static.addtoany.com https://cdn.userway.org https://www.youtube.com https://online.flippingbook.com https://formconnector.com https://view.genially.com https://vimeo.com https://player.vimeo.com https://www.google.com https://canvateam.zendesk.com https://phoenix.canva.com https://www.canva-iris.com https://www.canva.com https://app.powerbi.com https://view.genial.ly https://w.soundcloud.com https://www.googletagmanager.com https://td.doubleclick.net https://calendar.google.com https://google.com https://live.unisabana.edu.co/ https://avi.unisabana.edu.co/; frame-ancestors 'self' https://unisabanastartdev.prod.acquia-sites.com https://unisabanastartstage.prod.acquia-sites.com https://unisabanastartprod.prod.acquia-sites.com https://campusvirtual.unisabana.edu.co http://campusvirtual.unisabana.edu.co; child-src 'self' https://unisabanastartdev.prod.acquia-sites.com https://unisabanastartstage.prod.acquia-sites.com https://unisabanastartprod.prod.acquia-sites.com https://campusvirtual.unisabana.edu.co http://campusvirtual.unisabana.edu.co; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org data: https: https://static.canva.com; connect-src 'self' https://adapter.aivo.co https://api.userway.org https://cdn.userway.org https: data: wss: https://o13855.ingest.sentry.io https://telemetry.canva.com/v1/traces https://translate-pa.googleapis.com/v1/translateHtml https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://js.cdn.applicationinsights.io https://js.cdn.monitor.azure.com *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src-attr 'self' data: 'unsafe-inline' 'unsafe-eval' *.taylorwessing.com www.gstatic.com maps.googleapis.com www.buzzsprout.com *.licdn.com *.hotjar.com embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com https://*.vimeocdn.com https://*.cookiebot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://embed.typeform.com/ www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' www.gstatic.com *.vimeocdn.com https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://cdn.optimizely.com *.siteimproveanalytics.io *.linkedin.com *.cookiebot.com *.vimeocdn.com maps.googleapis.com maps.gstatic.com https://*.google-analytics.com www.gstatic.com videoapi-sprites.vimeocdn.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: www.taylorwessing.com taylorwessing.com *.taylorwessing.com *.podigee-cdn.net fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' https://js.monitor.azure.com https://dc.services.visualstudio.com www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://logx.optimizely.com https://*.optimizely.com idx.liadm.com *.doubleclick.net *.linkedin.com cdn.linkedin.oribi.io consentcdn.cookiebot.com maps.googleapis.com www.google-analytics.com player-telemetry.vimeo.com region1.google-analytics.com 132vod-adaptive.akamaized.net 62vod-adaptive.akamaized.net *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' www.taylorwessing.com taylorwessing.com *.taylorwessing.com blob:; object-src 'none'; frame-src 'self' https://chart-studio.plotly.com https://*.doubleclick.net www.taylorwessing.com taylorwessing.com *.taylorwessing.com https://a27617570016.cdn.optimizely.com https://a27617570016.cdn-pci.optimizely.com cdn.yoshki.com form.typeform.com tw.bryter.io *.podigee.io *.podigee-cdn.net *.newsmailservice.de *.soundcloud.com *.podcasts.apple.com *.spotify.com *.fliplet.com sites-taylor-wessing.vuturevx.com v6.newsmailservice.de app.livestorm.co *.buzzsprout.com consentcdn.cookiebot.com player.vimeo.com www.google.com *.youtube.com taylorwessing.foleon.com datastudio.google.com lookerstudio.google.com https://www.googletagmanager.com; worker-src 'self'; frame-ancestors 'self'; report-uri https://taylorwessing.report-uri.com/r/d/csp/enforce; report-to https://taylorwessing.report-uri.com/r/d/csp/wizard 1
img-src 'self' norma.omq.de *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://app.usercentrics.eu https://accelerator.extern.hmmh.io https://piwik.norma-online.de https://c.clarity.ms https://www.facebook.com/ https://c.bing.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' norma.omq.de *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://piwik.norma-online.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.clarity.ms https://connect.facebook.net/ https://c.bing.com blob:; object-src 'none'; font-src norma.omq.de 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com  https://www.googleadservices.com  https://googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.googleapis.com https://cdn.addevent.com https://platform.twitter.com embed.aidaform.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://partner.googleadservices.com https://*.list-manage.com https://*.clarity.ms https://c.bing.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.google.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net https://cdn-images.mailchimp.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://flo.uri.sh https://api.mapbox.com https://app.powerbi.com https://data.humdata.org https://drive.google.com calendar.google.com https://www.youtube.com https://datawrapper.dwcdn.net https://teamup.com https://lookerstudio.google.com https://experience.arcgis.com https://public.tableau.com https://rrmniger.azurewebsites.net/ *.unocha.org https://*.addevent.com https://cdn.knightlab.com https://dashboards.impact-initiatives.org https://docs.google.com https://e.infogram.com https://jmmi-northernsyria.shinyapps.io https://logie.logcluster.org https://m.facebook.com https://miro.com https://spxih.mjt.lu https://turkiyeeq.thedeep.io https://ukraine.servicesadvisor.net https://unhcr.carto.com https://www.arcgis.com https://www.facebook.com https://rwsupport.aidaform.com https://analytics.wfp.org *.un.org https://cdnapisec.kaltura.com https://vimeo.com https://player.vimeo.com https://ukraine.servicesadvisor.net https://*.kobotoolbox.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*; report-uri /report-csp-violation; upgrade-insecure-requests 1
block-all-mixed-content; frame-ancestors 'self' 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-PnVX6LlBiHMiGM8nvWkwaw=='; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu https://ct.pinterest.com https://*.clarity.ms/ https://sst.dreamland.be; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://f1-contest.com https://desk.zoho.eu https://ar.salta.com https://www.googletagmanager.com https://td.doubleclick.net https://ct.pinterest.com https://dreamlandbe.zohodesk.eu https://sst.dreamland.be; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com https://sst.dreamland.be; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com; upgrade-insecure-requests 1
default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live pl.team.live ar.team.live tr.team.live; 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.genially.com view.genially.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.genially.com view.genially.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/ https://public.tableau.com public.tableau.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; report-to csp-endpoint; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data: 1
frame-ancestors *.scaledrone.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
default-src 'self';  style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src 'self';               frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com https://forms.hsforms.com https://www.googletagmanager.com https://tags.austinregionalclinic.com;               frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://vmecharttest3 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://maps.googleapis.com               https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com                https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai               https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://vmecharttest3 https://snap.licdn.com https://www.googletagmanager.com https://tags.austinregionalclinic.com;              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com https://www.googletagmanager.com;               font-src 'self' https://fonts.gstatic.com https://code.jquery.com;               form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com;               img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://maps.gstatic.com               https://hyropublic.blob.core.windows.net https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com               https://www.google.com https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.googletagmanager.com;              connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net               wss://web.hyro.ws/widget-client https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://app.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com https://tags.austinregionalclinic.com;              object-src 'none';              base-uri 'self';              media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1
frame-src spasibosberbank.ru new.spasibosberbank.ru 1
default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' http://*.usercentrics.eu:* https://*.usercentrics.eu:* http://*.usercentrics.eu https://*.usercentrics.eu wss://*.usercentrics.eu 'unsafe-inline' https://*.yoast.com; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob: https://*.reactful.com http://*.reactful.com; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
object-src 'none'; frame-ancestors *; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com www.kununu.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-a2151e2d73ee585021f8e00695275593' 'nonce-77ca2e19d10c5d5e5367acfa78758e44' 'nonce-8f2d63abc722d76dd19a14fcff2b2f72' 'nonce-4f592feaea3cb1891924c9138999a3c3' 'nonce-c78a4bb563cf4c5479addbe7379286fd' 'nonce-9150812cfd93b24d2e28bddd4b591ee1' 'nonce-b42d136b82c8b2bb5996f706a3590ddf' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a2151e2d73ee585021f8e00695275593' 'nonce-77ca2e19d10c5d5e5367acfa78758e44' 'nonce-8f2d63abc722d76dd19a14fcff2b2f72' 'nonce-4f592feaea3cb1891924c9138999a3c3' 'nonce-c78a4bb563cf4c5479addbe7379286fd' 'nonce-9150812cfd93b24d2e28bddd4b591ee1' 'nonce-b42d136b82c8b2bb5996f706a3590ddf' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://fonts.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://stats.g.doubleclick.net https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.google-analytics.com https://*.googleapis.com https://checkout.stripe.com https://api.stripe.com https://*.ads.linkedin.com; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com https://px.ads.linkedin.com https://www.linkedin.com/px; object-src https://s3-eu-west-1.amazonaws.com/catapush-cdn/; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://checkout.stripe.com https://js.stripe.com https://js.hsforms.net/forms/v2.js https://snap.licdn.com https://*.ads.linkedin.com 'report-sample' 'unsafe-inline' 'nonce-s9g9l6NwGoOeTzQ+DxLUaA=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1
allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1
frame-ancestors 'self' https://twitter.com; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /report-csp-violation 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.abtasty.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.infra-hellowork.com *.nr-data.net *.regionsjob.com *.twitter.com bat.bing.com bat.bing.net cdn.jsdelivr.net/gh/magma-app/magma-widget@latest/src/widget-v3.min.js api.typeform.com googleads.g.doubleclick.net vimeo.com; font-src 'self' fonts.cdnfonts.com/s/14903/ *.abtasty.com; frame-ancestors 'self'; frame-src 'self' *.abtasty.com *.francetv.fr *.googletagmanager.com *.instagram.com *.linkedin.com *.magma.app *.podcasts.apple.com *.slideshare.net *.soundcloud.com *.tiktok.com *.ttwstatic.com *.twitter.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.youtube.br *.youtube.com form.typeform.com td.doubleclick.net; img-src 'self' data: *.abtasty.com *.facebook.com *.hellowork.com *.osm.org *.twitter.com diplomeo-static.com bat.bing.com bat.bing.net diplomeo.com local:// https://i.hellowork.com *.tile.openstreetmap.fr *.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.aticdn.net *.dev-hellowork.com *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleadservices.com *.infra-hellowork.com *.hellowork.com *.regionsjob.com *.tiktok.com *.ttwstatic.com *.twitter.com *.instagram.com bat.bing.com bat.bing.net embed.typeform.com; style-src 'self' 'unsafe-inline' *.abtasty.com *.hellowork.com *.ttwstatic.com embed.typeform.com fonts.cdnfonts.com/css/sofia-pro 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-e580a48622cf9031aedc66b04d8e936f' 'nonce-143bb5c7509ebe1495b3f4c26c4cb786' 'nonce-bf39d903f86dae18cad9cd9e30ebb1a5' 'nonce-41699d2b91a288922eecff6889a3fb01' 'nonce-ed74319caf3c02db68772d35b66866db' 'nonce-8ad537deabaeaf809f11771841012ceb' 'nonce-d572930127280790e82a780035572bd1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e580a48622cf9031aedc66b04d8e936f' 'nonce-143bb5c7509ebe1495b3f4c26c4cb786' 'nonce-bf39d903f86dae18cad9cd9e30ebb1a5' 'nonce-41699d2b91a288922eecff6889a3fb01' 'nonce-ed74319caf3c02db68772d35b66866db' 'nonce-8ad537deabaeaf809f11771841012ceb' 'nonce-d572930127280790e82a780035572bd1' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' https://data.fiawec.com https://storage.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com http://fiawec.lmem-pp.6tm.eu https://fiawec.com https://hatscripts.github.io https://static.rolex.com https://www.youtube.com https://storage.googleapis.com https://www.fiawec.com https://i.ytimg.com https://www.youtube.com http://www.youtube.com https://play.google.com data: https://*.cdninstagram.com https://www.googletagmanager.com https://sdk.privacy-center.org https://api.privacy-center.org; block-all-mixed-content; connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com https://storage.googleapis.com https://data.wec-master.6tm.eu/ https://data.fiawec.com; frame-ancestors 'self'; img-src 'self' https://www.youtube.com http://www.youtube.com https://play.google.com https://www.facebook.com https://sdk.privacy-center.org https://api.privacy-center.org https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' https://i.ytimg.com https://storage.googleapis.com https://*.cdninstagram.com data:; script-src 'self' 'unsafe-inline' https://storage.googleapis.com https://connect.facebook.net https://cdnjs.cloudflare.com https://connect.facebook.net https://www.youtube.com http://www.youtube.com https://play.google.com https://sdk.privacy-center.org https://api.privacy-center.org https://www.googletagmanager.com https://www.google-analytics.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com intermezzo-coop.eu:* *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net  *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self' *;frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1
frame-ancestors https://goloadup.com 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com cdnjs.cloudflare.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com *.jwplayer.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/ https://hcaptcha.com/; img-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://media.giphy.com/ https://*.tile.openstreetmap.org/ https://*.hcaptcha.com/; object-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/ https://hcaptcha.com/; frame-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/ https://hcaptcha.com/; 1
frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1
base-uri 'none';child-src 'none';connect-src 'self' https://www.facebook.com https://www.google.com https://www.google.com.ar https://www.google-analytics.com https://analytics.google.com http://static.ads-twitter.com http://script.crazyegg.com http://onelinksmartscript.appsflyer.com https://*.amplitude.com https://www.googletagmanager.com https://facebook.net https://analytics.tiktok.com https://map-handler.qa.playdigital.com.ar https://stats.g.doubleclick.net https://tracking.crazyegg.com https://*.crazyegg.com https://go.botmaker.com https://cdn.freshbots.ai https://www.freshbots.ai https://m-infra.appspot.com wss://ws.botmaker.com *.freshbots.ai *.crazyegg.com *.botmaker.com *.googleapis.com *.playdigital.com.ar *.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;form-action 'self';frame-ancestors *;frame-src https://*.doubleclick.net https://*.modo.com.ar https://www.googletagmanager.com/;img-src 'self' data: www.afip.gob.ar www.argentina.gob.ar modo.onelink.me *.playdigital.com.ar https://t.co https://analytics.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://assets.mobile.preprod.playdigital.com.ar https://assets.mobile.qa.playdigital.com.ar https://assets.mobile.develop.playdigital.com.ar https://assets.mobile.playdigital.com.ar https://s3.amazonaws.com https://www.google.com a.storyblok.com www.google.com.ar www.facebook.com storage.googleapis.com www.googletagmanager.com *.doubleclick.net;manifest-src 'self';media-src https://storage.googleapis.com *.playdigital.com.ar *.googleapis.com;object-src https://amplitude.com;prefetch-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://connect.facebook.net https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com https://www.googleadservices.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.freshbots.ai;worker-src 'self' *.modo.com.ar blob:;script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com;report-uri /api/reporting;report-to /api/reporting; 1
default-src 'self'; frame-src 'self' https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://studio.eu.screencloud.com/ https://screencloud.com/ https://cdn.tickettailor.com/js/widgets/min/widget.js *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.webspellchecker.net/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline'  https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://studio.eu.screencloud.com/ https://screencloud.com/ *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://translate-pa.googleapis.com/ https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.analytics.google.com/ https://www.doctify.com/ *.webspellchecker.net/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de *.synology.me:5001; frame-ancestors 'self'; font-src 'self' data:; 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net  https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com *.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://img.youtube.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com translate-pa.googleapis.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com player.vimeo.com;  1
upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com fundingchoicesmessages.google.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.luckyorange.com https://*.googleapis.com; style-src *; img-src *; data:; connect-src https://*.luckyorange.com https://*.googleapis.com https://*.cloudflare.com https://*.mailchimp.com wss://*.visitors.live https://*.book4time.com https://*.salesforce.com https://*.googletagmanager.com https://*.boomtrain.com/ https://*.gstatic.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.chimpstatic.com https://*.list-manage.com;font-src * data: https://*.luckyorange.com; frame-src https://*.luckyorange.com https://*.book4time.com; worker-src blob:; media-src * data:; 1
default src 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.industowers.com/ https://*.industowers.com/ http://*.industowers.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/ https://s.tradingview.com/; img-src 'self' data: blob: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://goo.gle/ https://www.industowers.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googletagmanager.com; object-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; frame-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; form-action 'self' data: blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-ds3HMtjLSGPVP9084eWtdj4YTkvYIMXn' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self'; child-src data: blob:; connect-src 'self' *.aticdn.net *.cdnbasket.net *.cookiebot.com *.googleapis.com *.hotjar.com *.hotjar.io *.onconnect-coach.3slab.fr *.payline.com *.suez.com *.xiti.com apisimulator.toutsurmoneau.test bam.eu01.nr-data.net bam.nr-data.net data.gouv.nc ids.cdnwidget.com payline.com smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net stats.g.doubleclick.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com wss://*.hotjar.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io general-runtime.voiceflow.com *.voiceflow.com runtime-api.voiceflow.com suez-search-engine.baker-park.com; font-src 'self' data: *.hotjar.com *.payline.com *.suez.com fonts.gstatic.com maxcdn.bootstrapcdn.com payline.com smartsolution-onconnectcoach.azureedge.net *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com suez-search-engine.baker-park.com; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-ancestors 'self' https://eco-gagnant-recette.stellio.io/ https://eco-gagnant.cud.fr https://seleniumbase.io/; frame-src 'self' data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com *.qualtrics.com *.cloudflare.com *.voiceflow.com suez-search-engine.baker-park.com; img-src 'self' data: blob: *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.hotjar.com *.payline.com *.suez.com *.youtube-nocookie.com *.youtube.com api.cabestan.com cdn1.iconfinder.com cloudfront.net maps.googleapis.com maps.gstatic.com payline.com smartsolution-onconnectcoach.azureedge.net www.googletagmanager.com *.suez.com *.cookiebot.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test test.toutsurmoneau.test cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.voiceflow.com general-runtime.voiceflow.com cm4-production-assets.s3.amazonaws.com suez-search-engine.baker-park.com; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net suez-search-engine.baker-park.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ati-host.net *.aticdn.net *.atinternet-solutions.com *.atinternet.com *.atinternet.io *.bootstrapcdn.com *.capadresse.com *.capadresse.com:2814 *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.google.com *.google.com/maps *.hotjar.com *.js-agent.newrelic.com *.newrelic.com *.onconnect-coach.3slab.fr *.payline.com *.piano.io *.suez.com *.xiti.com ajax.cloudflare.com api.cabestan.com apisimulator.toutsurmoneau.test bam.nr-data.net capadresse.apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 code.jquery.com maps.googleapis.com payline.com smartsolution-smartcoach.azureedge.net suez-eau-france.dimelochat.com ws.livingactor.com www.googletagmanager.com www.gstatic.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test *.cloudflare.com cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com general-runtime.voiceflow.com runtime-api.voiceflow.com blob: suez-search-engine.baker-park.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.hotjar.com *.payline.com *.suez.com fonts.googleapis.com payline.com smartsolution-smartcoach.azureedge.net www.gstatic.com *.googleapis.com *.suez.com vite.toutsurmoneau.test wss://vite.toutsurmoneau.test cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com suez-search-engine.baker-park.com; worker-src blob: 1
base-uri 'none';connect-src 'self' http://localhost:3001 http://127.0.0.1:3001 *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se *.oresundsbron.com *.adnxs.com *.strossle.com *.bing.com *.bing.net *.clarity.ms;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net https://stats.g.doubleclick.net *.bing.com *.bing.net *.clarity.ms;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com *.strossle.com *.bing.com *.bing.net *.clarity.ms;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com *.bing.com *.bing.net *.clarity.ms;worker-src 'self'; 1
default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org;  style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/*; connect-src 'self'  *.thelinuxfoundation.org *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net  *.google-analytics.com *.gstatic.com *.google.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com *.youtube.com 1
default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-f734d0d7e5f07e963da0fbe81c5570e4' 'nonce-dcd42a29d3559a642111456362087c82' 'nonce-89bb7f5e6e0b41249720ab4a7a474021' 'nonce-8af98c0640311298711bd09bd9c4efe9' 'nonce-16d18459c03846d65448cfbcfe06ec4a' 'nonce-f714b6c5300f36bfb0a3c54ff21c7b8c' 'nonce-37ea6ac06ad1b7e8fcf813cc4b597b84' 'nonce-49724ba7bc689a21c97c1f3fb9e350bf' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-f734d0d7e5f07e963da0fbe81c5570e4' 'nonce-dcd42a29d3559a642111456362087c82' 'nonce-89bb7f5e6e0b41249720ab4a7a474021' 'nonce-8af98c0640311298711bd09bd9c4efe9' 'nonce-16d18459c03846d65448cfbcfe06ec4a' 'nonce-f714b6c5300f36bfb0a3c54ff21c7b8c' 'nonce-37ea6ac06ad1b7e8fcf813cc4b597b84' 'nonce-49724ba7bc689a21c97c1f3fb9e350bf' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src https://counter.simplybook.me https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-e29b06260358671e459d44cf37d080a8'; child-src blob: ; frame-src * 1
default-src https:; base-uri 'self'; connect-src https: ws:; font-src https: data:; frame-src https:; img-src http: https: blob: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; 1
block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
connect-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://api.carrotquest.app/ https://api.carrottrack.app/ https://rts-v2.carrotquest.app/ wss://rts-v2.carrotquest.app/ https://tracker.comagic.ru/ https://stats.g.doubleclick.net;default-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://tracker.comagic.ru https://stats.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://maps.google.com http://bitrix.info https://connect.facebook.net https://*.gstatic.com:* https://*.googleapis.com https://www.google.ru https://*.googleadservices.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.maps.yandex.net https://cdnjs.cloudflare.com https://app.comagic.ru https://cllctr.roistat.com/ https://cloud.roistat.com/ https://cdn.jsdelivr.net/ https://cdn.carrotquest.app/ https://use.fontawesome.com/ https://www.google.com/recaptcha/ https://yastatic.net:*;style-src 'self' 'unsafe-inline' data: https://mc.yandex.ru:* https://*.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.jsdelivr.net https://*.gstatic.com:*;img-src 'self' data: https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app/ blob: https://*.maps.yandex.net;font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.carrotquest.app/ https://*.gstatic.com:*;frame-src 'self' data: https://*.youtube.com https://*.youtu.be https://*.yandex.ru https://yandex.ru https://mc.yandex.ru/ https://www.google.com https://*.youtube-nocookie.com;base-uri 'self';form-action 'self' data: ; 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-ae1000c57ded664fc4cf9d7d59ad4f28' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ae1000c57ded664fc4cf9d7d59ad4f28' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' ; script-src 'self' 1
default-src 'unsafe-inline'  'unsafe-eval' 'self'  *.sessioncam.com *.cloudfront.net *.snapchat.com *.cookielaw.org *.tintup.com *.snapchat.com *.amazon-adsystem.com https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.googleapis.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.betrad.com *.youtube.com *.evidon.com *.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net *.doubleclick.net *.hypemarks.com *.gstatic.com *.krxd.net *.adimo.co *.bazaarvoice.com *.iesnare.com  *.googleadservices.com *.hotjar.com *.pricespider.com *.yahoo.com *.doubleclick.net *.hotjar.com *.nestle.co.uk *.google.com *.googleoptimize.com *.adsrvr.org *.gbqofs.com *.usabilla.com:* *.fusepump.com:* bam.nr-data.net:* *.locate.com:* *.mapbox.com:* *.pricespider.com:* *.sc-static.net *.snapchat.com *.tintup.com *.sc-static.net tintup.com:* sc-static.net:* *.cookielaw.org *.googletagmanager.com:* *.amazon-adsystem.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.addtoany.com *.jsdelivr.net *.cloudflare.com *.pinterest.com *.pinimg.com *.brightcove.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.qualtrics.com;; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com *.typography.com *.google.com *.fontawesome.com *.nestle.co.uk *.pricespider.com:* *.mapbox.com:* *.cloudfront.net *.salesforce.com *.bazaarvoice.com *.adimo.co; img-src  'self' 'unsafe-inline' https: data: blob: *.googleapis.com *.gstatic.com *.cloudflare.com *.semasio.net *.sessioncam.com *.cloudfront.net *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.krxd.net *.starbucksathome.com *.adimo.co *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com *.google.co.in google-analytics.com *.google.com *.pantheonsite.io *.cookielaw.org *.pricespider.com:* *.adsrvr.org:* *.google.com *.google-analytics.com *.usabilla.com *.demdex.net *.yahoo.com *.bluekai.com *.imrworldwide.com *.sharethrough.com *.truoptik.com *.dotomi.com *.insightexpressai.com *.ml314.com *.amazon-adsystem.com *.googletagmanager.com *.eb2.3lift.com *.dr.mookie1.com *.track2.securedvisit.com *.mid.rkdms.com *.eb2.3lift.com https://app.optimizely.com https://cdn.optimizely.com https://siteintercept.qualtrics.com/;; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; frame-src 'self' *.addtoany.com *.youtube.com *.evidon.com *.fls.doubleclick.net *.youtube-nocookie.com *.hypemarks.com *.fusepump.com *.google.com *.krxd.net l3.evidon.com *.adimo.co *.bazaarvoice.com *.netsuite.com *.hotjar.com *.doubleclick.net *.netsuite.com *.flashtalking.com *.google.com *.tintup.com *.amazon-adsystem.com *.facebook.com *.adsrvr.org *.salesforce.com *.snapchat.com *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.pinterest.com *.adsrvr.org *.googletagmanager.com *.usabilla.com https://starbucks.jebbit.com/ https://a5763127292198912.cdn.optimizely.com https://a5763127292198912.cdn-pci.optimizely.com  https://*.qualtrics.com;; frame-ancestors 'self' *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us  *.hypemarks.com *.usabilla.com https://starbucks.jebbit.com/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com http://live-dig0028606-coffee-starbucks-usa.pantheonsite.io https://live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io https.live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io blob:; https://*.optimizely.com;; font-src  'self' data: *.gstatic.com *.fontawesome.com *.cloudflare.com; connect-src 'self' *.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.analyze.ly *.serving-sys.com *.doubleclick.net *.iriworldwide.com *.bazaarvoice.com *.hotjar.io *.nr-data.net *.bing.com *.nestle.gbqofs.io *.pricespider.com:* *.mapbox.com:* *.usabilla.com *.google-analytics.com *.clarity.ms *.tintup.com *.amazonaws.com *.snapchat.com *.cookielaw.org *.onetrust.com *.bam.nr-data.net bam.nr-data.net:* *.pinterest.com *.google.com *.google-analytics.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com https://*.optimizely.com https://*.qualtrics.com; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' * blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com secure.payzen.eu maps.googleapis.com *.paypal.com *.algolia.net *.algolianet.com *.bing.com *.facebook.net *.facebook.com *.mgtmod01.com trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinterest.com *.pinimg.com snap.licdn.com www.google.fr www.googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.googleadservices.com pagead2.googlesyndication.com *.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;frame-src 'self' secure.payzen.eu www.youtube.com maps.googleapis.com *.paypal.com secure.ogone.com ogone.test.v-psp.com *.openstreetmap.org *.facebook.com *.youtube-nocookie.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com widget.eu.criteo.com *.pinterest.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr td.doubleclick.net *.doubleclick.net *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com *.gstatic.com placehold.it https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr *.youtube-nocookie.com *.ytimg.com secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.criteo.com e1.emxdgt.com rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com *.yahoo.net *.postrelease.com *.pinterest.com *.pinimg.com *.adform.net *.facebook.net sync.1rx.io jadserve.postrelease.com *.unrulymedia.com bat.bing.net px.ads.linkedin.com aa.agkn.com www.google.com www.google.fr ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net *.g.doubleclick.net pagead2.googlesyndication.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;font-src 'self' fonts.gstatic.com data: cdn.linearicons.com;connect-src 'self' *.paypal.com *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com noembed.com bat.bing.com *.criteo.com *.taboola.com *.outbrain.com *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.pinterest.com *.facebook.com *.outbrain.com bat.bing.com bat.bing.net px.ads.linkedin.com www.google.fr www.google.com google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.g.doubleclick.net *.analytics.google.com *.google-analytics.com pagead2.googlesyndication.com *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;base-uri 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-hh4SSPCVWx6iPVSdHIglNAiefvLKjvWJ' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-scripts.com https://app.privally.global; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com https://www.googletagmanager.com/; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests; 1
frame-ancestors 'self' https://cms.eden.co.uk/; form-action 'self'; 1
default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com pagead2.googlesyndication.com www.google.com www.googletagmanager.com www.googleadservices.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io d.impct.site https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com pixels.spotify.com pixel.byspotify.com evnt.byspotify.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com bytedance: sslocal:; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.doubleclick.net secure.adnxs.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com www.google.ae www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.il www.google.co.jp www.google.co.uk www.google.com www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.mt www.google.com.mx www.google.com.tr www.google.com.ua www.google.cz www.google.de www.google.dk www.google.dz www.google.es www.google.fr www.google.gp www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com x.bidswitch.net r.casalemedia.com id5-sync.com ad.360yield.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ad.yieldlab.net sync.1rx.io wjzjfj.clickandboat.com gum.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com csm.fr3.eu.criteo.net; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com browser.sentry-cdn.com fast.ssqt.io pixel.byspotify.com 'unsafe-inline' 'nonce-Wr/4Z5lqv5qtxtjgA6oATg=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com www.gstatic.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; report-uri https://o417216.ingest.us.sentry.io/api/4506020607492097/security/?sentry_key=3c14ba189cc8cb536d95fb1b6fe67298 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-iIsduFBafep4kpkdnkiffV1pcPdeidgW' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self'; script-src 'self' 'nonce-Kl1dyjTVAC8fbs9I14NEvgn3uPVP1C1XRg35++b/cBk=' 'unsafe-inline' koop.piwik.pro; connect-src 'self' 'nonce-Kl1dyjTVAC8fbs9I14NEvgn3uPVP1C1XRg35++b/cBk=' 'unsafe-inline' koop.piwik.pro; img-src 'self' koop.piwik.pro; style-src 'self' 'nonce-Kl1dyjTVAC8fbs9I14NEvgn3uPVP1C1XRg35++b/cBk=' 'unsafe-inline'; frame-src 'self' data: koop.piwik.pro; frame-ancestors 'self'; 1
default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' c.bing.com snap.licdn.com *.analytics.google.com *.hotjar.com *.doubleclick.net www.gstatic.com www.google.com  apis.google.com maps.googleapis.com googleadservices.com www.xart.cz fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.ccvision.de www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.cz connect.facebook.net giphy.com *.facebook.com akamaihd.net fbcdn.net fb.me fbsbx.com api.mapy.cz mapserver.mapy.cz tagmanager.google.com ssl.gstatic.com fe.marketingovalista.cz sc.lfeeder.com tr.lfeeder.com static.userback.io api.userback.io www.googleadservices.com app.marketingovalista.cz accounts.google.com *.clarity.ms *.google-analytics.com *.googlesyndication.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; font-src 'self' data:; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.snapchat.com snapchat.com *.medallia.eu medallia.eu *.tealiumiq.com tealiumiq.com; frame-src 'self' directus.br.extranet.addmore.cloud test.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com *.snapchat.com snapchat.com *.googletagmanager.com googletagmanager.com; img-src 'self' data: 'unsafe-inline' test.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com *.bing.net bing.net maps.gstatic.com *.googletagmanager.com googletagmanager.com; media-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com *.sc-static.net sc-static.net *.snapchat.com snapchat.com; worker-src 'self' blob: 1
frame-ancestors 'self' vidaworld.com *.vidaworld.com heromotocorp3--dev.sandbox.my.salesforce.com heromotocorp3--dev.sandbox.lightning.force.com vidaworld--sit.sandbox.lightning.force.com vidaworld.lightning.force.com 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self'; 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.stripe.com/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.valued.app; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.valued.app 'unsafe-inline' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-jbA8VreA42SNzS8N9VHJ5N6pZWjqC2B/c/cBk+1diXE=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' https://api.recurly.com 'unsafe-inline'; report-uri /nelmio/csp/report 1
default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com analytics.imirwin.com partner.googleservices.com partner.googleadservices.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com *.gstatic.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.google.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com td.doubleclick.net syndicatedsearch.goog;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com analytics.imirwin.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1
default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com fonts.googleapis.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.qenta.com; navigate-to 'self' https: 1
default-src 'self' data: https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self' https://ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: https://*.ckeditor.com https://*.hotjar.com https://*.hotjar.io https://*.teads.tv https://aax-eu.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://maps.googleapis.com https://p1.outbrain.com https://p1.zemanta.com https://region1.analytics.google.com https://region1.google-analytics.com https://static1.r66net.com https://stats.g.doubleclick.net https://insight.adsrvr.org; frame-src 'self' https://*.doubleclick.net https://*.greenconnected.fr https://aax-eu.amazon-adsystem.com https://bonusqualirepar.ecosystem.eco https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://ecosystemfrance.qualtrics.com https://form.jotform.com https://insight.adsrvr.org https://match.adsrvr.org https://page.ecosystem.eco https://portail-reparateurs.ecosystem.eco https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://extranet.corepile.net; img-src 'self' data: https://*.doubleclick.net https://*.ecosystem.eco https://*.teads.tv https://6745d80ec3904300272752ef.tracker.adotmob.com https://6823745d2555329718a2ba1f.tracker.adotmob.com https://683f20c521b61033ba7aea8a.tracker.adotmob.com https://ads-engagement.presage.io https://ads-engagement.presage.io https://adservice.google.com https://img.youtube.com https://imgsct.cookiebot.com https://insight.adsrvr.org https://jedonnemontelephone.fr https://ks1.b26net.com https://ks1.invibes.com https://maps.googleapis.com https://maps.gstatic.com https://p1.zemanta.com https://track.adform.net https://www.google.fr https://www.googletagmanager.com https://*.adveris.dev; manifest-src 'self'; media-src 'self' https://*.ecosystem.eco; object-src 'none'; script-src 'unsafe-inline' 'self' https://*.hotjar.com https://ads-engagement.presage.io https://c.amazon-adsystem.com https://cdn.datatables.net https://cdn.matomo.cloud https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://fonts.googleapis.com https://insight.adsrvr.org https://js-tag.zemanta.com https://js.adsrvr.org https://k.r66net.com https://maps.googleapis.com https://p.teads.tv https://s2.adform.net https://static.r66net.net https://track.adform.net https://www.googletagmanager.com https://www.youtube.com; style-src 'unsafe-inline' 'self' https://cdn.datatables.net https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'none' 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
block-all-mixed-content; upgrade-insecure-requests 1
base-uri  'self' ; child-src  'self' ; connect-src  'self'  'unsafe-inline'  'unsafe-eval'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.youtube.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src  'self' ; font-src  'self'  'unsafe-inline'  'unsafe-eval'  *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action  'self' ; frame-src  'self'  'unsafe-inline'  'unsafe-eval'  *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.youtube.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors  'self' ; img-src  'self'  'unsafe-inline'  'unsafe-eval'  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src  'self' ; media-src  'self'  s.w.org; object-src  'self' ; script-src  'self'  'unsafe-inline'  'unsafe-eval'  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem  'self'  'unsafe-inline'  'unsafe-eval'  cdn.jsdelivr.net *.youtube.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr  'self' ; style-src  'self'  'unsafe-inline'  'unsafe-eval'  *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem  'self'  'unsafe-inline'  'unsafe-eval'  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr  'self'  'unsafe-inline'  'unsafe-eval' *.youtube.com; worker-src  'self'  blob:; 1
default-src 'self'; script-src 'self'; img-src 'self' 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com;  1
default-src 'none'; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com analytics.mbda-systems.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.epresspack.online; img-src 'self' data: *.epresspack.online newsroom.mbda-systems.com; media-src 'self' about: data:; frame-src 'self' *.youtube.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' analytics.mbda-systems.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 1
allow *; options inline-script eval-script; frame-ancestors 'self'; 1
default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com  ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io imgsct.cookiebot.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net  collector.leadinfo.net collector4.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com  data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com  *.analytics.google.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net collector4.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com google.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com www.linkedin.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net analytics.ahrefs.com 1
allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com *.typeform.com; fullscreen *.typeform.com 1
default-src 'self';img-src *; script-src *; 1
frame-ancestors 'self' https://journeokioskcontent.azurewebsites.net/; report-uri /report-csp-violation 1
default-src https: wss:; base-uri 'none'; font-src https: data:; img-src https: data:; script-src 'strict-dynamic' 'nonce-L6s46snJ/smVBGb+4QXUEA=='; style-src https: 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://www.buymusic.club wss://ws.hotjar.com https://*.hcaptcha.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors 'none'; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com https://www.googletagmanager.com/ https://td.doubleclick.net/; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com https://*.licdn.com https://*.snapchat.com 'nonce-dIG8JZCBn7Rny3p75GxMLg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self' https; connect-src 'self' https://dc.services.visualstudio.com https://attach.ukpowernetworks.co.uk https://*.go-mpulse.net https://*.akstat.io/ https://*.akamaihd.net/ www.google-analytics.com region1.google-analytics.com https://apikeys.civiccomputing.com/c/v https://in.hotjar.com/ https://vc.hotjar.io https://clapi.civiccomputing.com/ stats.g.doubleclick.net https://translate.googleapis.com https://maps.googleapis.com https://api.what3words.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://*.applicationinsights.azure.com https://*.azurewebsites.net https://graph.microsoft.com/ https://*.tangentlabs.co.uk https://col.site24x7rum.eu https://l.sharethis.com https://platform.twitter.com/widgets.js https://connect.facebook.net https://api.reciteme.com https://stats.reciteme.com https://speechstreamv3-webservices-8.texthelp.com/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.speechstream.net https://en.wikipedia.org/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://apps.parcelforce.com/sso/Home/IsAlive https://apps.parcelforce.com/sso/ https://static.queue-it.net 956e469338e2e6898c68816e7d5d70.4d.environment.api.powerplatform.com 122893fe7778e05ebe27d6a1abed5c.42.environment.api.powerplatform.com 0f561d2ccae5e5c6b9552edc1c9164.5b.environment.api.powerplatform.com europe.directline.botframework.com wss://europe.directline.botframework.com *.uk.omnichannelengagementhub.com eu-mobile.events.data.microsoft.com browser.pipe.aria.microsoft.com *.uk.communication.azure.com *.communication.microsoft.com *.trouter.teams.microsoft.com teams.microsoft.com/registrar/prod/v3/registrations prod.registrar.skype.com/v3/registrations wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com; font-src 'self' ukpn.local hello.myfonts.net data: https://*.blob.core.windows.net https://*.tangentlabs.co.uk https://*.ukpowernetworks.co.uk fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk https://*.cdn.office.net; style-src 'self' 'unsafe-inline' ukpn.local https://*.blob.core.windows.net https://*.tangentlabs.co.uk https://*.ukpowernetworks.co.uk fonts.googleapis.com https://fonts.googleapis.com https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net oc-cdn-public-gbr.azureedge.net/livechatwidget/v2public/styles/LiveChatWidgetFrame.css; script-src 'self' 'unsafe-eval' ukpn.local https://*.go-mpulse.net 'unsafe-inline' https://*.blob.core.windows.net https://*.tangentlabs.co.uk https://*.ukpowernetworks.co.uk https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.googletagmanager.com/ns.html www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com script.hotjar.com static.hotjar.com http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js z.moatads.com https://translate.google.com/ https://translate.googleapis.com/ apis.google.com www.google.com www.gstatic.com maps.googleapis.com ajax.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://static.site24x7rum.eu https://widget.trustpilot.com https://t.sharethis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://graph.facebook.com https://www.youtube.com https://www.linkedin.com/ https://s.ytimg.com https://platform.twitter.com https://connect.facebook.net https://api.reciteme.com https://stats.reciteme.com https://*.speechstream.net https://wikisum.texthelp.com/ https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://ukpowernetworks.queue-it.net https://ukpowernetwork.queue-it.net https://static.queue-it.net/script/queueclient.min.js https://static.queue-it.net/script/queueconfigloader.min.js https://assets.queue-it.net cdn.botframework.com oc-cdn-public-gbr.azureedge.net/livechatwidget/scripts/LiveChatBootstrapper.js oc-cdn-public-gbr.azureedge.net/livechatwidget/v2scripts/LiveChatBootstrapper.js oc-cdn-public-gbr.azureedge.net https://grid.is; img-src 'self' data: https://api.umbraco.io https://media.umbraco.io https://img.youtube.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://*.blob.core.windows.net https://*.tangentlabs.co.uk https://*.ukpowernetworks.co.uk www.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads https://translate.google.com maps.gstatic.com maps.googleapis.com https://www.google.com https://www.google.co.uk/ https://www.google.com/images/cleardot.gif https://www.gstatic.com fonts.googleapis.com apis.google.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://l.sharethis.com https://api.reciteme.com https://speechstreamv3-webservices-8.texthelp.com/ https://upload.wikimedia.org blob:; child-src 'self' https://www.googletagmanager.com/ns.html https://content.googleapis.com; frame-src 'self' https://powerupgames.z33.web.core.windows.net https://vars.hotjar.com https://powerupgames.z33.web.core.windows.net/hunt-the-hazards/story.html www.google.com *.google.com https://www.googletagmanager.com www.youtube.com www.linkedin.com https://widget.trustpilot.com http://t.sharethis.com https://platform-api.sharethis.com https://platform.twitter.com https://web.facebook.com/ https://www.facebook.com/ https://m.facebook.com/ https://api.reciteme.com https://*.speechstream.net web.powerva.microsoft.com https://956e469338e2e6898c68816e7d5d70.4d.environment.api.powerplatform.com https://122893fe7778e05ebe27d6a1abed5c.42.environment.api.powerplatform.com https://0f561d2ccae5e5c6b9552edc1c9164.5b.environment.api.powerplatform.com https://oc-cdn-public-gbr.azureedge.net/ https://comms.omnichannelengagementhub.com/ https://grid.is; object-src data:; worker-src blob:; media-src https://api.reciteme.com self https://*.speechstream.net data:; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com www.googletagmanager.com adservice.google.ru adservice.google.com.ua *.google.com *.mail.ru vk.com *.buzzoola.com ajax.googleapis.com cackle.me *.cackle.me *.sape.ru code.createjs.com ad.slickjump.com slickjump.com sjsmartcontent.ru googletagmanager.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru cdn.al-adtech.com *.al-adtech.com; connect-src 'self' an.yandex.ru strm.yandex.ru mc.yandex.ru mc.yandex.com yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru sjsmartcontent.ru *.al-adtech.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; font-src 'self' data: *.googleapis.com *.gstatic.com use.typekit.net; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-eval' 'nonce-6a3d5968dd4f7d809150cc43305124be' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'nonce-6a3d5968dd4f7d809150cc43305124be' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U='  'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU='  'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4='  'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o='  'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A='  'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0='  'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg='  'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0='  'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8='  'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='  'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk='  'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k='  'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g='  'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM='  'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc='  'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA='  'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw='  'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs='  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='  'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA='  'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8='  'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM='  'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60='  'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk='  'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA='  'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4='  'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA='  'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0='  'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo='  'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg='  'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8='  'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk='  'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4='  https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com cdn.usefathom.com *.hotjar.com *.dotdigital-pages.com *.tiktok.com *.vimeo.com https: data:;style-src 'self' 'unsafe-inline' *.hotjar.com https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.googleadservices.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.vimeocdn.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com *.adnxs.com cdn.usefathom.com *.smooch.io wss://api.smooch.io *.hotjar.com *.hotjar.io wss://*.hotjar.com ct.pinterest.com pro.ip-api.com api.hellobar.com *.flippingbook.com *.tiktok.com *.bing.com *.convertexperiments.com data:;font-src 'self' static.tacdn.com *.gstatic.com assets.hootsuite.com *.hotjar.com my.hellobar.com *.tiktok.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net cdn.usefathom.com assets.hootsuite.com *.hotjar.com hi.hellobar.com px.gumgum.com *.flippingbook.com *.mapbox.com data:;frame-src 'self' *.vimeo.com vimeo.com *.vimeocdn.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net e.issuu.com ct.pinterest.com *.dotdigital-pages.com www.googletagmanager.com *.flippingbook.com ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ; img-src 'self' data: blob: https://secure.gravatar.com; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.victoria.ca *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recollect.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com tagmanager.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recaptcha.net *.recollect.net translate-pa.googleapis.com addsearch.com *.jsdelivr.net *.ecdev.org *.facebook.net googleads.g.doubleclick.net; object-src 'self' *.googlesyndication.com https://cityofvictoria.perfectmind.com; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.typekit.net *.fontawesome.com fonts.googleapis.com translate.googleapis.com unpkg.com *.gstatic.com *.googletagmanager.com *.fastly.net *.addsearch.com *.ecdev.org; img-src 'self' data: blob: *.google.com *.google.ca *.googleadservices.com *.fastly.net *.ytimg.com *.recollect.net *.gstatic.com *.openstreetmap.org *.addsearch.com *.cloudfront.net *.googletagmanager.com addsearch.com *.googleapis.com *.cloudfront.net *.arcgisonline.com *.victoria.ca; frame-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net  azurewebsites.net *.azurewebsites.net *.ecdev.org *.escribemeetings.com alertable.ca; frame-ancestors 'self'; child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net azurewebsites.net *.azurewebsites.net; font-src 'self' *.gstatic.com *.fontawesome.com data: *.typekit.net fastly.net *.global.ssl.fastly.net *.fastly.net recollect-us.global.ssl.fastly.net *.scite.ai; connect-src 'self' https://*.victoria.ca *.fontawesome.com *.google.com *.google-analytics.com *.fontawesome.com *.googleadservices.com *.googleapis.com *.azurewebsites.net *.recaptcha.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrich.ai *.cookiebot.eu *.usemessages.com *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src  *.nrich.ai *.usercentrics.eu *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.googletagmanager.com *.cookiebot.eu *.hubspot.com td.doubleclick.net ad.doubleclick.net  *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.bing.com *.bing.net *.nrich.ai *.cookiebot.eu google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
sandbox allow-scripts allow-same-origin allow-forms ; 1
frame-ancestors  https://deejay.de https://*.deejay.de  https://vinylfuture.com https://*.vinylfuture.com; 1
base-uri 'none';child-src 'none';connect-src 'self' region1.google-analytics.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src 'self' www.google.com;img-src 'self' storage.googleapis.com;manifest-src 'self';media-src 'self' storage.googleapis.com;object-src 'none';script-src 'self' www.googletagmanager.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1
frame-ancestors 'self' aviloo--uat.sandbox.my.site.com site.com checkjeaccu.nl www.checkjeaccu.nl 1
https://client.libertydentalplan.com; https://libertydentalplan.com 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com www.googleadservices.com crmweb.burkert.com cloud.ccm19.de snid.snitcher.com sst.burkert.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com googleads.g.doubleclick.net; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com cloud.ccm19.de; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net crmweb.burkert.com cloud.ccm19.de snid.snitcher.com sst.burkert.com; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com scnem2.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005 *.hcaptcha.com; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com *.hcaptcha.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net *.hcaptcha.com 'unsafe-inline' 'nonce-Mu9cngsiAC4AVnavMShYbQ=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com *.hcaptcha.com 'unsafe-inline' 'nonce-Mu9cngsiAC4AVnavMShYbQ=='; report-uri /csp/report 1
upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-AMb6pxYOg6h5ohnN' *.mypurecloud.ie js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js bat.bing.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net bat.bing.net adservice.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.mypurecloud.ie wss://*.mypurecloud.ie *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.* bat.bing.net ad.doubleclick.net adservice.google.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' *.mypurecloud.ie blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl www.googletagmanager.com player.springcast.app;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'none'; img-src 'self'; script-src 'self'; 1
default-src 'self' data: https://www.dw.com https://api.service-digitale-verwaltung.de https://events.click-around.systems/ https://ictp-trst-001.westeurope.cloudapp.azure.com/matomo/ https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' maps.googleapis.com e.issuu.com/embed.js embed.flickr.com https://js.stripe.com 'strict-dynamic' https: 'unsafe-eval' 'nonce-5c1a06c2c2bd60a3eb3ffbc1126b65b6'; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://sentry.issuu.com/api/ https://api.stripe.com data: blob:; img-src * data:; media-src * data:; frame-src e.issuu.com *.google.com player.vimeo.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' https://fonts.googleapis.com 'nonce-03bf2a8e16785e6129d54e23710bc81f'; font-src * data:; 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com https://*.juicer.io ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com https://*.sc-static.net https://*.bing.com https://*.ads-twitter.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com ;connect-src 'self' https://docs.google.com https://www.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co https://*.muchloved.com ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' 'unsafe-inline' data: ; 1
default-src 'self'; base-uri 'self'; 1
base-uri 'none';child-src 'self' https://*.twitch.tv https://*.youtube.com;connect-src 'self' https://insights.gam3s.gg https://staging.insights.gam3s.gg https://*.immutable.com https://cms.staging.gam3s.gg https://analytics.gam3s.gg https://metrics.gam3s.gg https://metrics.gam3s.gg/collect-alt https://staging.api.gam3s.gg/ http://localhost:3001/ http://localhost:3002/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://dev.api.polkastarter.gg/ https://api.twitch.tv https://cms.gam3s.gg http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.cookie3.co https://gam3s.featurebase.app https://*.thirdweb.com https://*.alchemy.com http://cdn.cpmstar.com wss://staging.api.gam3s.gg wss://api.gam3s.gg https://us.i.posthog.com https://us-assets.i.posthog.com https://*.posthog.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://v2.api.squidrouter.com https://raw.githubusercontent.com/0xsquid/assets/main/scripts/update-tokens/colors.json https://squid-app-v2-git-feat-api-fiat-onramp-0xsquid.vercel.app https://squid-app-v2-git-feat-add-onramper-provider-0xsquid.vercel.app https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://ethereum.publicnode.com https://rpc.sepolia.org https://developer-access-mainnet.base.org https://gasstation.polygon.technology/v2;default-src 'self';font-src 'self' data: https://*.hotjar.com https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'self' https://*.gam3s.gg https://*.polkastarter.gg;frame-src 'self' * https://challenges.cloudflare.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.ads-twitter.com https://www.redditstatic.com https://connect.facebook.net https://gleam.io https://widget.gleamjs.io https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://*.hotjar.com https://*.cookie3.co https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://cdn.blockpass.org https://do.featurebase.app https://*.cpmstar.com https://metrics.gam3s.gg https://metrics.gam3s.gg/ingestion.js https://us.i.posthog.com https://us-assets.i.posthog.com https://*.posthog.com https://insights.gam3s.gg https://challenges.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://embed.typeform.com https://vercel.live/fonts https://do.featurebase.app https://*.posthog.com;worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org piwik.bzga.de eu.frcapi.com; style-src 'self' 'unsafe-inline';font-src 'self' data:; media-src 'self' *.stage.bio; connect-src 'self' nominatim.openstreetmap.org ws://socket.stage.bio *.stage.bio piwik.bzga.de; img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de *.stage.bio; 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' blob *.amalgamatedbank.com  *.go-mpulse.net bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com d21y75miwcfqoq.cloudfront.net; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; child-src blob: *.amalgamatedbank.com; font-src 'self' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com  *.go-mpulse.net abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:* https://form.jotform.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:* https://form.jotform.com:* https://submit.jotform.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
frame-ancestors 'self' bam.harridev.com harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com pl.harridev.com ar.harridev.com tr.harridev.com dev.harridev.com fr.dev.harridev.com es.dev.harridev.com ru.dev.harridev.com de.dev.harridev.com pl.dev.harridev.com ar.dev.harridev.com tr.dev.harridev.com newdev.harridev.com stage.harridev.com hmap.harridev.com fr.hmap.harridev.com es.hmap.harridev.com ru.hmap.harridev.com de.hmap.harridev.com pl.hmap.harridev.com ar.hmap.harridev.com tr.hmap.harridev.com dv1.harridev.com dv2.harridev.com sandbox.harridev.com local.harridev.com:9001 fr.local.harridev.com:9001 es.local.harridev.com:9001 ru.local.harridev.com:9001 de.local.harridev.com:9001 pl.local.harridev.com:9001 ar.local.harridev.com:9001 tr.local.harridev.com:9001 local.harridev.com:9002 fr.local.harridev.com:9002 es.local.harridev.com:9002 ru.local.harridev.com:9002 de.local.harridev.com:9002 pl.local.harridev.com:9002 ar.local.harridev.com:9002 tr.local.harridev.com:9002 localhost.harridev.com:9001 local.corporate.harridev.com:9002 corporate.harridev.com; 1
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io  https://s.pinimg.com  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.taboola.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://www.googletagmanager.com https://player.captivate.fm; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com  https://ct.pinterest.com *.fontawesome.com https://*.cookiepro.com https://*.taboola.com; upgrade-insecure-requests 1
default-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://includes.ccdc02.com/ https://songbird.cardinalcommerce.com/ https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://salesiq.zohopublic.com/ https://js.zohocdn.com/ https://static.zohocdn.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/ https://css.zohocdn.com/ https://static.zohocdn.com/; img-src 'self' https://s3-sa-east-1.amazonaws.com/frame-image-br/ https://icon-library.com/ https://maps.gstatic.com/ https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ https://static.zohocdn.com/ https://us4-files.zohopublic.com/ https://css.zohocdn.com/ data:; media-src 'self' https://static.zdassets.com/ https://static.zohocdn.com/; frame-src 'self' https://centinelapi.cardinalcommerce.com/ https://3ds.seglan.com/ https://geo.cardinalcommerce.com/ https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/ https://salesiq.zohopublic.com/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/ https://css.zohocdn.com/; connect-src 'self' wss://stgapi.notbank.exchange/ wss://api.notbank.exchange/ https://writer.cardinalcommerce.com/ https://centinelapi.cardinalcommerce.com/ https://kg668dbov0.execute-api.us-east-1.amazonaws.com/ wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/ https://maps.googleapis.com/ wss://vts.zohopublic.com/ https://salesiq.zohopublic.com https://in.hotjar.com/api/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://geo.cardinalcommerce.com/ https://3ds.seglan.com/ 1
default-src 'self' https://*.fbcdn.net https://*.cdninstagram.com; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com https://connect.facebook.net https://www.facebook.com https://audio7.audima.co blob: data:; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com https://api.cvortex.com https://backmenu.audima.co https://ka-f.fontawesome.com https://cdn.privacytools.com.br https://pt.wiktionary.org https://en.wiktionary.org https://es.wiktionary.org https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://menu.audima.co https://ka-f.fontawesome.com https://vlibras.gov.br https://cdn.jsdelivr.net https://fonts.bunny.net data:; form-action 'self' https://www.facebook.com https://wpmudev.com data:; frame-ancestors 'none'; frame-src https://www.gstatic.com https://www.google.com https://audio7.audima.co https://www.youtube.com https://open.spotify.com https://clarity.microsoft.com https://td.doubleclick.net/ blob:; img-src 'self' https://minervafoods.com https://vlibras.gov.br https://www.google.com.br https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net https://s.w.org https://claritystatic.blob.core.windows.net https://menu.audima.co https://2.gravatar.com https://*.cdninstagram.com data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://menu.audima.co https://audio7.audima.co https://kit.fontawesome.com https://www.youtube.com https://cdn.privacytools.com.br https://www.vlibras.gov.br https://unpkg.com https://clarity.microsoft.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.privacytools.com.br https://fonts.bunny.net 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de *.podigee.io *.podigee-cdn.net *.interamt.de; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; report-uri /security/csp/report 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob:;img-src * data: blob:;font-src * data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.google.com fonts.googleapis.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tag.demandbase.com script.hotjar.com kit.fontawesome.com *.googletagmanager.com *.google.com *.google.co.uk www.gstatic.com cdn-apac.onetrust.com player.vimeo.com pi.pardot.com *.onetrust.com *.hsadspixel.net *.google-analytics.com googleads.g.doubleclick.net static.hotjar.com snap.licdn.com ws.zoominfo.com *.hs-scripts.com *.txone.com *.hs-banner.com *.hs-analytics.net js-eu1.usemessages.com *.googleadservices.com www.youtube.com *.clarity.ms; font-src 'self' data: *.fontawesome.com fonts.gstatic.com txone.localdev; img-src 'self' data: *.linkedin.com segments.company-target.com id.rlcdn.com track-eu1.hubspot.com *.onetrust.com dnbe7xanmz9uh.cloudfront.net *.gravatar.com media.txone.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google.com.tw googleads.g.doubleclick.net fonts.gstatic.com *.clarity.ms; media-src 'self' media.txone.com dnbe7xanmz9uh.cloudfront.net youtu.be; connect-src 'self' segments.company-target.com tag-logger.demandbase.com api.company-target.com stats.g.doubleclick.net ws.zoominfo.com *.fontawesome.com yoast.com *.linkedin.oribi.io *.onetrust.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com api-eu1.hubapi.com pagead2.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io api-eu1.hubspot.com googleads.g.doubleclick.net google.com px.ads.linkedin.com *.clarity.ms; frame-src 'self' s.company-target.com tag.demandbase.com www.google.com youtube.com www.youtube.com youtu.be player.vimeo.com *.youtube-nocookie.com td.doubleclick.net app-eu1.hubspot.com; frame-ancestors 'self'; object-src 'none' 1
base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; connect-src 'self' https://www.googletagmanager.com/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://api.cloud.247-inc.net/ https://stg-tie.cloud.247-inc.net/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://d1af033869koo7.cloudfront.net http://d1af033869koo7.cloudfront.net https://dpm.demdex.net/ https://adobedc.demdex.net/ https://edge.adobedc.net https://privacyportal-eu.onetrust.com/ wss://127.0.0.1:2045; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://fonts.gstatic.com/ https://cm.everesttech.net/ data: blob:; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=a12iJRcfHV7rtAXbkMvg0PwuCt%2F8zbe1oGPOesDppIXGlpWpRBFmGC1dE7CKYrHvVdmFw0Tdi2O5ajmRKKleyg%3D%3D;  1
frame-ancestors https://go.cargomatic.com/l/911892/2023-10-10/rzl4f 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 1
default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io calendly.com *.calendly.com *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com  *.privacy-center.org ; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr  *.youtube.com  *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.vectary.com  *.instagram.com *.facebook.com *.cdninstagram.com *.googletagmanager.com *.pinterest.com calendly.com *.calendly.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com  *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.calendly.com  *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com  *.privacy-center.org ; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com  *.privacy-center.org *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com  *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.pinterest.com *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com  *.contentsquare.net *.contentsquare.com  *.contentsquare.fr  *.google-analytics.com  *.soyooz.com  *.mxpnl.com  code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com  googleads.g.doubleclick.net  *.facebook.net  *.tradelab.fr  *.pinimg.com *.inbenta.services *.inbenta.io calendly.com *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com  *.privacy-center.org ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com  *.soyooz.com  *.atlantic.fr  *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.calendly.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com  *.privacy-center.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
frame-ancestors 'self' bewerbung.jobs 1
script-src 'self' 'unsafe-eval' 'nonce-fb44ed9d0dd597d7873c48b433e62f27' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'nonce-fb44ed9d0dd597d7873c48b433e62f27' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U='  'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU='  'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4='  'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o='  'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A='  'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0='  'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg='  'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0='  'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8='  'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='  'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk='  'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k='  'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g='  'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM='  'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc='  'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA='  'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw='  'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs='  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='  'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA='  'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8='  'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM='  'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60='  'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk='  'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA='  'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4='  'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA='  'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0='  'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo='  'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg='  'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8='  'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk='  'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4='  https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
: default-src 'self' 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.mega.com pi.pardot.com www.googletagmanager.com cdn.jsdelivr.net cdn-cookieyes.com snap.licdn.com static.oktopost.com static.ads-twitter.com bat.bing.com *.hotjar.com scout-cdn.salesloft.com www.clarity.ms okt.to *.zoho.com *.zohocdn.com js.zi-scripts.com googleads.g.doubleclick.net www.google-analytics.com *.googleadservices.com www.youtube.com blob:; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net css.zohocdn.com; img-src 'self' 'unsafe-inline' *.linkedin.com *.cookieyes.com *.bing.net *.clarity.ms *.bing.com *.zohopublic.com t.co analytics.twitter.com cdn-cookieyes.com data: google.com *.google.com *.google.fr *.google.nl *.google.co.uk *.google.be *.google.sg *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.ytimg.com; media-src 'self'; frame-src 'self' www2.mega.com td.doubleclick.net www.googletagmanager.com www.youtube.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' css.zohocdn.com themes.googleusercontent.com; connect-src 'self' log.cookieyes.com px.ads.linkedin.com *.clarity.ms bat.bing.net js.zi-scripts.com google.com  *.google.com  *.zohopublic.com  ws.zoominfo.com cdn-cookieyes.com bat.bing.com wss://vts.zohopublic.com www.google-analytics.com *.doubleclick.net scout.salesloft.com *.googlesyndication.com *.google-analytics.com *.cookieyes.com *.googleadservices.com *.hotjar.io wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; object-src https://*.cloudfront.net/; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com *.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.amazonaws.com/ https://*.cloudfront.net/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://unpkg.com https://fonts.googleapis.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; report-uri /report-csp-violation 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
"default-src *" 1
base-uri 'self'; child-src location.westernunion.com/de https://*.quantummetric.com blob: 'self' gap: https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://includes.ccdc02.com *.cardinalcommerce.com *.westernunion.com/ https://westernunion.demdex.net/ https://www.googletagmanager.com/ *.facebook.net/ *.facebook.com/ facebook.com/ facebook.net/ *.snapchat.com/ snapchat.com/ https://*.doubleclick.net/ https://*.fls.doubleclick.net/; frame-src location.westernunion.com/de https://*.quantummetric.com blob: 'self' gap: https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://includes.ccdc02.com *.cardinalcommerce.com *.westernunion.com/ https://westernunion.demdex.net/ https://www.googletagmanager.com/ *.facebook.net/ *.facebook.com/ facebook.com/ facebook.net/ *.snapchat.com/ snapchat.com/ https://*.doubleclick.net/ https://*.fls.doubleclick.net/; connect-src location.westernunion.com/de kg668dbov0.execute-api.us-east-1.amazonaws.com includes.ccdc02.com *.cardinalcommerce.com *.quantummetric.com https://dpm.demdex.net/ *.adobedtm.com/ https://westernunion.demdex.net/ 'self' *.googleapis.com *.westernunion.com/ https://westernunionsend2correctionswebsiteprod.112.2o7.net *.2o7.net *.omtrdc.net https://www.googletagmanager.com/ https://sc-static.net/ *.google.com/ google.com/ *.googleadservices.com *.tiktok.com/ tiktok.com/ *.facebook.net/ *.facebook.com/ facebook.com/ facebook.net/ *.snapchat.com/ snapchat.com/ *.bing.com/ bing.com/ https://*.doubleclick.net/ https://*.fls.doubleclick.net/; default-src *.quantummetric.com 'self' gap: *.googleapis.com *.westernunion.com/ https://westernunion.demdex.net/ https://www.googletagmanager.com/ *.adobedtm.com/ *.googleadservices.com/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: *.googleapis.com https://dpm.demdex.net/ *.westernunion.com/ https://westernunionsend2correctionswebsiteprod.112.2o7.net https://cm.everesttech.net https://www.googletagmanager.com/ adservice.google.com sc-static.net/ *.googleadservices.com/ *.google.co.in/ *.google.com/ *.tiktok.com/ tiktok.com/ *.facebook.net/ *.facebook.com/ facebook.com/ facebook.net/ *.snapchat.com/ snapchat.com/ *.bing.com/ bing.com/ *.doubleclick.net/ doubleclick.net/ blob:; media-src *; object-src *.quantummetric.com https://www.googletagmanager.com/ *.adobedtm.com https://sc-static.net/ *.google.com/ google.com/ *.googleadservices.com/ https://westernunion.demdex.net/ https://*.doubleclick.net/ https://*.fls.doubleclick.net/; script-src kg668dbov0.execute-api.us-east-1.amazonaws.com *.cardinalcommerce.com includes.ccdc02.com https://*.quantummetric.com https://mpsnare.iesnare.com/ 'self' maps.googleapis.com *.adobedtm.com https://www.googletagmanager.com/ https://sc-static.net/ *.google.com/ google.com/ *.googleadservices.com/ *.tiktok.com/ tiktok.com/ *.facebook.net/ *.facebook.com/ facebook.com/ facebook.net/ *.snapchat.com/ snapchat.com/ *.bing.com/ bing.com/ https://*.doubleclick.net/ https://*.fls.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.googletagmanager.com/ https://sc-static.net/ *.google.com/ google.com/ *.googleapis.com 'unsafe-inline'; frame-ancestors *.quantummetric.com 'self' gap: https://dpm.demdex.net/ googletagmanager.com/ https://sc-static.net/ *.google.com/ google.com/ *.googleadservices.com/ https://*.doubleclick.net/ https://*.fls.doubleclick.net/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=3z8yyvg2Hyl9OsqcKaVw6A2axrXP5uRXWn2csvPX37onP7HBqUH2ZY9em89sLIHO%2FQGHZ6TXqbS1KJI5rN5ywg%3D%3D; 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl; frame-ancestors 'self' *.ufg.pl; 1
frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms https://c.bing.com https://*.bing.com https://*.bing.net;frame-src https://www.youtube.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.linkedin.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com https://*.bing.com https://*.bing.net;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=' https://*.bing.com https://*.bing.net https://secure.adnxs.com;style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.licdn.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;child-src *.facebook.com *.facebook.net;manifest-src https://www.wefact.nl 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.adobedtm.com *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.facebook.net *.contextweb.com cdn.jsdelivr.net cdnjs.cloudflare.com google.com player.vimeo.com unpkg.com *.newrelic.com *.di-capt.com *.licdn.com *.pmsrv.co *.vimeocdn.com *.opendns.com *.rlcdn.com *.redditstatic.com; frame-src 'self' *.vimeo.com *.adsrvr.org *.doubleclick.net *.googletagmanager.com *.vimeocdn.com otsuka.demdex.net; child-src 'self' *.vimeo.com *.adsrvr.org *.doubleclick.net *.googletagmanager.com *.vimeocdn.com otsuka.demdex.net; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' www.google-analytics.com *.analytics.google.com *.google-analytics.com wss://www.joa.fr stats.g.doubleclick.net maps.googleapis.com www.novaresa.net www.joa.fr consentcdn.cookiebot.com www.facebook.com; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none' https://enplug.com https://*.enplug.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com module.lafourchette.com widget.thefork.com *.weezevent.com ubishaker.com t.regionsjob.com *.gaming1.com www.google.com widget.fanzo.com www.facebook.com consentcdn.cookiebot.com *.paperform.co; img-src 'self' www.googletagmanager.com media.joa.fr www.google-analytics.com ytimg.com i.ytimg.com img.youtube.com www.facebook.com www.google.com www.google.fr maps.googleapis.com *.gstatic.com data: blob: www.novaresa.net novaresa.net icons.batch.com www.google.ch www.google.hr www.google.lu www.joa.fr www.tripadvisor.fr via.batch.com apply.indeed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com www.youtube.com connect.facebook.net maps.googleapis.com www.novaresa.net www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.joa.fr www.weezevent.com t.regionsjob.com paperform.co static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.novaresa.net www.googletagmanager.com; upgrade-insecure-requests; report-uri /csp 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; connect-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.pega.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mypurecloud.com.au https://*.youtube-nocookie.com https://*.youtube.com https://subscriptions.smartrecruiters.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; img-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://*.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io https://*.google.co.nz *.google.co.nz https://meridian-production-media.s3.ap-southeast-2.amazonaws.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com 'nonce-Mzc3MzYwZGU5MWUzZTI2NjRmZDkxNzZkNmIyNDZiYmNkM2MwOGYxZDBmZTZkOWJkMDdiMGJhYmNkMjljZWNhN2VhYzFmYzRlZjk0YmQ3MzI5NDcwZWFjMGRjMzI3NGQ5NGJkODQ2ZGUyOTZkNjcyMDFhYjgyZTliYWE3YTcyODA=' 'unsafe-eval' blob:; style-src 'self' https://s.swiftypecdn.com https://*.mypurecloud.com.au https://static.smartrecruiters.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6229198/security/?sentry_key=d3383061a5464af09b0da48432305265&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://*.slinger.to/ https://*.doubleclick.net/ https://hcaptcha.com https://*.hcaptcha.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-OcJAf0/3zvZWH4SkjyQYTQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.doubleclick.net; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch *.cablex-germany.de; frame-ancestors *.cablex.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.cablex-germany.de *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com *.google.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.youtube.com *.doubleclick.net *.google.com *.gstatic.com; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch *.cablex-germany.de; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 1
base-uri 'self'; child-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.feefo.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbankinggroup.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://ict.infinity-tracking.net/ https://insights.sitesearch360.com/ https://stats.g.doubleclick.net/ https://www.google.co.uk/ https://www.google.com/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' https://*.feefo.com/ https://*.paragonbankinggroup.co.uk/ https://*.surveymonkey.com/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://ict.infinity-tracking.net/ https://pagead2.googlesyndication.com/ https://snap.licdn.com/ https://unpkg.com/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://dev.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://register.feefo.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self' https://*.surveymonkey.com/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=hqp0qRM4o1k%2FAUHhGK2xE%2BGr95KNN1u6hZCL4YtbaDjev9mFcSWY376g2jBmJNSy8RURTCQb%2FlvyXXxJn3gucQ%3D%3D; 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://snazzymaps.com https://maps.googleapis.com https://player.vimeo.com https://api.ipdata.co https://*.ipdata.co https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://use.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://snazzymaps.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://*.warburgpincus.com *.warburgpincus.com https://warburgpincus.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://i.vimeocdn.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://snazzymaps.com https://player.vimeo.com https://maps.googleapis.com https://api.ipdata.co https://*.ipdata.co https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://snazzymaps.com https://player.vimeo.com https://maps.googleapis.com https://api.ipdata.co https://*.ipdata.co https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
policy-uri /Feature-Policy: geolocation 'self' 1
default-src 'self'; script-src 'self' 'self' https://www.google.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src 'self' data: fonts.gstatic.com;frame-src 'self' https://www.google.com; report-uri https://login.microworkcloud.com.br/csp/report 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com https://sgtm.deltalight.com; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com sgtm.deltalight.com https://cookie-cdn.cookiepro.com; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
frame-ancestors 'self' https://finance.sponser.co.il https://rotter.net https://m.sponser.co.il ; 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self' https://*.energylink.com wss://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net 'unsafe-eval' 'unsafe-inline'; font-src 'self' blob: data: https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us https://fonts.googleapis.com https://fonts.google.com https://fonts.gstatic.com; img-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; object-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; media-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com https://player.vimeo.com; script-src 'self' blob: data: https://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com;  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
report-uri https://abgtr7ca.uriports.com/reports/enforce; report-to default; script-src 'self' 'unsafe-eval' 'strict-dynamic' https: 'unsafe-inline' 'sha256-/2V1ijN/DgDEDyuknBBa8x/IweuoOUNBhYqWAlTfrAs=' 'sha256-y3YyXG6Irx3+WJzNWsRWYaYS22VFUWZ5QEhbUKcr4pE=' 'sha256-kJSetDBewtVAhs/ZALDDMc8OxygoKufBG+OOatdJYJU=' 'nonce-PD76LQYKtF81kLop2JiBvg=='; object-src 'none'; base-uri 'none'; frame-ancestors 'self' https://weddybird.com/; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com app.privacybee.ch app.privacybee.io *.googleapis.com *.google.com *.google.ch; font-src 'self' fonts.gstatic.com cdn.scaleflex.it; frame-src player.vimeo.com www.googletagmanager.com challenges.cloudflare.com; img-src 'self' data: region1.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.google.ch maps.gstatic.com; script-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.privacybee.ch app.privacybee.ch app.privacybee.io challenges.cloudflare.com 'nonce-bfDw/52iiuG42W1AiGRbhg=='; style-src 'self' fonts.googleapis.com app.privacybee.ch app.privacybee.io 'unsafe-inline'; upgrade-insecure-requests; report-uri /nelmio/csp/report; worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://polyfill.io *.google.com *.google.ad *.google.al *.google.am *.google.as *.google.at   *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch  *.google.ci *.google.cl *.google.cm *.google.cn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm  *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq  *.google.is *.google.it *.google.je *.google.jo *.google.ki *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net https://maps.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.google.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://snap.licdn.com https://polyfill.io/v3 https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' *.pumps.circor.com *.circor.com *.youtube.com *.vimeo.com https://js.stripe.com https://consentcdn.cookiebot.com *.doubleclick.net *.google.com https://circor.prod.acquia-sites.com; child-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; connect-src 'self' https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu https://px.ads.linkedin.com wss://ws.hotjar.com https://content.hotjar.io https://www.google.com https://*.google-analytics.com https://metrics.hotjar.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.analytics.google.com https://maps.googleapis.com; report-uri /report-csp-violation 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.polkastarter.com https://*.cookie3.co https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://*.bnbchain.org https://*.bnbchain.org:8545/ https://rpc.ankr.com/bsc https://*.binance.org https://testnet.omni.network https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.base.org https://sepolia.base.org https://forno.celo.org https://alfajores-forno.celo-testnet.org https://mainnet.mode.network https://sepolia.mode.network https://goerli.optimism.io https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc.ankr.com/polygon_mumbai https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://rpc.ankr.com https://rpc.ankr.com/eth https://rough-lingering-pine.bsc.quiknode.pro https://little-intensive-wildflower.quiknode.pro https://rpc.mainnet.sui.io/ https://httpbin.org/;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'none';frame-src https://verify.synaps.io/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live https://www.tradingview-widget.com https://s.tradingview.com https://*.facebook.net https://*.facebook.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co https://www.youtube.com https://unpkg.com https://s3.tradingview.com https://*.facebook.net https://*.facebook.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdn.cookielaw.org s2.adform.net browser.sentry-cdn.com js.hubspot.com js.sentry-cdn.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net maps.googleapis.com pagead2.googlesyndication.com server.adform.net *.lytics.io; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css *.lytics.io; img-src 'self' blob: data: cdn.cookielaw.org *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net *.lytics.io; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' fast.wistia.net *.hs-sites.com fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net c.lytics.io; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org adservice.google.com px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src \'self\'; img-src *; media-src * data:; 1
frame-ancestors https://betway.be https://betway.com https://betway.de https://www.betway.dk https://betway.es https://www.betway.it https://betway.mx https://beyway.se https://betway.ca https://betway.nl https://betwaysatta.com https://betwaysatta1.com https://betwayarabia.com https://sports.betway.be https://sports.betway.com https://sports.betway.de https://sports.betway.dk https://sports.betway.es https://sports.betway.it https://sports.betway.mx https://sports.beyway.se https://sports.betway.ca https://sports.betway.nl https://sports.betwaysatta.com https://sports.betwaysatta1.com https://sports.betwayarabia.com https://staging.betway.be https://staging.betway.com https://staging.betway.de https://staging.betway.dk https://staging.betway.es https://staging.betway.it https://staging.betway.mx https://staging.beyway.se https://staging.betway.ca https://staging.betway.nl https://staging.betwaysatta.com https://staging.betwaysatta1.com https://staging.betwayarabia.com https://sportsbackend.net https://*.sportsbackend.net https://sportsbackend.dev https://*.sportsbackend.dev https://sportsuat.com https://*.sportsuat.com https://uat.betway.com https://*.uat.betway.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at https://*.spotify.com https://archiv.yourvideo.tv https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://*.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://ugotchi.at wss://*.onlim.com https://*.googleapis.com https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com https://*.onlim.com; media-src https://* 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com wireframe.cc cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-2b876eac1fdfbce9e4e5ed107baa8b09' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none'; frame-ancestors 'self' 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-eu.purina.fr; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.fr 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.creditsafe.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; script-src https://*.axept.io 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.hipay.com *.paypal.com *.static.axept.io 'sha256-Tzsl1EqoO9KsY3ZLwZ/PCkw3WnjUwoiMZoQUR6wG6mw=' 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com *.screeb.app 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-Dzik/WB+gJBcz9UYbbFUYFlTaU4qb0rrolNQQCQBQLU=' 'sha256-t19EsRsyX2bh0qql+yUUtI62N0Lx4bXF/EmD3xAx6B8='; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com *.screeb.app wss://*.screeb.app; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; connect-src 'self' https://client.axept.io https://api.axept.io https://user-api-dot-pi-prod-user-management-api.ew.r.appspot.com https://*.axeptio.eu *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.hipaytech.com *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.run.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com *.screeb.app *.paypalobjects.com twemoji.maxcdn.com https://axeptio.imgix.net https://favicons.axept.io https://*.gstatic.com; frame-src https://authentication.hipay.com; frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.smart-cloud-intelligence.com/ https://secure.smart-cloud-intelligence.com/js/ https://secure.smart-cloud-intelligence.com/Track/ https://secure.smart-cloud-intelligence.com/js/269760.js https://secure.smart-cloud-intelligence.com/Track/Capture.aspx https://secure.365syndicate-smart.com/js/794216.js https://*.365syndicate-smart.com/ https://secure.365syndicate-smart.com/Track/ https://secure.365syndicate-smart.com/Track/Capture.aspx https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/ https://js.hscollectedforms.net/ https://js.usemessages.com/ https://js.hs-banner.com/ https://js.hubspot.com/ https://js.hs-scripts.com/ https://forms.hscollectedforms.net/ https://static-assets.ripplingcdn.com/ats/embeds/ https://*.ripplingcdn.com https://*.rippling.com/ https://ats.rippling.com/; img-src 'self' data: blob: https://fia-tech.com https://www.paypalobjects.com/ https://www.greatplacetowork.com/images/profiles/7037816/ https://secure.gravatar.com/avatar/; object-src 'self' data: blob: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/ https://ats.rippling.com/; frame-src 'self' data: blob: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/ https://ats.rippling.com/; 1
upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1
frame-ancestors t.signalplus.com fi.signalplus.com t.signalplus.net fi.signalplus.net  falconx.signalplus.com falconx.signalplus.net t-pre.signalplus.com; 1
frame-ancestors 'self' decisely.com *.decisely.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it  mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1
default-src 'self' https://learn.founderz.com https://staging.founderz.com http://founderz.test http://founderz.local; img-src *; media-src * data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com code.jquery.com:* static.addtoany.com:* cdn.jsdelivr.net:*  googleads.g.doubleclick.net:* connect.facebook.net:* cdnjs.cloudflare.com:* cdn.cookielaw.org:* *.gigya.com:* *.qualtrics.com *.adimo.co:* app.tintup.com:* tintup.com:* www.tintup.com www.google.com www.recaptcha.net www.gstatic.com *.nestlegoodnes.com js-agent.newrelic.com:* assets.pinterest.com:* *.atlassian.net:* apis.google.com:* *.qualifioapp.com; object-src 'none'; frame-src 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com *.qualtrics.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.youtube.com *.qualifioapp.com; frame-ancestors 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.qualifioapp.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://cdn.cookielaw.org https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1
script-src 'nonce-LaQSNubkf9k7Us1vGANXAukqjtk=' 'strict-dynamic' 'self' 'unsafe-eval'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://tours.ymcagta.org; report-uri https://www.ymcagta.org/cdna-api/webhook/csp; 1
base-uri  'self' ; child-src  'self' blob: ; connect-src  'self' *.ads.linkedin.com *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src  'self' blob: *.crazyegg.com *.constantcontact.com; font-src  'self' *.gstatic.com *.bootstrapcdn.com data:  fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action  'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src  'self' td.doubleclick.net tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  blob: www.google.com www.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors  'self' ; img-src  'self'  'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com  ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src  'self' ; media-src  'self' *.medtronic.com s.w.org ; object-src  'self' ; script-src  'self'  'unsafe-inline' payments.blackbaud.com tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem  'self'  'unsafe-inline' payments.blackbaud.com tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr  'self'  'unsafe-inline'  'unsafe-eval' ; style-src  'self'  'unsafe-inline' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem  'self'  'unsafe-inline' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr  'self'  'unsafe-inline' ; worker-src  'self' blob: ;  upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1
default-src 'none'; base-uri www.hahn-airport.de www.hahn-airport-cargo.com; block-all-mixed-content; connect-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de; font-src www.hahn-airport.de www.hahn-airport-cargo.com; form-action www.hahn-airport.de www.hahn-airport-cargo.com parken.hahn-airport.de; frame-ancestors www.hahn-airport.de www.hahn-airport-cargo.com; frame-src www.hahn-airport.de www.hahn-airport-cargo.com; img-src www.hahn-airport.de www.hahn-airport-cargo.com data: *.openstreetmap.de; media-src www.hahn-airport.de www.hahn-airport-cargo.com; script-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de 'sha256-3gL0ESqaJki/Wh0f/lc2YDLEdxGa87F8Q5TXgPOCikM=' 'sha256-81MEiw1n03G/Umzr1t9TBswGsKYi01GH9Qu+KQu7dD4=' 'sha512-xbcqNOgP70FrlmytA93CaZ+Lh4zepgmKXpUeumuNwRa8sD7TlgTwTgSBKrbiP5/HcguwdErI+ExunDL8rxCrkg==' 'sha512-px1M+IgU2D7N1Ag8ujEEbrR/bWVa9WcgiPLZ6flkhCC+8XiyDRgirHntE0Un+lSGbp4p/VA403aBf4NWUPAD8A==' 'sha512-Tyxc4Zm8bJMo23iSuUGf1AwygBbaOSZEvgDkIoZNrH9oAdhVZp6ZgdFSeajkBFA/J7YY/rQXtXaTxUiZUU1S/w=='; style-src www.hahn-airport.de www.hahn-airport-cargo.com 'unsafe-hashes' fast.fonts.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0kneztpqrRRhpdMukBrBUYV4ZMDr+1A5B/zcgBxiCdQ='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://app.mailjet.com/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://app.mailjet.com/; object-src 'self' https://cdn.joomlacontenteditor.net/ 1
default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1
script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz ct.leady.com; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-7TcS8tBn69Paeshjow+/CQ=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-7TcS8tBn69Paeshjow+/CQ=='; upgrade-insecure-requests; report-uri /csp/report 1
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https: rldb:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://ckf02.lancsd.org https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://bam.nr-data.net  https://dmaqfsvvftg8w.cloudfront.net/dtc.all.min.js  https://reactjs.org/link/react-devtools  https://pscentral.shoppable.com/cartAuth https://*.krxd.net https://s.yimg.com https://www.youtube.com *.bazaarvoice.com *.ada.support https://mpsnare.iesnare.com/ https://tr.snapchat.com https://analytics.tiktok.com https://api.ipify.org https://script.crazyegg.com https://acsbapp.com http://static.ads-twitter.com http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://bat.bing.com/bat.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js https://cdnjs.cloudflare.com/ajax/libs/image-picker/0.3.1/image-picker.js https://insight.adsrvr.org https://cdn.optimizely.com/js/27562260171.js https://a25353130117.cdn.optimizely.com https://*.optimizely.com https://cdn.optimizely.com https://*.cdn.optimizely.com https://staging-dogcheckupchallenge.snipp.us/Upload.aspx https://staging-catcheckupchallenge.snipp.us/Upload.aspx https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://checkupchallenge-dog.snipp.us/ https://checkupchallenge-cat.snipp.us/ https://cdn.ampproject.org https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css *.qualtrics.com https://royalcanincx.qualtrics.com/ https://znbogsizglasvsj70-royalcanincx.siteintercept.qualtrics.com https://cdnjs.cloudflare.com https://shoppable.commerce-connector.com https://t.contentsquare.net/uxa/629ab3f372251.js https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net/pagead https://www.googleadservices.com/*; object-src 'none'; frame-src 'self' https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://processor808.shoppable.com https://www.youtube.com/ https://ct.pinterest.com https://*.krxd.net https://*.bazaarvoice.com *.ada.support/ https://marspetcare-na.ada.support https://pedigreedg.snipp.us https://marspetcare-bark.ada.support/ https://www.facebook.com https://checkupchallenge-cat.snipp.us https://checkupchallenge-dog.snipp.us https://td.doubleclick.net/ https://stagingiamssweepstakes.snipp.us https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js https://iamssweepstakes.snipp.us https://a25353130117.cdn.optimizely.com https://insight.adsrvr.org *.id.opendns.com https://match.adsrvr.org https://checkupchallenge-dog.snipp.us/ https://checkupchallenge-cat.snipp.us/ https://royalcanincx.qualtrics.com/ https://shop.pricespider.com/; child-src blob: 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-3a4d8fb20a138b8394314ccd26010b49' 'nonce-51cac3bbed4a1cd47af35bc7e2e654b7' 'nonce-620e02d3eaa97549fbd6100a6134daef' 'nonce-408735785d996f1a2541f19c7d75d61d' 'nonce-d38e1e092ffd531624fdb3f74180d2e4' 'nonce-b9c4d9576ff08fefcaea4f026b1190d4' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-3a4d8fb20a138b8394314ccd26010b49' 'nonce-51cac3bbed4a1cd47af35bc7e2e654b7' 'nonce-620e02d3eaa97549fbd6100a6134daef' 'nonce-408735785d996f1a2541f19c7d75d61d' 'nonce-d38e1e092ffd531624fdb3f74180d2e4' 'nonce-b9c4d9576ff08fefcaea4f026b1190d4' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-ae92273abcc9d40e4ebfc0e0ad3c8f83' 'nonce-c2f5a6fb5f6aebea46b032c4815bdba1' 'nonce-d50cf6bc20f9920f2d1c62283fe053b3' 'nonce-170afd4e782f96c0ddb2449b3374bb55' 'nonce-05921d513eaa2f72f2c7ae66331ebb64' 'nonce-9155689bcd3d8d1c28baec6278ed5227' 'nonce-25e41e001e239e5a439b36870c74c29f' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ae92273abcc9d40e4ebfc0e0ad3c8f83' 'nonce-c2f5a6fb5f6aebea46b032c4815bdba1' 'nonce-d50cf6bc20f9920f2d1c62283fe053b3' 'nonce-170afd4e782f96c0ddb2449b3374bb55' 'nonce-05921d513eaa2f72f2c7ae66331ebb64' 'nonce-9155689bcd3d8d1c28baec6278ed5227' 'nonce-25e41e001e239e5a439b36870c74c29f' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none'; default-src 'self'; child-src https://*.yachtbuyer.com https://www.youtube.com https://www.google.com https://*.vimeo.com https://www.facebook.com https://iframe.mediadelivery.net; connect-src 'self' https://a.yachtbuyer.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://*.vimeo.com https://vimeo.com https://stats.g.doubleclick.net https://www.facebook.com https://zoom.yachtcast.net https://error.dfusion.com https://*.clarity.ms; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://www.facebook.com; frame-ancestors https://*.yachtbuyer.com; img-src 'self' https://*.yachtbuyer.com https://*.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://i.vimeocdn.com https://*.googletagmanager.com https://www.google.com https://www.bugherd.com https://www.facebook.com https://zoom.yachtcast.net https://i.ytimg.com https://img.youtube.com https://*.clarity.ms blob: data:; media-src 'self' https://*.vimeo.com https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https://*.yachtbuyer.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://*.vimeo.com https://www.youtube.com https://connect.facebook.net https://browser.sentry-cdn.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://www.bugherd.com 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self' www.clarity.ms c.bing.com *.clarity.ms *.iadvize.com wss://*.iadvize.com static.zdassets.com ekr.zdassets.com ekr.zendesk.com *.zendesk.com api.smooch.io media.smooch.io zendesk-eu.my.sentry.io *.twilio.com *.zendesk.com zendesk-eu.my.sentry.io api.smooch.io voice-js.roaming.twilio.com wss://*.zendesk.com wss://*.zopim.com;base-uri 'self' d6tizftlrpuof.cloudfront.net;form-action 'self' *.adyen.com facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' app.storyblok.com *.forter.com vercel.live pay.google.com *.cloudflarestream.com www.paypal.com *.chantelle.com *.livera.nl *.femilet.dk *.cookielaw.org www.googletagmanager.com connect.facebook.net *.bing.com *.iadvize.com *.taboola.com *.tiktok.com *.digital-metric.com *.pinimg.com *.adleadevent.com *.affilae.com *.doubleclick.net *.usabilla.com *.hotjar.com *.digital-metric.net www.clarity.ms *.pinterest.com *.air360tracker.net *.air360.io cdn.jsdelivr.net *.trustedshops.com d1pna5l3xsntoj.cloudfront.net *.ablyft.com ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js https://core.helloretail.com/serve/setup https://sdk.privacy-center.org https://api.privacy-center.org/ *.helloretailcdn.com static.zdassets.com *.thuiswinkel.org *.thuiswinkel-cdn.org *.zendesk.com https://app.aiden.cx/webshop/build/aiden-embedded.min.js *.emaerket.dk https://snap.licdn.com/li.lms-analytics/insight.min.js https://acro-public-assets.s3.eu-central-1.amazonaws.com/NL-popup/LV-desktop.js widget-mediator.zopim.com https://js.go2sdk.com/v2/tune.js https://tag.heylink.com/960f0d92-a289-4025-96d4-364fe890cdef/script.js *.hyj.mobi https://xn--nskeskyen-k8a.dk/onskeskyen-wish-button/external-wish-button.js https://storage.googleapis.com/gowish-button-prod/js/gowish-iframe.js *.adyen.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app  blob:;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com *.iadvize.com *.amazonaws.com *.mapbox.com *.air360tracker.net *.air360.io cdn.jsdelivr.net *.ablyft.com *.thuiswinkel-cdn.org d1pna5l3xsntoj.cloudfront.net oenskeinspiration.dk inspiration.onskeskyen.dk cash-f.squarecdn.com;img-src 'self' purecatamphetamine.github.io/country-flag-icons/ storage.googleapis.com/gowish-button-prod/img/ *.adyen.com a.storyblok.com via.placeholder.com placeholderimage.eu www.gstatic.com *.cloudfront.net sdk.privacy-center.org www.paypalobjects.com *.cookielaw.org *.picsum.photos picsum.photos www.facebook.com *.doubleclick.net *.google.com *.google.fr *.google.de *.google.at googleads.g.doubleclick.net *.chantelle.com *.livera.nl *.femilet.dk *.bing.com *.usabilla.com *.digital-metric.net *.iadvize.com *.tiktok.com *.mapbox.com *.air360tracker.net *.air360.io *.trustedshops.com *.googletagmanager.com bat.bing.net c.clarity.ms *.ablyft.com static.zdassets.com accounts.zendesk.com *.zendesk.com media.smooch.io *.zdusercontent.com *.amazonaws.com *.cloudfunctions.net static.affilae.com *.thuiswinkel-cdn.org lb.affilae.com *.linkedin.com *.bidswitch.net *.casalemedia.com *.google.je *.adnxs.com *.360yield.com *.pubmatic.com *.smartadserver.com sync-eu.connectad.io chantelle.com *.google.ie data:;media-src 'self' watch.cloudflarestream.com *.cloudflarestream.com static.zdassets.com data: blob:;font-src 'self' fonts.gstatic.com *.air360tracker.net *.air360.io cdn.jsdelivr.net *.iadvize.com *.trustedshops.com cash-f.squarecdn.com data:;connect-src 'self' *.forter.com *.cloudfront.net *.adyen.com vercel.live *.helloretail.com https://api.privacy-center.org *.google.com/pay https://google.com/pay https://pay.google.com https://www.sandbox.paypal.com www.paypal.com *.cookielaw.org *.onetrust.com *.chantelle.com *.livera.nl *.femilet.dk *.google.com *.taboola.com *.iadvize.com *.pinterest.com *.tiktok.com bat.bing.com bat.bing.net *.clarity.ms *.doubleclick.net *.mapbox.com *.air360tracker.net *.air360.io *.hotjar.io *.cloudflarestream.com *.trustedshops.com *.hotjar.com *.amazonaws.com *.facebook.com wss://*.iadvize.com wss://*.twilio.com *.ablyft.com *.helloretailcdn.com *.zdassets.com *.zendesk.com wss://pod-28-sunco-ws.zendesk.com wss://widget-mediator.zopim.com https://api.country.is lb.affilae.com *.thuiswinkel-cdn.org app.aiden.cx *.linkedin.com;frame-src *.adyen.com pay.google.com *.paypal.com *.doubleclick.net *.pinterest.com www.googletagmanager.com *.cloudflarestream.com tsdtocl.com www.facebook.com *.iadvize.com *.air360.io lb.affilae.com app.aiden.cx widget-mediator.zopim.com *.widget.thuiswinkel.org *.chantelle.com *.femilet.dk *.livera.nl onskeskyen.dk onskeskyen.no gowish.com *.onskeskyen.dk *.onskeskyen.no *.gowish.com *.youtube.com www.youtube.com youtube.com *.glimpact.com;frame-ancestors app.storyblok.com *.air360.io;manifest-src 'self' https://www.google.com/pay;upgrade-insecure-requests; 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-189bf49a0c92a8f560ac63cec6e6c829' 'nonce-ad30bc37e2e15bfb293c9a4c165e8d3c' 'nonce-327e6e428129d92d51a2a48a4c152c55' 'nonce-208b46c04f90057035e5b867ff70c746' 'nonce-bec9a25c646ca67104623fb9ed5b4419' 'nonce-a7ec568bf81f148b1e28ed49c934f506' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-189bf49a0c92a8f560ac63cec6e6c829' 'nonce-ad30bc37e2e15bfb293c9a4c165e8d3c' 'nonce-327e6e428129d92d51a2a48a4c152c55' 'nonce-208b46c04f90057035e5b867ff70c746' 'nonce-bec9a25c646ca67104623fb9ed5b4419' 'nonce-a7ec568bf81f148b1e28ed49c934f506' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://barebells.com/; img-src 'self' data: blob: https://barebells.com/; object-src 'self' data: blob: https://barebells.com/; frame-src 'self' data: blob: https://barebells.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; img-src 'self' data: https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; object-src 'self' data: https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; frame-src 'self' data: https://*.hdrelay.com https://hdrelay.com https://app.e2ma.net https://*.e2ma.net https://calendar.google.com https://maps.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.tideschart.com/ https://www.blackbaudhosting.com https://*.blackbaudhosting.com https://*.blackbaudcdn.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://payments.blackbaud.com/; 1
default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.videoamp.com *.tapad.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fullstory.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org *.sc-static.net https://sc-static.net/scevent.min.js https://sc-static.net/sc-pixel-helper.min.js *.mikmak.ai *.swaven.com *.googleoptimize.com; object-src 'self'; style-src 'self'  'unsafe-inline' *.monsido.com *.jsdelivr.net *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.rubiconproject.com *.twitter.com *.monsido.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.videoamp.com *.tapad.com *.snapchat.com *.doubleclick.net *.analytics.yahoo.com *.adnxs.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/ *.mikmak.ai *.swaven.com *.abtasty.com; media-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.googletagmanager.com *.abtasty.com *.mikmak.ai *.swaven.com *.smartactivatordev.com https://cloud.bluetriton.com/; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.mikmak.ai *.swaven.com https://use.typekit.net/; connect-src 'self' *.fullstory.com *.doubleclick.net *.google-analytics.com *.facebook.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net *.mikmak.ai *.swaven.com *.google.com https://insight.adsrvr.org/track/realtimeconversion; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
frame-ancestors 'none'; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-8ce0fcd0032040ffe653b5afb06f7f17' 'nonce-a98e2b6c8875a751a3a97d1d1fe22b62' 'nonce-28ae8d2ec19f02f17c1768ec6bf63655' 'nonce-aca364d49b3b6e0327a64917fa5ebe62' 'nonce-26106d7761e68667d5f1b55d844382b5' 'nonce-72a007f5dbf04647988402c6ed046600' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8ce0fcd0032040ffe653b5afb06f7f17' 'nonce-a98e2b6c8875a751a3a97d1d1fe22b62' 'nonce-28ae8d2ec19f02f17c1768ec6bf63655' 'nonce-aca364d49b3b6e0327a64917fa5ebe62' 'nonce-26106d7761e68667d5f1b55d844382b5' 'nonce-72a007f5dbf04647988402c6ed046600' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src blob: https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://d5.gs1.mwsrv.de https://consent.cookiefirst.com https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com https://static.virtualbadge.io; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://consent.cookiefirst.com https://d5.gs1.mwsrv.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' https://copilotstudio.microsoft.com https://td.doubleclick.net https://*.googletagmanager.com https://*.gs1-germany.de https://optimize.google.com https://*.walls.io https://consent.cookiefirst.com https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://easy-feedback.com https://*.easy-feedback.com https://ext.nonstoppartner.net https://*.gs1.org https://f5ba538cf0d6445983504cc2cd8ccb42.svc.dynamics.com https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net https://public.virtualbadge.io; frame-ancestors 'self' https://*.dev.mehrwert.de https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1
default-src *.archiefweb.eu *.wp.com; frame-src *.archiefweb.eu googleads.g.doubleclick.net *.wp.com; script-src 'unsafe-inline' 'unsafe-eval' *.archiefweb.eu *.googleapis.com *.googlesyndication.com adservice.google.nl adservice.google.com *.wp.com; style-src 'unsafe-inline' *.archiefweb.eu *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src data: *.archiefweb.eu fonts.googleapis.com fonts.gstatic.com *.wp.com *.fontawesome.com wordpress.com *.bootstrapcdn.com; media-src *.archiefweb.eu; img-src data: *.archiefweb.eu *.w.org *.wp.com *.wordpress.com *.gravatar.com 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self' 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
default-src 'self' ; frame-src  'self' https://by.id.facct.ru https://acs2.bgpb.by https://3ds.alfabank.by https://ipcacs.bps-sberbank.by https://3ds.priorbank.by https://emv3ds.npc.by https://emv3ds.npc.by:8443 https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi2.mtbank.by:8046/ https://ucas.npc.by:8443/ https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com  https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io   https://app.blinger.io https://static.mybank.by data: blob:  https://www.google-analytics.com  https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  blob: *.googletagmanager.com *.google-analytics.com *.msecnd.net  *.visualstudio.com *.vimeo.com https://vimeo.com; frame-src 'self' *.vimeo.com https://vimeo.com; font-src 'self' data:; img-src 'self' *.google-analytics.com data:; 1
default-src 'self' 'unsafe-inline' *.zoll-portal.de; font-src 'self' *.bundesbots.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoll-portal.de *.bundesbots.de; img-src 'self' *.bundesbots.de data:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.zoll-portal.de wss://*.bundesbots.de 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
default-src * 'self' *.lpsnmedia.net *.billtrust.com; style-src 'self' http://* 'unsafe-inline' *.lpsnmedia.net *.liveperson.net *.billtrust.com https://*.hotjar.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.liveperson.net https://*.hotjar.com assets.adobedtm.com; img-src * 'self' data: https: *.lpsnmedia.net https://*.hotjar.com; font-src 'self' data: https://smart-ip.net *.kaltura.com https://*.hotjar.com; connect-src 'self' wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.azurewebsites.net wss://*.signalr.net *.signalr.net *.kaltura.com *.walkme.com *.demdex.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.omtrdc.net; frame-src * 'self' *.lpsnmedia.net *.liveperson.net; media-src 'self' blob: *.lpsnmedia.net *.kaltura.com; 1
frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1
default-src 'self'; block-all-mixed-content; connect-src 'self' googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com bat.bing.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.at *.cookiebot.eu *.google-analytics.com connect.facebook.net px.ads.linkedin.com px4.ads.linkedin.com stats.g.doubleclick.net *.transgourmet.com *.transgourmet.at svrdntfctn.com analytics.tiktok.com *.googleadservices.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.at *.gstatic.com *.googletagmanager.com *.google-analytics.com bat.bing.com api.mapbox.com *.mindspace.at *.vorauerfriends.com *.usercentrics.eu px.ads.linkedin.com px4.ads.linkedin.com *.transgourmet.com *.transgourmet.at *.facebook.com; script-src 'self' bat.bing.com *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.cookiebot.eu *.googletagmanager.com *.google-analytics.com snap.licdn.com connect.facebook.net svrdntfctn.com analytics.tiktok.com *.googleadservices.com; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; report-uri /csp/report 1
default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com sky.blackbaudcdn.net www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com connect.facebook.net *.facebook.com *.facebook.net host.nxt.blackbaud.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs static.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com sky.blackbaudcdn.net widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com connect.facebook.net *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com feeds.trac.jobs static.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io connect.facebook.net *.facebook.com *.facebook.net; img-src 'self' data: blob: imgsct.cookiebot.com www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs static.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io connect.facebook.net *.facebook.com *.facebook.net; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com connect.facebook.net *.facebook.com *.facebook.net; connect-src 'self' *.browsealoud.com feeds.trac.jobs static.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com sky.blackbaudcdn.net payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io connect.facebook.net *.facebook.com *.facebook.net; worker-src 'self' blob:; 1
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self' *.optimizely.com  wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1
frame-ancestors khh.travel 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/scripttemplates/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://*.gstatic.com ; img-src 'self' https://cdn.cookielaw.org/ https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org/ https://www.jobup.ch https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://privacyportal-ch.onetrust.com/request/v1/consentreceipts https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net/ https://10857799.fls.doubleclick.net/; 1
frame-ancestors 'self' http://remit.gkpge.pl http://www.remit.gkpge.pl https://remit.gkpge.pl https://www.remit.gkpge.pl 1
frame-ancestors 'self' https://*.squaredup.com https://squaredup.com https://app.gather.town; 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.hsforms.com *.hsforms.com; font-src 'self' https://*.typekit.net *.typekit.net; form-action 'self' https://*.hsforms.com *.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.hsforms.com *.hsforms.com https://*.matterport.com *.matterport.com https://*.youtube.com *.youtube.com https://*.google.com *.google.com; img-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.hsappstatic.com *.hsappstatic.com https://*.hsforms.com *.hsforms.com https://*.hs-embed-reporting.com *.hs-embed-reporting.com https://*.hubspot.com *.hubspot.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'self' https://*.olivia.com *.olivia.com https://samplelib.com samplelib.com https://*.googleapis.com *.googleapis.com; object-src 'none'; script-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.clarity.ms *.clarity.ms https://*.googletagmanager.com *.googletagmanager.com https://*.hsforms.net *.hsforms.net https://*.hs-scripts.com *.hs-scripts.com https://*.youtube.com *.youtube.com 'unsafe-inline'; style-src 'self' https://*.typekit.net *.typekit.net 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' https://appwizzy.com 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1
script-src 'nonce-abcdefg'; data: blob:; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
frame-ancestors https://web-ne-dev-h20-hippo.azurewebsites.net 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com *.usercentrics.eu *.snitcher.com data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
base-uri 'none'; default-src 'none'; connect-src 'self' https:; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' 1
object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
default-src 'self' *.akamaihd.net *.facebook.com *.kaporal.com *.kaporal.net *.payline.com *.payments-amazon.com *.truefitcorp.com https://photorankapi-a.akamaihd.net *.build.kaporal.net *.heyday.ai pay.google.com *.vimeo.com *.akamaized.net *.sc-static.net *.analytics.google.com blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.appsmiles.eu *.bing.com *.kaporal.com *.cdn.payline.com *.payments-amazon.com/ *.truefitcorp.com https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://photorankapi-a.akamaihd.net https://photorankstatics-a.akamaihd.net https://www.googletagmanager.com pixel.cdnwidget.com *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.criteo.com *.criteo.net *.heyday.ai docs.google.com *.googleadservices.com *.build.kaporal.net unpkg.com *.unpkg.com *.adobe.net *.adyen.com *.contentsquare.net www.google-analytics.com www.paypal.com *.googleapis.com https://commerce.adobedtm.com https://unpkg.com/@adobe/magento-storefront-event-collector@^1/dist/index https://unpkg.com/@adobe/magento-storefront-events-sdk@%5E1/dist/index.js https://magento-recs-sdk.adobe.net/v2/index.js www.paypalobjects.com *.paypal.com *.google.com *.shipup.co *.clarity.ms *.batch.com *.powerspace.com an.pwspace.com t.contentsquare.net contentsquare.com *.contentsquare.com *.pwspace.com *.social-media-system.com social-media-system.com *.sc-static.net sc-static.net api.social-media-system.com www.datadoghq-browser-agent.com https://analytics.tiktok.com *.vimeo.com *.avads.net *.snapchat.com *.affilae.com *.analytics.google.com *.raptorsmartadvisor.com *.raptorstatic.com az19942.vo.msecnd.net pay.google.com blob:;frame-src 'self' *;style-src 'self' 'unsafe-inline' *.amazonaws.com *.cdn.payline.com *.truefitcorp.com photorankstatics-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.googletagmanager.com *.build.kaporal.net *.b.kaporal.net *.googleapis.com *.paypal.com *.adyen.com *.google.com *.shipup.co *.kaporal.com *.heyday.ai *.sc-static.net *.avads.net *.analytics.google.com *.raptorstatic.com pay.google.com;img-src 'self' data: *.akamaihd.net *.amazonaws.com *.appsmiles.eu *.bing.com *.cdnwidget.com www.google.de www.google.pt adservice.google.com www.google.fr www.google.be *.cloudfront.net *.eu-west-3.amazonaws.com *.facebook.com *.kaporal.com *.doubleclick.net googleads.g.doubleclick.net *.kaporal.net *.cdn.payline.com *.pinterest.com *.truefitcorp.com data.photorank.me photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.google.com *.google.fr *.adnxs.com *.criteo.com *.criteo.net *.heyday.ai *.build.kaporal.net *.adyen.com *.pubmatic.com *.analytics.yahoo.com *.yahoo.com *.emxdgt.com *.ad.smaato.net *.mediavine.com *.stickyadstv.com *.ivitrack.com *.sharethrough.com *.omnitagjs.com *.adform.net *.media.net *.teads.tv *.360yield.com *.casalemedia.com *.3lift.com *.smartadserver.com *.taboola.com *.outbrain.com *.tremorhub.com *.ads.yieldmo.com *.rubiconproject.com *.liadm.com *.googleapis.com *.gstatic.com www.paypalobjects.com www.paypal.com *.paypal.com *.shipup.co *.onestock-retail.com *.bidswitch.net *.advertising.com *.rlcdn.com googletagmanager.com s.ad.smaato.net *.mgid.com tbs.tradedoubler.com *.clarity.ms *.batch.com *.powerspace.com public-prod-dspcookiematching.dmxleo.com i.liadm.com criteo-partners.tremorhub.com www.img-static.com r.phywi.org *.contentsquare.net *.contentsquare.com www.googletagmanager.com *.googletagmanager.com *.sc-static.net sync-criteo.ads.yieldmo.com *.vimeo.com *.google-analytics.com *.avads.net id5-sync.com *.yieldlab.net *.criteo.com *.demdex.net *.krxd.net *.thebrighttag.com *.affilae.com *.analytics.google.com pay.google.com *.yahoo.net *.postrelease.com *.raptorstatic.com www.googletagmanager.com;font-src 'self' data: *.kaporal.com *.cdn.payline.com *.truefitcorp.com maxcdn.bootstrapcdn.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com *.shipup.co *.heyday.ai *.sc-static.net *.amazonaws.com *.analytics.google.com pay.google.com;connect-src 'self' *.abtasty.com *.akamaihd.net *.appsmiles.eu *.facebook.com www.google.de www.google.pt adservice.google.com www.google.fr www.google.be *.google-analytics.com *.googleapis.com *.payline.com *.payments-amazon.com *.truefitcorp.com https://graph.facebook.com https://photorankmedia-a.akamaihd.net https://z1photorankmedia-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.doubleclick.net *.g.doubleclick.net *.heyday.ai *.bing.com *.cdnwidget.com *.cdnbasket.net *.kaporal.com *.onestock-retail.com notifpush.com *.clarity.ms www.clarity.ms *.criteo.com *.batch.com *.powerspace.com *.contentsquare.net *.contentsquare.com *.sc-static.net *.snapchat.com *.social-media-system *.pwspace.com api.social-media-system.com www.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.vimeo.com https://analytics.tiktok.com *.build.kaporal.net *.adyen.com *.adobedc.net www.sandbox.paypal.com sslwidget.criteo.com https://commerce.adobedc.net/collector/tp2 https://commerce.adobe.io www.paypalobjects.com www.paypal.com *.paypal.com *.avads.net *.analytics.google.com pay.google.com google.com *.raptorsmartadvisor.com *.raptorstatic.com *.google.com ;base-uri 'self';media-src 'self' data: *.build.kaporal.net *.b.kaporal.net *.p.kaporal.net *.kaporal.com;report-uri /csp/report 1
frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-5c1c13e03ce3ddd6991870b51b0e8d2d' 'nonce-a184399e7d0f281f2a9c5ee912c8239c' 'nonce-7cc3274553c244094a61dafa2613c809' 'nonce-d81029683dab54f60563288b8623f51c' 'nonce-5faabaceeee780d605906034572c67c6' 'nonce-214222c17961e834f7f4a28516dbeea5' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-5c1c13e03ce3ddd6991870b51b0e8d2d' 'nonce-a184399e7d0f281f2a9c5ee912c8239c' 'nonce-7cc3274553c244094a61dafa2613c809' 'nonce-d81029683dab54f60563288b8623f51c' 'nonce-5faabaceeee780d605906034572c67c6' 'nonce-214222c17961e834f7f4a28516dbeea5' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.google-analytics.com *.msecnd.net *.brightcove.net *.twitter.com *.zencdn.net *.twimg.com *.issuu.com;  style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com;  img-src 'self' data: *.google.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twitter.com *.twimg.com;  font-src 'self' data:;  connect-src 'self' manifest.prod.boltdns.net *.doubleclick.net *.visualstudio.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.google-analytics.com *.akamaihd.net;  frame-src 'self' *.twitter.com *.issuu.com;  media-src blob:; object-src 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none' 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
frame-ancestors https://*.cloudfront.net https://*.streavent.de https://*.dwa.de https://*.dwa-bayern.de https://*.dwa-bw.de https://*.dwa-hrps.de https://*.dwa-mitte.de https://*.dwa-nord.de https://*.dwa-no.de https://*.dwa-nrw.de https://*.dwa-st.de https://*.gfa-news.de 1
default-src 'self' *.google-analytics.com *.c-budejovice.cz https://chatbot-chetty.bubbleapps.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wbtrk.net cdnjs.cloudflare.com *.gstatic.com *.google-analytics.com player.wowza.com www.googletagmanager.com *.hotjar.com *.x.com *.twitter.com https://artificialsuperlatency.blob.core.windows.net/datastore/Chetty/chettyscript.js https://geid.wbtrk.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.cloudflare.com https://artificialsuperlatency.blob.core.windows.net/datastore/Chetty/chettystyles.css; img-src 'self' cbudejovice01.webtrekk.net fbc.wcfbc.net *.googletagmanager.com; frame-src 'self' *.hotjar.com  *.pesweb.cz *.c-budejovice.cz *.facebook.com *.twitter.com *.x.com *.jwplayer.com *.youtube.com https://chetty.ai; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; connect-src 'self' in.hotjar.com *.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://*.estratraining.it 1
default-src 'self' data: 'sha256-wJOL4ABbdtljPOwmtmY4U8xp5eI9bSAq+wVNc9yPitU='; 1
frame-ancestors 'self' infopoint.kastner.local infopoint.kastner.at *.kastner.at *.biogast.at 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com static.hotjar.com sc-static.net connect.facebook.net embed.tawk.to *.google-analytics.com *.paypal.com script.hotjar.com ajax.googleapis.com ws.colissimo.fr api.mapbox.com *.axept.io *.tawk.to cdn.jsdelivr.net *.matomo.cloud *.googleapis.com *.snapchat.com *.youtube.com landing.ls.skeepers.io googleads.g.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googleadservices.com *.googlesyndication.com;frame-src 'self' *.snapchat.com vars.hotjar.com *.google.fr *.facebook.com *.tawk.to *.youtube.com *.calameo.com *.vimeo.com td.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' tagmanager.google.com api.mapbox.com ws.colissimo.fr embed.tawk.to cdn.jsdelivr.net fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googletagmanager.com;img-src 'self' data: tr.snapchat.com *.facebook.com *.google.fr *.google.com *.onyourmap.com ws.colissimo.fr *.mapbox.com axeptio.imgix.net *.tawk.to cdn.jsdelivr.net tawk.link script.hotjar.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.be favicons.axept.io googleads.g.doubleclick.net spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.terreseteaux.fr *.mux.com;font-src 'self' data: ws.colissimo.fr *.tawk.to fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net github.com fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com *.mux.com;connect-src 'self' *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne in.hotjar.com stats.g.doubleclick.net ws.colissimo.fr *.hotjar.io *.axept.io tr.snapchat.com *.hotjar.com *.tawk.to wss://*.tawk.to wss://*.hotjar.com api.sandbox.getalma.eu api.getalma.eu maps.googleapis.com terreseteaux.matomo.cloud *.facebook.com *.analytics.google.com *.google.com *.snapchat.com *.googlesyndication.com spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.mux.com *.litix.io stream.mux.com *.skeepers.io googleads.g.doubleclick.net *.googleadservices.com *.google.fr;base-uri 'self';media-src 'self' data: *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com stream-mux.com *.mux.com blob:;report-uri /csp/report;form-action secure.payzen.eu *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com;style-src 'self' 'unsafe-inline'; 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
frame-ancestors *.carkeys.co.uk 1
base-uri 'none';child-src 'none';connect-src 'self' https://graphql-listen.datocms.com https://vitals.vercel-insights.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.mainnet.aptoslabs.com https://*.testnet.aptoslabs.com https://*.devnet.aptoslabs.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors https://cms.aptosfoundation.org https://plugins-cdn.datocms.com;frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://live.eventtia.com;img-src 'self' data: https://media.aptosfoundation.org https://aptosfoundation-proxy.imgix.net https://*.googleusercontent.com https://pbs.twimg.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://track.hubspot.com https://*.hsforms.com https://*.mainnet.aptoslabs.com https://*.testnet.aptoslabs.com https://*.devnet.aptoslabs.com;manifest-src 'self';media-src 'self' https://video.twimg.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://va.vercel-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-scripts.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1
default-src: none; 1
default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://embed.podcasts.apple.com https://w.soundcloud.com https://playlist.megaphone.fm; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com 'unsafe-inline' 'nonce-WQHxJghYgHmW1ZW8zVnVDA=='; style-src 'self' 'unsafe-inline' 1
none 1
default-src 'self' challenges.cloudflare.com *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud; frame-src 'self' challenges.cloudflare.com *.microsoftonline.com *.powerbi.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' px.ads.linkedin.com challenges.cloudflare.com *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com js.hsforms.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' px.ads.linkedin.com challenges.cloudflare.com data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' snap.licdn.com challenges.cloudflare.com *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' challenges.cloudflare.com *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=CSrelvJVFKZtDoUcrgbyKhMKm4DBBPpJcdaR8h1wZP/5zjHodNdgeQ== 1
default-src 'self'; img-src *; media-src * data:;, default-src 'self'; img-src *; media-src * data:; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 1
report-uri //report-csp-violation 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; object-src *; media-src *; frame-src *; worker-src *; child-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors https://*.portaltemponovo.com.br 1
upgrade-insecure-requests; default-src 'self'; base-uri 'none'; connect-src 'self' *.amazonaws.com https://api.ldnfrpl.com https://api.leadinfo.com https://*.leadinfo.net wss: *.web-vision.de; font-src 'self'; form-action 'self'; frame-ancestors 'self' https://*.leadinfo.net; frame-src 'self' *.web-vision.de *.leadinfo.net *.leadinfo.com www.google.com; img-src 'self' https: data: 'unsafe-inline' https://*.leadinfo.net https://*.leadinfo.net maps.googleapis.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval' *.web-vision.de/typo3* https://*.leadinfo.net maps.googleapis.com *.web-vision.de; style-src 'self' data: https: 'unsafe-inline' https://*.leadinfo.net; worker-src blob; 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.googletagmanager.com https://td.doubleclick.net;img-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32 https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self' https://*.clarity.ms https://c.bing.com https://www.google.com 'unsafe-inline';style-src 'self' 'nonce-lopwzBI+B6T1FNhiAhku+lwkOjI6gmdby9Dcn7OV0k4=' https://www.gstatic.com;img-src * 'self' data: https: https://www.gstatic.com;object-src 'none';frame-ancestors 'none';sandbox allow-forms allow-same-origin allow-scripts allow-downloads allow-popups;base-uri 'self';script-src 'self' 'unsafe-inline' 'nonce-lopwzBI+B6T1FNhiAhku+lwkOjI6gmdby9Dcn7OV0k4=' 'sha256-kHb9IgtqKl2dZLDx7+YeW7Se1+DGF3pFHdB6SMV3mEg=' https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/utils.js https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag https://www.google-analytics.com/ https://www.googletagmanager.com/gtag/js https://www.clarity.ms/ https://www.clarity.ms/tag/ ;frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.clarity.ms/tag/ ;connect-src 'self' https://www.google-analytics.com/ https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://clarity.ms/ https://*.clarity.ms/ ; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://shop.bioeg.de/ https://vrweb15.linguatec.org; img-src 'self' data: blob: https://piwik.bzga.de/ https://shop.bioeg.de/ https://tools.gesund.bund.de; script-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://tools.gesund.bund.de youtube.com www.youtube.com www.youtube-nocookie.com; font-src 'self' data: https://tools.gesund.bund.de; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' https://piwik.bzga.de/ https://vrweb15.linguatec.org https://fonts.openmaptiles.org; frame-src 'self' *.frcapi.com youtube.com www.youtube.com www.youtube-nocookie.com 1
default-src 'self' *.timeavenue.ru;                    script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://mc.yandex.ru https://mc.yandex.com https://yastatic.net *.bitrix24.ru *.bitrix24.com *.jivosite.com https://googletagmanager.com *.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://connect.facebook.net *.roistat.com https://api-maps.yandex.ru https://*.maps.yandex.net *.maps.yandex.net https://ajax.googleapis.com https://web.redhelper.ru *.google-analytics.com https://ipinfo.io https://geocode-maps.yandex.ru;                    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.bitrix24.ru https://web.redhelper.ru *.roistat.com data: blob:;                    font-src 'self' data: https://fonts.gstatic.com;                    img-src 'self' https: data: https://mc.yandex.ru;                    frame-src 'self' blob: *.web-creator.com https://securepay.rsb.ru https://www.facebook.com https://www.youtube.com *.bitrix24.ru *.bitrix24.com https://web.redhelper.ru https://docs.google.com https://yandex.ru https://mc.yandex.com https://api-maps.yandex.ru;                    connect-src 'self' *.web-creator.com https://mc.yandex.ru https://bitrix.info *.bitrix24.ru *.bitrix24.com *.jivosite.com https://*.jivo.ru wss: https://www.facebook.com *.timeavenue.ru *.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.com https://api-maps.yandex.ru https://*.maps.yandex.net;                    object-src 'self' *.web-creator.com https://docs.google.com;                    frame-ancestors 'self' *.web-creator.com http://webvisor.com; 1
default-src https: data:; frame-src https: data:; base-uri 'self'; font-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; connect-src https: blob:; media-src 'self' blob:; child-src 'self' blob:; form-action 'self'; object-src 'self' 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://translate-pa.googleapis.com/v1/translateHtml https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1
default-src data: https: http:;script-src 'self' resource://pdf.js/ 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'unsafe-inline' https: http: blob:;object-src 'self' blob:;img-src 'self' https://*.everesttech.net https://dhlcom.d3.sc.omtrdc.net/ data: blob:;connect-src blob: 'self' https://*.demdex.net https://*.dhl.com https://*.video-cdn.net https://*.hereapi.com https://*.usetiful.com https://*.dpdhl.com;worker-src blob: 1
frame-ancestors 'none'; upgrade-insecure-requests; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.affirm.com *.app-us1.com *.bing.com *.clarity.ms *.doubleclick.net *.files-text.com *.fontawesome.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.typekit.com *.venmo.com *.visualwebsiteoptimizer.com *.youtube.com ccint.activehosted.com cdn.ckeditor.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net i.ytimg.com stackpath.bootstrapcdn.com trackcmp.net unpkg.com www.facebook.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com  https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com https://cdn.ckeditor.com https://static.cloudflareinsights.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com https://*.sentry.io https://*:9090; font-src 'self' https://*.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src *; img-src 'self' https://*.google-analytics.com data:;; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.smooch.io https://*.sentry.io https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://cdn.jsdelivr.net 'nonce-n96XE0aAll7IEA4O6NCDBQ=='; style-src 'self' 'unsafe-hashes' 'unsafe-eval' https://cdn.jsdelivr.net https://*.googleapis.com 'nonce-n96XE0aAll7IEA4O6NCDBQ=='; upgrade-insecure-requests 1
default-src 'self'; \
    script-src 'self' https://ajax.googleapis.com; \
    img-src 'self' https://ssl.google-analytics.com 1
default-src  'self' *.fg.cz localhost localhost-promo;font-src  'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src  'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com *.clarity.ms *.facebook.com *.seznam.cz;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz *.clarity.ms;form-action  'self' *.fg.cz *.facebook.com;frame-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;worker-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;frame-ancestors  'self' *.fg.cz;img-src  'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz *.clarity.ms *.bing.com;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src  'self' *.fg.cz 1
frame-src 'self' https://ep2.adtrafficquality.google https://cdn.affinipay.com https://calendly.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://tpc.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://images.tryascend.com https://www.youtube.com; img-src * 'self' blob: data:; 1
default-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com recognitionapi.asdastars.com; img-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com recognitionapi.asdastars.com data:; object-src 'none'; frame-ancestors ; base-uri 'self'; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 http://127.0.0.1:3000 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de https://staging.bptk.de https://staging-api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de http://www.youtube.com/iframe_api https://www.youtube.com;style-src 'self' 'unsafe-inline'; 1
frame-ancestors https://*.ptc.com https://livesocial.seismic.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com https://support.rockwellautomation.com 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com cdnjs.cloudflare.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com *.jwplayer.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js; img-src 'self' data: http://fasadeu.public80.prekdemo.se/ https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' data: ; frame-src 'self' data: ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js https://jwgcv-zgph.maillist-manage.net/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z3bb553a28bf9b6355af3365287fbd01316130673a7be55e2021a8d41b198ffc6&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fsorteio-2%2F https://jwgcv-zgph.maillist-manage.net/ua/* https://jwgcv-zgph.maillist-manage.net/* https://*.maillist-manage.net/* https://jwgcv-zgph.maillist-manage.net/js/dig.js https://ma.zoho.com/js/zc.iframe.js https://maillist-manage.net/ua/TrailEvent?callback=processData&category=updImpression&signupFormIx=3z2b1cad771d6eaeaeb0e2bbf505315985402081f71c4ab3fe1d5eae7d868d04a0&trackingCode=ZCFORMVIEW&action=impression&orgId=3z8781ce729168d79b5c42fdd2785596d8db2e0bf942561fa5e4cecebb6f9cb533&actId=3z4f744b06beaf81bbb0cf226b686d2fdf5f03a74ecf6a3bdd4ddcc94c7f8993e0&custId=3z4f744b06beaf81bbb0cf226b686d2fdfd44ab791b6f2fc3d92b6e7ae4d095678&zx=134d43161&visitorType=0 https://jwgcv-zgpvh.maillist-manage.net/js/dig.js https://jwgcv-zgpvh.maillist-manage.net/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z2b1cad771d6eaeaeb0e2bbf505315985402081f71c4ab3fe1d5eae7d868d04a0&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fcongresso-go%2F%3Fpreview_id%3D27395%26preview_nonce%3D7d6f981372%26preview%3Dtrue&ref=https%3A%2F%2Fmedgrupo.com.br%2Fwp-admin%2Fpost.php%3Fpost%3D27395%26action%3Delementor https://jwgcv-cmpzourl.maillist-manage.com/ua/TrailEvent?category=update&action=view&trackingCode=ZCFORMVIEW&viewFrom=URL_ACTION&zx=134d43161&signupFormIx=3z8499bd93ca6649db7c77441daa4d7f1887e91940131bcae0f8525c055ec1b426&zcvers=3.0&source=https%3A%2F%2Fmedgrupo.com.br%2Fzoho%2F%3Fpreview_id%3D26836%26preview_nonce%3D69265c5d3c%26preview%3Dtrue&ref=https%3A%2F%2Fmedgrupo.com.br%2Fzoho%2F%3Fpreview_id%3D26836%26preview_nonce%3D69265c5d3c%26preview%3Dtrue https://jwgcv-cmpzourl.maillist-manage.com/js/dig.js https://jwgcv-cmpzourl.maillist-manage.com/* https://ma.zoho.com/js/optin.min.js https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.gstatic.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://cdn.jsdelivr.net https://code.jquery.com/ https://cdnjs.cloudflare.com/; img-src 'self' data: https://jwgcv-zgph.maillist-manage.net/images/spacer.gif https://*.maillist-manage.net/images/* https://*.zoho.com/* https://campaigns.zoho.com/images/challangeiconenable.jpg https://jwgcv-zgpvh.maillist-manage.net/images/spacer.gif https://campaigns.zoho.com/images/challangeiconenable.jpg https://campaigns.zoho.com/images/videoclose.png https://ma.zoho.com/images/videoclose.png https://ma.zoho.com/images/challangeiconenable.jpg https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://www.google.com.br/* https://code.jquery.com/* https://cdnjs.cloudflare.com/*; object-src 'self' data: https://*.maillist-manage.net/ https://jwgcv-cmpzourl.maillist-manage.com/* https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://code.jquery.com/ https://cdnjs.cloudflare.com/; frame-src 'self' data: https://*.maillist-manage.net/ https://jwgcv-cmpzourl.maillist-manage.com/* https://*.zoho.com/* https://www.google.com.br/ https://medgrupo.com.br/* https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json https://code.jquery.com/ https://cdnjs.cloudflare.com/; 1
default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
default-src 'self'; script-src 'self'; includeSubDomains; preload 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://dev.visualwebsiteoptimizer.com  https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://app.vwo.com https://cdn.harvest.graindata.com https://a.omappapi.com https://api-engage-eu.sitecorecloud.io https://*.cloudfront.net;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com https://a.omappapi.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://a.omappapi.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com https://static.cloud.coveo.com https://staticdev.cloud.coveo.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com https://api-engage-eu.sitecorecloud.io;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;manifest-src 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;upgrade-insecure-requests;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/enforce; 1
base-uri 'self'; child-src 'self'; frame-src 'self'; connect-src 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=X1II7Dbm52hub6almyi9qR3OLvSbfbLxSLyjFj3iO3eYlrRhxE3qDv5ie8Dmt%2BHoQWPjzoWU%2BJxl6y5eN6K%2ByA%3D%3D; 1
default-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.un.org; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com cdn.jsdelivr.net *.un.org; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' *.google-analytics.com *.google.it *.googletagmanager.com data:;; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com *.un.org unitednations.sharepoint.com cdnapisec.kaltura.com; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com unitednations.sharepoint.com cdnapisec.kaltura.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' *.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1
default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline' https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://service.force.com; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://static.lightning.force.com https://*.salesforceliveagent.com 'self' 'unsafe-eval' 'nonce-3baf786c1d79487c816fef061c956cc6'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.newforma.com/ https://bimtrack.co https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://service.force.com/ 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://konekt.help.newforma.com https://storbtqa.blob.core.windows.net/staticcontentcontainer/ https://www.newforma.com data: https://bt03storage.blob.core.windows.net/; 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-31e47e370dadc331d26c02bb59039d0a' 'nonce-d1451e7f61c0a9639341b2f420df4529' 'nonce-09e67ceeacc50e09053cac0fe6780fcb' 'nonce-e8b25f3fb26e52b1bc72ab8762d44aa3' 'nonce-ee1d0524bb96174d8f1e3a2192585369' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-31e47e370dadc331d26c02bb59039d0a' 'nonce-d1451e7f61c0a9639341b2f420df4529' 'nonce-09e67ceeacc50e09053cac0fe6780fcb' 'nonce-e8b25f3fb26e52b1bc72ab8762d44aa3' 'nonce-ee1d0524bb96174d8f1e3a2192585369' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl https://stsdboneprod.blob.core.windows.net/  https://stsdboneacc.blob.core.windows.net/  https://stsdbonetest.blob.core.windows.net/ https://esm.sh/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js https://esm.sh/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1
frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1
default-src 'self'; img-src 'self' cdnmedia.endeavorsuite.com cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com cdnmedia.endeavorsuite.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1
frame-ancestors https://*.geotab.com https://*.actsoft.com 'self' 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
default-src 'self' 'unsafe-inline' https://adservice.google.com https://www.googleadservices.com/ https://cdn.jsdelivr.net https://*.pype.tech/ https://bam.nr-data.net/ https://*.linkedin.com/ https://measurement-api.criteo.com https://google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.launchdarkly.com/ https://*.onetrust.com https://cdn.cookielaw.org/ https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://google.com https://www.facebook.com https://my.matterport.com https://*.clarity.ms  https://*.googlesyndication.com 'self' https://maps.googleapis.com/ https://business-api.tiktok.com/ https://analytics.tiktok.com/ https://*.clarity.ms/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.pype.tech https://business-api.tiktok.com/ https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://*.criteo.net https://*.vimeocdn.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://*.facebook.net https://www.googleadservices.com https://*.clarity.ms/ https://*.googlesyndication.com https://analytics.tiktok.com/ https://*.vimeo.com https://rules.quantcount.com https://secure.quantserve.com https://snap.licdn.com https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.net https://use.fontawesome.com https://*.pypest; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://related.my.salesforce-sites.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com https://www.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com www.youtube.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; media-src www.youtube-nocookie.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1
default-src charlesstanley.sjv.io utt.impactcdn.com *.responsetap.com *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; script-src utt.impactcdn.com *.googleapis.com *.responsetap.com *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; connect-src 'self' charlesstanley.sjv.io *.google-analytics.com *.onetrust.com wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com https://bat.bing.com/; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com https://bat.bing.com/ * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1
default-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com develop-ms-business.immodvisor.digital ms-business.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital; block-all-mixed-content; connect-src https://mato.immodvisor.com https://*.immodvisor.com https://develop-ms-business.immodvisor.digital https://ms-business.immodvisor.com http://localhost https://localhost https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha/api2/clr www.google.com/recaptcha/api/siteverify *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; font-src 'self' fonts.gstatic.com *.immodvisor.doc *.immodvisor.digital; frame-src 'self' www.youtube.com www.dailymotion.com geo.dailymotion.com my.matterport.com public-site-wp.immodvisor.com https://www.google.com *.immodvisor.doc *.immodvisor.digital; img-src 'self' data: public-site-wp.immodvisor.com placehold.co secure.gravatar.com public-staging.immodvisor.com develop-www.immodvisor.digital http://localhost:8080 staging-pro-photo.s3.rbx.io.cloud.ovh.net pro-photo.s3.rbx.io.cloud.ovh.net *.tile.openstreetmap.org tile.openstreetmap.org *.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com *.youtube.com; script-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com www.immodvisor.com immodvisor.com develop-ms-business.immodvisor.digital www.gstatic.com www.google.com *.immodvisor.doc *.immodvisor.digital cdn-cookieyes.com 'nonce-cQGM6luqz2H4SjRNfGQVPw=='; style-src 'self' 'unsafe-inline' public-site-wp.immodvisor.com *.immodvisor.doc *.immodvisor.digital; upgrade-insecure-requests 1
default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.bing.com *.clarity.ms *.tiktok.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net https://www.googletagmanager.com; connect-src * data: 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net dc.services.visualstudio.com oss.maxcdn.com *.fastway.org *.fastway.co.nz *.fastwayenquiries.com www.fastwayfms.com *.api.fastway.org *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com  *.gstatic.com https://*.googleusercontent.com *.googleusercontent.com *.google.com googleadservices.com youtube.com *.fastway.com.au https://*.messagebird.com localhost:44399 wss://localhost:44399; 1
default-src 'self'; img-src 'self'; media-src 'self' data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.bazaarvoice.com/ http://nexus.ensighten.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://www.gstatic.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://mpsnare.iesnare.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://*.list-manage.com/ https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.paypalobjects.com/ https://s.pinimg.com/ https://assets.pinterest.com/ https://ct.pinterest.com/ https://log.pinterest.com/ https://*.stripe.com/ https://tags.srv.stackadapt.com/ https://static.addtoany.com/; img-src 'self' data: https://www.paypalobjects.com/ https://*.pinterest.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://www.darigold.com/ https://*.bazaarvoice.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://*.choozle.com/ https://tags.bluekai.com/ https://match.adsrvr.org/track/ https://idsync.rlcdn.com/ https://cm.g.doubleclick.net/ https://segments.company-target.com/ https://*.googletagmanager.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://where-to-buy.co/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/ https://static.addtoany.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://where-to-buy.co/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/ https://static.addtoany.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/; 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee arensburg.ee www.iaa.ie kliimaministeerium.ee konkurents.ee laaneharju.ee images.marinetraffic.com www.konkurents.ee www.google.com.af www.lngconference.eu www.upf-group.dk www.cruiseeurope.com tentea.ec.europa.eu www.google.as www.google.com.et www.google.cf www.google.com.tj www.google.com.om www.google.co.ck www.google.co.zm kit.fontawesome.com ka-p.fontawesome.com; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
default-src 'self'; style-src 'unsafe-inline' 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitkainsights.com/ https://*.newrelic.com/ https://*.youtube.com/ https://*.google.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://*.recyclecoach.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://*.google-analytics.com/ https://*.googleapis.com/; img-src 'self' data: https://*.youtube.com/ https://*.ytimg.com/ https://*.twimg.com/ https://*.xx.fbcdn.net/ https://*.cdninstagram.com/ https://*.ggpht.com/ https://*.recyclecoach.com/ https://*.tableau.com/ https://*.googletagmanager.com/ https://*.zscloud.net/ https://*.gstatic.com/ https://*.google.com/; object-src 'self' data: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net; frame-src 'self' data: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net; 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing https://www.freecontent.stream wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-sXGgsZin4h7sQ4EcqK1HUw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.technipenergies.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://d3js.org https://*.ten.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com https://d3js.org; img-src 'self' data: *; frame-src 'self' https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com https://tools.eurolandir.com https://fr.zone-secure.net https://*.ten.com https://*.technipenergies.com https://sdk.companywebcast.com; frame-ancestors 'self' https://*.ten.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com; report-uri /report-csp-violation 1
default-src 'none'; frame-ancestors 'self'; frame-src 'self' https://challenges.cloudflare.com/ https://forms.office.com https://www.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com/ https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' data: https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://challenges.cloudflare.com/ https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; manifest-src 'self'; base-uri 'none'; form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; frame-ancestors 'self' 1
default-src 'self';block-all-mixed-content ;connect-src 'self' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.zopim.com *.zdassets.com wss://* 'self' *.google-analytics.com goedapotheek.zendesk.com *.doubleclick.net *.zendesk.com *.hotjar.io *.hotjar.com *.googleapis.com *.cookiehub.net zendesk-eu.my.sentry.io www.google.be maps.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com https://analytics.goed.be pagead2.googlesyndication.com goed.containers.piwik.pro goed.piwik.pro tr.outbrain.com api-eu1.hubapi.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.zopim.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.zopim.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.be *.facebook.com secure.adnxs.com *.zendesk.com *.goed.be *.hotjar.com *.outbrain.com www.surplusgezondheid.be tr.outbrain.com www.blabla.be i.ytimg.com www.thuiszorgwinkel.be www.google.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net track-eu1.hubspot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.zopim.com *.google-analytics.com *.google.com *.cookiehub.net static.zdassets.com cookiehub.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.cookiehub.net cookiehub.net;report-uri /csp/violation/report;frame-src www.youtube.com *.vimeo.com www.google.com clementineweb.azurewebsites.net *.jotform.com *.jotformeu.com optimize.google.com *.facebook.com *.actito.com *.hotjar.com *.testyourhearing.com www.goed.be www.yumpu.com form.jotformeu.com form.jotform.com submit.jotformeu.com mozbar.moz.com www3.actito.com loremipsum.io www.google.be www.hln.be eur03.safelinks.protection.outlook.com www.testyourhearing.com https://bid.g.doubleclick.net td.doubleclick.net https://my.3-dee.be/tour/goed https://share-eu1.hsforms.com www.googletagmanager.com email.goed.be;media-src static.zdassets.com *.goed.be www.goed.be;script-src-elem *.googleapis.com *.zopim.com *.zdassets.com data connect.facebook.net trk.adbutter.net *.hotjar.com *.googleoptimize.com *.cookiehub.net cookiehub.net www.googleoptimize.com players.yumpu.com static.hotjar.com amplify.outbrain.com www.youtube.com tr.outbrain.com js-eu1.hs-scripts.com/145712486.js js-eu1.hs-analytics.net js-eu1.hsadspixel.net js-eu1.hs-banner.com 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.google.com static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src-elem fonts.googleapis.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline' *.google.com 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com https://global.frcapi.com/; 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.soundcloud.com https://forms.office.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.tiktok.com https://*.doubleclick.net https://widget.tablefever.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com https://*.google.be https://*.google.nl; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-IqhfsaLqfG6cQL2A3f3mcw=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self'; script-src *.corp *.parceirosantander.com.br https://fve.paas.santanderbr.pre.corp *.santander.com.br *.go-mpulse.net go-mpulse.net https://s.go-mpulse.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googleoptimize.com 'self' 'unsafe-inline' https:; style-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' 'unsafe-inline'; child-src *.corp *.parceirosantander.com.br *.santander.com.br 'self'; img-src *.corp *.parceirosantander.com.br *.santander.com.br https://*.akstat.io 'self' data:; connect-src *.corp *.parceirosantander.com.br *.bs.br.bsch *.blob.core.windows.net *.santander.com.br https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://www.google.com 'self'; object-src 'self' blob:; media-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' blob:; frame-src https://www.google.com *.corp *.parceirosantander.com.br *.santander.com.br 'self'; font-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' data:; frame-ancestors 'self' https://www.google.com *.corp *.parceirosantander.com.br *.santander.com.br 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self'; img-src * 1
report-to 'self' ; child-src 'self'  'unsafe-inline' self; connect-src 'self'  'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self'  'unsafe-inline'  self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  'unsafe-inline'  self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  'unsafe-inline'  blob:; 1
default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1
frame-ancestors 'self' https://*.lovevite.com 1
default-src 'self' blob:; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self' https://md-scp.kampyle.com;upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://*.worldpay.com https://*.lowell.co.uk https://lowell.co.uk https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://optimize.google.com  https://*.decibelinsight.net https://*.decibelinsight.com https://pay.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://bat.bing.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://widget.trustpilot.com https://www.youtube.com api.reciteme.com events.reciteme.com linguistics.reciteme.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.lowell.co.uk https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://stats.g.doubleclick.net https://google.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com wss://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://ubt-lb.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://ubt-lb.digital-cloud.medallia.com https://uk.cc.avayacloud.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://noembed.com https://cdn.plyr.io https://api.reciteme.com https://events.reciteme.com;frame-ancestors https://*.cardinalcommerce.com https://applepay.cdn-apple.com https://*.lowell.co.uk https://lowell.co.uk https://www.fisglobal.com https://pay.google.com https://*.lowellgroup.co.uk;style-src 'self' 'unsafe-inline' https://*.lowell.co.uk https://lowell.co.uk https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://resources.digital-cloud-uk.medallia.eu https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://googletagmanager.com api.reciteme.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com  https://*.lowell.co.uk https://lowell.co.uk https://*.google-analytics.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com  https://www.facebook.com https://connect.facebook.net data: https://bat.bing.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://i.ytimg.com https://tools.applemediaservices.com https://toolbox.marketingtools.apple.com api.reciteme.com;object-src data: 'unsafe-eval' https://*.lowell.co.uk;frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://*.doubleclick.net https://optimize.google.com https://www.googletagmanager.com https://*.lowell.co.uk/ https://*.lowellgroup.co.uk https://pay.google.com app.vwo.com *.visualwebsiteoptimizer.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://www.youtube.com https://widget.trustpilot.com;font-src 'self' https://*.lowell.co.uk https://lowell.co.uk https://fonts.gstatic.com https://fonts.googleapis.com https://applepay.cdn-apple.com data: https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://td.doubleclick.net api.reciteme.com;worker-src 'self' https://*.decibelinsight.net wss://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.com blob:;media-src https://mpsnare.iesnare.com data: api.reciteme.com; 1
default-src 'self' data:; block-all-mixed-content; connect-src http: https: ws: blob: 'self' *.tinymce.com *.tiny.cloud blob:; font-src 'self' data: fonts.gstatic.com *.tinymce.com *.tiny.cloud *.fontawesome.com; img-src 'self' data: http: https: *.tinymce.com *.tiny.cloud data: blob:; script-src 'self' 'unsafe-inline' js-agent.newrelic.com static.zdassets.com *.zendesk.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com *.posthog.com *.tinymce.com *.tiny.cloud 'nonce-HfRN1I6sEkdtLKRww0jtUQ=='; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com *.tinymce.com *.tiny.cloud; upgrade-insecure-requests 1
frame-ancestors 'self' http://pudtoday http://prointnet 1
allow ‘self’; 1
default-src https://*.google-analytics.com https://*.googletagmanager.com; block-all-mixed-content; connect-src 'self' https://*.google.com https://*.googlesyndication.com https://*.google-analytics.com https://*.facebook.com https://*.sentry.io; font-src 'self'; frame-src https://www.youtube.com https://calendly.com https://www.montareturns.com https://www.googletagmanager.com https://td.doubleclick.net https://*.facebook.com https://view.publitas.com; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://www.mollie.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.googlesyndication.com https://*.facebook.com; manifest-src 'self'; object-src https://www.youtube.com; script-src 'self' https://www.youtube.com https://*.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.net https://*.facebook.com https://browser.sentry-cdn.com 'nonce-f0bugDXYakt8xMrttzFmxg=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.be https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.youtube.be https://*.youtu.be https://www.youtube-nocookie.com https://*.snapchat.com https://*.vimeo.com https://*.spotify.com; block-all-mixed-content; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; img-src data: 'self' https://placeholder.inventis.be https://*.googletagmanager.com https://*.google-analytics.com https://fonts.gstatic.com https://*.google.com https://*.google.be https://*.ytimg.com https://i.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.scdn.co https://*.youtube.com https://*.youtube.be https://*.snapchat.com https://i.vimeocdn.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js 'nonce-8+HY3VT51SddcOMnUQGc6A=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://app.signageful.com 1
img-src * data: 1
script-src 'nonce-r5PKjsEZL6RJpcWbnOQR/t8kwwY=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-YWMwYzVmOGI1Y2E2ZWI4YzE4YmQ2OGZkNjhhNTRiNjg1MGU2MWU1YmQ4ZTU5ODQwZmJhMTIwOGEzNDRhZTFhN2ZlMzUzZDNlOTIwM2YwMjJlNDYwZjJmOTA1NGQwNGJkZjdkOTdmNTNlODgyZmRhNTRhM2NiOGQ4NGU3ODVmYjI=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com www.googleadservices.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-eval' https://*.app.cookieinformation.com https://siteimproveanalytics.com https://*.mouseflow.com https://www.youtube.com 'nonce-10d8c5ab88fa4b7a88d516207f8b3adc809270137f1141dd999b67b8e9f4687c4ad67569d5fc4674b4ab1df10da27785'; frame-ancestors *.commentor.dk https://pensure.dk https://drb.bankdata.dk https://*.bankdata.dk https://*.jyskebank.dk https://*.pension.dk *.bec.dk http://pbuapp.ngrok.io https://portal.pfa.dk https://mit.pfa.dk https://mitpfa.dk https://www.industrienspension.dk https://Pka.dk https://Pbu.dk https://Lppension.dk *.danicapension.dk *.appension.dk *.pensure.dk https://mppension.dk *.pka.dk *.pbu.dk *.lppension.dk drb://drb.jyskebank.dk https://drb.jyskebank.dk https://localhost:44337/* https://akademikerpension.dk https://*.sydbank.dk https://*.almbrand.dk drb://drb.sydbank.dk drb://drb.almbrand.dk https://staging.pengeprofilen.dk https://min.pengeprofilen.dk https://app.kreditdata.dk *.mitotium.dk *.pensure.dk https://drb.nordfynsbank.dk drb://drb.nordfynsbank.dk https://drb.skjernbank.dk drb://drb.skjernbank.dk https://drb.djurslandsbank.dk drb://drb.djurslandsbank.dk https://drb.kreditbanken.dk drb://drb.kreditbanken.dk https://drb.landbobanken.dk drb://drb.landbobanken.dk https://drb.spks.dk drb://drb.spks.dk https://netpension.velliv.dk 1
frame-ancestors 'self' https://shopproxy.p-s-s.de ; style-src 'self' localhost:* https://fonts.googleapis.com  https://test.vr-pay-ecommerce.de  http://oxomi.com 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.sgwidget.com/; img-src 'self' data: https://secure.gravatar.com/; object-src 'self' data: ; frame-src 'self' data: ; 1
worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1
font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src 'self' 'unsafe-inline' https://www.youtube.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://themes.googleusercontent.com https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://www.biosafety.be/report-csp-violation 1
default-src 'self'; \
        script-src 'self' https://ajax.googleapis.com; \
        img-src 'self' https://ssl.google-analytics.com 1
allow 'self'; gtp.com.au 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com data-eu.purina.pl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.pl; report-uri /report-csp-violation 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://consentcdn.cookiebot.com https://open.spotify.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.weezevent.com https://docs.google.com https://cdn.jsdelivr.net https://licensing.bitmovin.com https://analytics-ingress-global.bitmovin.com https://d12sgur2q2of22.cloudfront.net/ blob:; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' https://consent.cookiebot.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-dCbSbkgzsqThp0HdJ9wSZg=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://cdn.jsdelivr.net; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1
urbanohio.com 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
default-src 'self' data: https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://i.ytimg.com https://images-secure.pixibox.com https://cdn.couponai.fr https://brands.click2buy.com https://analytics.clic2buy.com https://widget.clic2buy.com https://www.instagram.com https://instagram.com https://capig.stape.cloud https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com; font-src 'self' data: https://cloud.typography.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://widget.clic2buy.com https://widget.clic2drive.com https://clients.clic2drive.com https://brands.click2buy.com https://analytics.clic2buy.com https://assets.clic2buy.com https://www.youtube.com https://www.instagram.com https://maps.google.com/; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.elle-et-vire.com https://assets.clic2buy.com https://fonts.googleapis.com; report-uri /nelmio/csp/report 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl 1
X-Content-Security-Policy script-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://www.general-security.gov.lb 'unsafe-inline'; connect-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 1
default-src 'self'; base-uri 'none'; connect-src https: https://www.googletagmanager.com https://tagassistant.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://privacy.telethon.fr https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube-nocookie.com; img-src 'self' https://www.afm-telethon.fr https://www.facebook.com https://www.google.com https://www.google.fr https://bat.bing.com/ https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com/; media-src 'self' data:; object-src 'none'; script-src https: 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://tagassistant.google.com; style-src 'report-sample' https://www.googletagmanager.com https://tagassistant.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; worker-src 'none' 1
base-uri 'none'; frame-ancestors 'none'; object-src 'none'; script-src https: http: 'unsafe-eval' 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src 'none' 1
frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1
frame-src https://platform.twitter.com https://www.eucpn.org https://eucpn.org  https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.youtube.com; report-uri /report-csp-violation 1
frame-ancestors https://*.communaute-paysbasque.fr 1
default-src blob: https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' *.google-analytics.com *.analytics.google.com; img-src data: https://* 'self' *.google-analytics.com *.analytics.google.com 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg www.google.mu www.google.com.tj www.google.com.kw ajax.cloudflare.com www.google.com.pe www.google.li www.google.com.gh www.google.sn www.google.bj www.google.dz www.google.com.jm www.google.com.cu www.google.cd api.wp-rocket.me; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
default-src 'self'; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://optimize.google.com https://*.decibelinsight.net https://*.decibelinsight.com; connect-src 'self' https://www.google-analytics.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://*.egain.cloud https://optimize.google.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.co.uk https://www.facebook.com https://connect.facebook.net https://optimize.google.com data:; object-src data: 'unsafe-eval'; frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://bid.g.doubleclick.net https://optimize.google.com https://cdn.yoshki.com; font-src 'self' https://cdn.yoshki.com/ https://fonts.gstatic.com https://fonts.googleapis.com data:; 1
block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com https://scontent.cdninstagram.com https://*.cdninstagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tag.aticdn.net 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals ; base-uri 'self'; 1
frame-ancestors rextheme.com; 1
frame-ancestors http://programasgratis.searchmgr.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1
default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1
default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' data: blob:; block-all-mixed-content; connect-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-src 'self' data: blob: turing.captcha.qcloud.com turing.captcha.gtimg.com; img-src 'self' ce8dc832c.cloudimg.io data: i.ytimg.com *.baidu.com turing.captcha.qcloud.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; report-uri /nelmio/csp/report 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-UhrDaxzDu9/Iz7U0TALXb1iw' 'nonce-1m+rFBDcm37j6UXOtOPZ7rBk' 'nonce-LkPjAOiW8nqAsoei99SBFv9I' 'nonce-V63caMpp0oA1eQkNWGxHC9Az' 'nonce-pmqSqLnLlivXVC/qrNuWaNEs' 'nonce-K19LzMoJ5972h2mGGS13t4aY' 'nonce-IHlxJx2cAsMg+MAIVAX8Ujxp' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se *.bidtheatre.com chat.hotelchat.ai; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com *.cookiebot.com backend.chatbase.co; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com *.doubleclick.net chat.hotelchat.ai; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net *.chatbase.co; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src 'self' data: fonts.gstatic.com;img-src * data: ; 1
default-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; script-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; style-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; font-src 'self' https: http://www.portaleamministrazionetrasparente.it/ 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net https://cdn.chatbot.com widget.trustpilot.com www.dockx.be 'self'; img-src * data:; manifest-src www.dockx.be 'self'; media-src www.dockx.be; script-src www.dockx.be 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://cdn.chatbot.com https://bat.bing.com https://s.ytimg.com/ https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://prism.app-us1.com https://trackcmp.net https://*.clarity.ms https://c.bing.com widget.trustpilot.com; style-src www.dockx.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net www.canva.com *.youtube.com view.genial.ly view.genially.com climatefarmdemo.eu *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/ https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru https://mod.calltouch.ru/; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru https://e-m-l.ru blob: https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:* https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  cdn.jsdelivr.net unpkg.com player.vimeo.com www.vimeo.com f.vimeocdn.com static.userback.io www.google.com www.gstatic.com https://www.chipta.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com fonts.googleapis.com static.userback.io; img-src data: 'self' *.vimeocdn.com *.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.vimeo.com vimeo.com www.google.com https://iframeshop.chipta.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com https://static.userback.io; connect-src 'self' api.userback.io https://*.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 1
default-src 'self' data: wss://b24.sosedi.by google.com b24.sosedi.by https://www.google-analytics.com https://analytics.google.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://core-renderer-tiles.maps.yandex.net https://td.doubleclick.net https://api.mindbox.ru https://www.google.com https://www.google.by http://mc.yandex.ru https://bitrix.info; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru:* https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru/services/coverage/v2/* https://yastatic.net https://connect.facebook.net livechatv2.chat2desk.com https://b24.sosedi.by:* https://vk.com https://analytics.tiktok.com https://top-fwz1.mail.ru http://www.google-analytics.com http://maps.google.com https://bitrix.info https://api.mindbox.ru https://www.googletagmanager.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com https://*.mail.ru http://googleads.g.doubleclick.net http://cdn.voximplant.com; style-src 'self' 'unsafe-inline' b24.sosedi.by http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:*; img-src 'self' data: https:; font-src 'self' data: http://*.gstatic.com:*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; img-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; object-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; frame-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; 1
default-src 'self' https://www.chatbase.co https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://www.chatbase.co https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self'; frame-src 'self' https://www.chatbase.co https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/ https://lv.dialoglabor.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1
default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.pinimg.com *.pinimg.com *.pinterest.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://s.pinimg.com/ct/core.js https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js https://sc-static.net/sc-pixel-helper.min.js https://cdn.cookielaw.org *.mikmak.ai *.swaven.com https://disabledcdn.cookielaw.org/consent/b23995dc-7bfd-4b9e-aeb2-a7d4f5019cc8/OtAutoBlock.js; object-src 'self'; style-src 'self'  'unsafe-inline' *.jsdelivr.net *.ad.doubleclick.net *.monsido.com *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.typekit.net; img-src 'self' *.adsrvr.org *.doubleclick.net *.monsido.com *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.ipredictive.com https://di.rlcdn.com https://nova.collect.igodigital.com https://cdn.cookielaw.org *.mikmak.ai *.swaven.com; media-src 'self'; frame-src 'self' *.youtube.com *.pinterest.com *.youtube-nocookie.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.flashtalking.com *.googletagmanager.com *.mikmak.ai *.swaven.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.typekit.net *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.pinterest.com *.facebook.com *.onetrust.com *.tiktok.com *.google-analytics.com *.monsido.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com https://cdn.cookielaw.org *.analytics.google.com *.google.com *.mikmak.ai *.swaven.com https://insight.adsrvr.org/track/realtimeconversion; upgrade-insecure-requests 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com  cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1
frame-ancestors kinmen.travel www.kinmen.travel pwa.kinmen.travel 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: ; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.pencom.gov.ng/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.pencom.gov.ng/; 1
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
sandbox 1
default-src 'self' unpkg.com *.gstatic.com *.clarity.ms maps.googleapis.com google-analytics.com *.google-analytics.com *.analytics.google.com *.doubleclick.net www.google.com google.com delivery.clickonometrics.pl www.awin1.com static.criteo.net welovedata.go2cloud.org *.bing.com *.cookiebot.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com *.stbuttons.click *.sharethis.com *.googleapis.com maps.google.com cke4.ckeditor.com; font-src 'self' *.gstatic.com bat.bing.com *.sovendus.com data:; frame-src 'self' *.google.com google.com *.youtube.com *.cookiebot.com www.awin1.com bat.bing.com www.mainadv.com www.googletagmanager.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com data:; img-src 'self' data: *.google-analytics.com maps.gstatic.com maps.googleapis.com *.google.com *.clarity.ms www.google.pl www.awin1.com welovedata.go2cloud.org bat.bing.com www.facebook.com *.roeye.com *.cookiebot.com *.bing.com *.sovendus.com *.sharethis.com 'unsafe-inline' *.tpay.com tpay.com; media-src *; script-src 'self' www.google.com *.gstatic.com developers.google.com www.googletagmanager.com clarity.microsoft.com *.clarity.ms *.cookiebot.com delivery.clickonometrics.pl www.dwin1.com connect.facebook.net *.roeyecdn.com *.cloudflareinsights.com *.bing.com *.doubleclick.net *.sovendus.com *.sharethis.com 'unsafe-eval' 'unsafe-inline' *.googleapis.com maps.google.com cke4.ckeditor.com; style-src 'self' *.googleapis.com *.clarity.ms *.cookiebot.com *.sovendus.com bat.bing.com 'unsafe-inline' 1
default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com https://instapi.s3.rbx.io.cloud.ovh.net *.imagino.com https://metrics.fabriquedestyles.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.pinterest.com *.pinterest.net *.pinterest.fr *.analytics.google.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1
default-src 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com info.autobooks.co; script-src info.autobooks.co; object-src info.autobooks.co; style-src 'unsafe-inline' 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; img-src data: 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; frame-src info.autobooks.co; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com blob: https://*.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.surveymonkey.com https://js.stripe.com/v3/; img-src 'self' https://nzmca.s3.ap-southeast-2.amazonaws.com https://d1o3mhf2l0m2f4.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.surveymonkey.com; frame-src *.google.com https://*.doubleclick.net youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.stripe.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.surveymonkey.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com; worker-src blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-21cb4090bbc0f0d3d1244b9d5438411b' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.clarity.ms *.abtasty.com *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com https://image.comunicacionesdk.doctoraki.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com https://segurosbolivar.us-6.evergage.com https://cdn.evergage.com https://image.comunicacionesdk.doctoraki.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com  https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' https://*.kfassessment.com https://*.kfassessment.eu 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://api.getaddress.io https://*.google-analytics.com https://*.googletagmanager.com; font-src https://assets.nurserymilk.co.uk; frame-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; img-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/ data:; object-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; script-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' 'sha256-//t8DN+5PHt8HhW5JH2ig7gM5SCiAAJ19Gba5fqlebw='; style-src https://assets.nurserymilk.co.uk; report-uri /_csp/report 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-b329be46cf617a156689ac4e1d131ade' 'nonce-151a9ae68ab20a96225a6b6389f7b13a' 'nonce-3ac5829bfe43224988008e69da4f42f3' 'nonce-971e75021dade183341e4055a106cec4' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-b329be46cf617a156689ac4e1d131ade' 'nonce-151a9ae68ab20a96225a6b6389f7b13a' 'nonce-3ac5829bfe43224988008e69da4f42f3' 'nonce-971e75021dade183341e4055a106cec4' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com; child-src 'none'; connect-src 'self' 'unsafe-inline' *.backblazeb2.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com search.redballoon.work analytics.redballoon.work api.honeybadger.io secure.safewebservices.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa api.hubapi.com forms.hscollectedforms.net tags.srv.stackadapt.com cdn.getkoala.com api.getkoala.com api.hubspot.com webpack://*; default-src 'self'; font-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com fonts.gstatic.com; form-action 'self'; frame-ancestors www.youtube.com test.redballoon.dev *.redballoon.work; frame-src 'unsafe-inline' hemsync.clickagy.com www.youtube.com player.vimeo.com www.youtube-nocookie.com calendly.com iframe.cloudflarestream.com secure.safewebservices.com *.redballoon.work app.hubspot.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com; img-src 'self' https://www.idibu.com blob: assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: https://px.ads.linkedin.com https://t.co/1/i/adsct https://analytics.twitter.com/1/i/adsct track.hubspot.com forms.hsforms.com tags.srv.stackadapt.com; manifest-src 'self'; object-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com; script-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com www.youtube.com f.vimeocdn.com embed.cloudflarestream.com analytics.redballoon.work secure.safewebservices.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com snap.licdn.com static.ads-twitter.com px4.ads.linkedin.com js.hs-scripts.com js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.hs-analytics.net js.usemessages.com tags.srv.stackadapt.com cdn.getkoala.com api.getkoala.com www.idibu.com static.hsappstatic.net ; style-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: fonts.googleapis.com secure.safewebservices.com tags.srv.stackadapt.com 'unsafe-inline'; 1
frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1
default-src 'self';script-src 'self'; 1
frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1
default-src 'self'; font-src *; img-src * data:; script-src *; style-src *; 1
default-src 'self' 'unsafe-inline' ; img-src https://*; script-src 'self' 'unsafe-inline' https://sibforms.com/forms/end-form/build/main.js https://kit.fontawesome.com/51c52a1f48.js https://code.jquery.com/jquery-3.6.0.min.js; style-src 'self' 'unsafe-inline' http://sibforms.com/forms/end-form/build/sib-styles.css ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
default-src 'self';script-src 'self' 'nonce-Ea9Jsp9M0StbtiH1HPmSvJct/pgHpPfCugTDxaIC1Vc=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com https://*.vimeocdn.com;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com https://*.gstatic.com https://*.google.com https://*.google.se data: ;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.se https://*.doubleclick.net;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com https://*.doubleclick.net;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com; 1
base-uri 'none';child-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com;connect-src 'self' ws: wss: https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://assets.zuko.io https://api.zuko.io https://b9r8u7pkx0.execute-api.eu-west-1.amazonaws.com/v1/domains/homegroup.org.uk/forms/ https://zuko-session-replay-recordings-prod.s3.amazonaws.com/ webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com https://*.ttwstatic.com https://*.consultationonline.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://www.googletagmanager.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://*.ceros.com https://assets.zuko.io https://api.zuko.io https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://www.googletagmanager.com; 1
frame-ancestors 'self' 'hackintosh-olarila.com'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.googleapis.com youtube.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com *.doubleclick.net *.youtube.com cdn.jsdelivr.net unpkg.com lottie.host *.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.siteimprove.net *.curator.io *.google.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com curator-assets.b-cdn.net *.googletagmanager.com *.google.com.au *.google.com *.clarity.ms *.bing.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com *.google.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.siteimprove.com *.facebook.com td.doubleclick.net  player.vimeo.com *.googletagmanager.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net *.siteimprove.com api.curator.io *.addthis.com *.pingdom.net maps.googleapis.com *.google.com *.googlesyndication.com *.googleadservices.com *.clarity.ms; report-uri /report-csp-violation 1
frame-ancestors https://*.nileyouth.net 1
frame-ancestors https://*.posylka.de 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' wss://directline.botframework.com https://directline.botframework.com directline.botframework.com https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://*.algolia.net *.algolia.net https://*.algolianet.com *.algolianet.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://stats.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' https://*.faqbot.nz *.faqbot.nz https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://dnc.us5.list-manage.com dnc.us5.list-manage.com; frame-ancestors 'self'; frame-src 'self' wss://directline.botframework.com https://youtube.com youtube.com https://youtu.be youtu.be https://*.sharethis.mgr.consensu.org *.sharethis.mgr.consensu.org https://www.google.com www.google.com https://public.tableau.com public.tableau.com https://player.vimeo.com player.vimeo.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googleapis.com https://*.s3.ap-southeast-2.amazonaws.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://www.facebook.com www.facebook.com data:; media-src https://youtube.com youtube.com https://www.youtube.com www.youtube.com https://vimeo.com vimeo.com https://youtu.be youtu.be https://i.vimeocdn.com i.vimeocdn.com; object-src 'self'; script-src 'self' https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://sharethis.com sharethis.com https://*.sharethis.com *.sharethis.com https://*.googletagmanager.com *.googletagmanager.com https://www.google.com www.google.com https://gstatic.com gstatic.com https://public.tableau.com public.tableau.com https://code.jquery.com code.jquery.com https://www.google-analytics.com www.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://*.sharethis.js *.sharethis.js https://connect.facebook.net connect.facebook.net https://www.googletagmanager.com www.googletagmanager.com https://www.gstatic.com www.gstatic.com 'nonce-YmM3YzZiYmUwOTY5YTgyMDA3ZWM1M2VlMWU3NzM5MWY2MjM0YzFiMTZmNTFjYzA2MTQ1ZWE5YThiNDY2ODZhYmM5OGVmMTNhMzU3YzNmNzY3YmJjNGIzYTg1MjI0OWNkZTc5MGIxZjVlMWI2ZGE3YWI1ZDVhMjMwYWJhMmQ5YTc=' 'unsafe-eval'; style-src 'self' https://unsafe-inline unsafe-inline https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.google-analytics.com ssl.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-to csp-endpoint; upgrade-insecure-requests 1
upgrade-insecure-requests; block-all-mixed-content 1
default-src 'none'; connect-src 'self' *.google-analytics.com *.googlesyndication.com *.google.com chatling.ai; font-src 'self' data: *.googleapis.com *.gstatic.com *.typekit.net; frame-src *.google.com *.googletagmanager.com https://www.youtube-nocookie.com/ embed.chatling.ai; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net unpkg.com *.google.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.seznam.cz *.facebook.net lingq.io chatling.ai; style-src 'self' 'unsafe-inline' *.jsdelivr.net unpkg.com *.cloudflare.com *.googleapis.com *.typekit.net *.seznam.cz *.facebook.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trusted.cdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
frame-ancestors 'self' https://*.papajohns.com.sv ; object-src 'self' *.papajohns.com.sv ; img-src 'self' *.papajohns.com.sv  data: *.twimg.com *.twitter.com *.facebook.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.sv  *.statcounter.com *.facebook.net *.doubleclick.net *.google.com sailplays3.cdnvideo.ru res.cloudinary.com *.digitaloceanspaces.com *.bitworks.com.sv; script-src 'self' *.papajohns.com.sv 'unsafe-inline' 'unsafe-eval' data: *.twimg.com *.googletagmanager.com *.facebook.com *.google.com *.google.com.sv *.google-analytics.com maps.googleapis.com ajax.googleapis.com *.gstatic.com *.twitter.com *.statcounter.com *.facebook.net *.hotjar.io *.hotjar.com static.hotjar.com *.googleadservices.com cdnjs.cloudflare.com sailplay.ru sailplay.net *.sailplay.net sailplays3.cdnvideo.ru cdn.jsdelivr.net cdn.pushalert.co code.jquery.com *.bitworks.com.sv l.getsitecontrol.com static.cloudflareinsights.com papajohns.containers.piwik.pro ; 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; https://whitelabel.2u.com; 1
allow 'self' www.google-analytics.com ajax.googleapis.com; 1
default-src dock.ui.bosch.tech  *.hotjar.com wss://*.hotjar.com 'self'  https: *.vulcano.pt; media-src 'self' https: mycliplister.com; font-src 'self' *.hotjar.com wss://*.hotjar.com  *.vulcano.pt; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.vulcano.pt; script-src dock.ui.bosch.tech  https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1
frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1
base-uri 'none'; default-src 'self'; child-src https://www.youtube.com  https://skk.erecruiter.pl https://heyzine.com https://*.heyzine.com https://*.google.com https://www.googletagmanager.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com  https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src 'self' https://skk.erecruiter.pl https://*.seznam.cz https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com https://*.gstatic.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com  https://*.gstatic.com https://skk.erecruiter.pl https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com ttps://skk.erecruiter.pl 'unsafe-inline' 'unsafe-eval'; 1
allow 'self' *.onesignal.com; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-JglQj6PX/c3n1AtXwhS4fkUY+TTFNX3M/x4JjovL2tY=' 'sha256-gRjb7Pg9ekg78sSAQ935jMPX8YulX2dOQYx79CdC2uE=' 'nonce-FAqZZsBKXqoVNwlRsMDmQg=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://atal.pl https://*.atal.pl https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; img-src 'self' data: https://atal.pl https://*.atal.pl https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; object-src 'self' data: https://atal.pl https://*.atal.pl https://resimo.io https://*.resimo.io https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; frame-src 'self' data: https://atal.pl https://*.atal.pl https://resimo.io https://*.resimo.io https://googletagmanager.com https://*.googletagmanager.com https://googleapis.com https://*.googleapis.com https://oneappappsprd.z6.web.core.windows.net https://3destate.cloud https://*.3destate.cloud https://assets.3destate.cloud https://*.z6.web.core.windows.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.cloudflareinsights.com https://*.google.pl/ https://google.pl/ https://*.clarity.ms https://clarity.ms https://*.facebook.com https://facebook.com https://*.cloudflare.com/ https://cdnjs.cloudflare.com/ https://*.callpage.io https://cdn-widget.callpage.io; 1
frame-ancestors https://*.innovatrics.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com  ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src *.sibelga.be *.youtube.com *.youtube-nocookie.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net prod.sibelga2.marlon.be *.google.com https://playplay.com www.google.com www.gstatic.com; img-src * 'self' data: cdn-cookieyes.com *.cookieyes.com; manifest-src prod.sibelga2.marlon.be 'self'; script-src *.sibelga.be 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com *.youtube.com *.youtube-nocookie.com tagmanager.google.com snap.licdn.com cdn.matomo.cloud *.matomo.cloud www.google.com www.gstatic.com corsproxy.io *.cookieyes.com cdn-cookieyes.com; style-src prod.sibelga2.marlon.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
frame-src https://www.olisnet.com/ https://olisnet.com/ https://www.fa.olisnet.com/ https://www.tableau.olisnet.com/ https://www.edr.olisnet.com/ https://ebanking-auth.edmond-de-rothschild.eu/ 1
frame-ancestors https://huixquilucan.gob.mx 1
frame-ancestors 'self' *.giornaledellalibreria.it ; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1
form-action 'self' https://liverpoolcharity.franktesting.co.uk/search https://www.uhliverpoolcharity.org/search; default-src 'self'; frame-src 'self' https://indd.adobe.com/ https://gssapps.ebscohost.com/hee/searchboxes/nhs_athensonly.html https://www.youtube-nocookie.com *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com https://forms.office.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js https://www.youtube.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net *.google.com 1
default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.videoamp.com *.pixel.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fullstory.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js *.cloudflare.com *.mikmak.ai *.swaven.com https://sc-static.net/sc-pixel-helper.min.js; object-src 'self'; style-src 'self'  'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com *.typekit.net *.cloudflare.com *.monsido.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.videoamp.com *.pixel.tapad.com *.snapchat.com *.doubleclick.net *.mikmak.ai *.swaven.com *.analytics.yahoo.com *.adnxs.com *.abtasty.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/ https://img.youtube.com/ https://polandspring.bluetritonbrands.acsitefactory.com/sites/g/files/zmtnxh116/files/2024-08/promo-img.png; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.abtasty.com *.googletagmanager.com *.mikmak.ai *.swaven.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.mikmak.ai; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.abtasty.com *.typekit.net *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.fullstory.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net https://www.facebook.com *.google.com *.googleadservices.com *.mikmak.ai *.swaven.com https://rs.fullstory.com/s/settings/o-232TA0-na1/v1/web https://insight.adsrvr.org/track/realtimeconversion; upgrade-insecure-requests 1
base-uri https://admin.entegy.com.au https://*.vercel.app https://www.entegy.events https://*.entegy.com.au https://*.entegy.events;child-src *.hsforms.com;connect-src 'self' https://admin.entegy.com.au https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://*.vercel.live https://vercel.live https://*.hotjar.io wss://*.hotjar.com https://*.userback.io *.hubapi.com *.hscollectedforms.net *.hsforms.com *.vercel-insight.com *.hubspot-forms-static-embed.s3.amazonaws.com https://hubspot-forms-static-embed.s3.amazonaws.com;default-src 'self' https://admin.entegy.com.au https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://*.vercel.live vercel.live wss://*.hotjar.com https://*.hotjar.io;font-src 'self' fonts.adobe.com fonts.gstatic.com data: https://*.typekit.net typekit.net https://*.hotjar.com https://*.userback.io;form-action 'self' https://admin.entegy.com.au https://www.google.com https://forms.hsforms.com;frame-ancestors https://admin.entegy.com.au;frame-src https://www.google.com https://*.youtube.com *.hsforms.net *.hsforms.com https://vercel.live/;img-src 'self' https://admin.entegy.com.au https://www.googletagmanager.com www.w3.org data: https://maps.gstatic.com https://maps.googleapis.com https://*.hotjar.com https://i.ytimg.com https://*.youtube.com *.hsforms.net *.hsforms.com https://*.userback.io *.hubspot.com *.hs-embed-reporting.com;manifest-src 'self';media-src 'self' https://admin.entegy.com.au;object-src 'none';script-src 'self' 'unsafe-inline' https://admin.entegy.com.au https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://*.vercel.live https://vercel.live https://www.gstatic.com https://*.youtube.com https://*.userback.io *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com;style-src 'self' 'unsafe-inline' https://*.typekit.net typekit.net fonts.googleapis.com https://*.hotjar.com https://*.userback.io;worker-src 'self'; 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com letsgoeasy-koop.de; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://*.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://*.dengagecdn.com/ https://www.googletagmanager.com/ https://gtm.techcareer.net/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/ https://www.google.com.tr https://*.googlesyndication.com https://*.doubleclick.net https://cv.gcp.techcareer.net https://assets.efilli.com https://ep1.adtrafficquality.google/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://bundles.efilli.com/ https://*.doubleclick.net https://*.googlesyndication.com https://*.dengage.com https://ep2.adtrafficquality.google/sodar/sodar2.js;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self' blob:; 1
default-src 'self'; connect-src 'self' https://matomo.tdoescher.de; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://www.logbuch-bremerhaven.de https://www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.tdoescher.de https://connect.facebook.net; style-src 'self' 'unsafe-inline' 1
base-uri 'self';child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;connect-src 'self' *.amplitude.com *.analytics.google.com *.bing.net *.bing.com *.stream-io-api.com *.cloud.gist.build *.cloudinary.com *.cookieyes.com/ *.customer.io *.daily.co *.datocms-assets.com *.doubleclick.net *.facebook.com *.featuregates.org/ *.featureassets.org/ *.google-analytics.com *.google.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.ingest.de.sentry.io *.ingest.sentry.io *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.linkedin.com/ *.mux.com *.productfruits.com *.pusher.com *.refersion.com *.segment.com *.segment.io *.statsigapi.net/ *.trustpilot.com *.vercel-analytics.com *.vercel-insights.com *.youtube.com *.typeform.com adservice.google.com analytics.google.com browser-intake-datadoghq.eu cdn-cookieyes.com cdn.linkedin data: embed.acuityscheduling.com featuregates.org/ featureassets.org/ google.com prodregistryv2.org onesignal.com open.spotify.com statsigapi.net/ vercel.live/ wss://*.daily.co wss://*.intercom.io wss://*.productfruits.com wss://*.pusher.com wss://ws.hotjar.com wss://*.stream-io-api.com;default-src 'self';font-src 'self' *.hotjar.com *.intercomcdn.com *.typekit.net data: fonts.gstatic.com vercel.live;form-action 'self' *.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io;frame-ancestors 'self' *.flown.com;frame-src 'self' *.flown.com *.acuityscheduling.com *.daily.co *.doubleclick.net *.facebook.com *.gist.build *.googletagmanager.com *.gotolstoy.com *.hotjar.com *.refersion.com *.spotify.com *.stripe.com *.trustpilot.com *.trustpilot.io *.typeform.com *.vercel *.vercel.app *.youtube.com copilot.as.me daily.flown.com intercom-sheets.com preview.daily.flown.com vercel.live;img-src 'self' *.ap-south-1.amazonaws.com *.bing.com *.googlesyndication.com *.cloudinary.com *.customer.io *.facebook.com *.g.doubleclick.net *.getstream.io getstream.imgix.net *.google-analytics.com *.google.co.uk *.google.com *.intercomcdn.com *.intercomusercontent.com *.linkedin.com *.onesignal.com *.productfruits.com *.tenor.com *.twitter.com *.vercel.com *.ytimg.com data: blob: t.co vercel.com www.datocms-assets.com;manifest-src 'self';media-src 'self' *.mux.com blob://* www.datocms-assets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;object-src 'none';script-src 'self' 'nonce-b8b8faa18a4fa0fc536d04dc955b2e3633f0' 'sha256-+SoN4AYEO7MIojy8t+pMAZVDX7KhQzTQI+8i7LAo6HM=' 'sha256-111DY6ucUS2euDqh93ylFTnnaf+9aYuD3PJWCgYTn+w=' 'sha256-1QiKvWvaeuGeYkEbME0QclU2tCRDQDKlL0+XrFuFVmE=' 'sha256-4OZKYuOHAce0LSFazkaayEWT6JLiXt0Lgcre3+Sjuis' 'sha256-5hBVOyELPCqO/N8CikapnRXXhZz/HRHfgNRUZjqshG4=' 'sha256-BzHBoZ8xtfQm3LNTbReiluIPQRcxisgx2mdRNwpNHcU=' 'sha256-HNMk6SVD8tUFzYDasCBApUarqEuczJ8aXgX1n5N0p7Q=' 'sha256-I0qRwJzAAHaN1/K5UoQ0GuHLe7PtFhYYrrarj8PErRw=' 'sha256-IPgMRJYZUz8lznT1nRXD6HDFgXoVQQVY/3wT108wLLc=' 'sha256-L7S+VtFKJtIFUp0HP9li29GjkFAcQontRK8dW5uQsA8=' 'sha256-Y/Nm6FoRDI7eFQwN1V+6XqC4IbTg8tzyEPJSfNZBxME=' 'sha256-ccEm0GiYLjsbXK3KbKT4QFcC00OAoxtFYKLZSuMuo8k=' 'sha256-eJYOFA2XbEBxR3DHqvNKwdAh8lugXzY/fgrkbF2gzMo=' 'sha256-fApKFPeDHEwP3jIdVMBOuJMYDSkTooaFkD59Sp8RN0M=' 'sha256-grdef4AlM85kk/jkVX+XN4vPTxKfb/Kx7cURs8XZBDE=' 'sha256-l6DO/mJ8d7LuRBtvgk+eUTzCnCcJ6jXkDQ7iMTcjmmo=' 'sha256-tUnHUS+zXnbf2U7tp5cxVGi7KZn4YeMzH5kcUUtxnHc=' 'sha256-ylSwfDEamwBoNmPGoe40ma7y0SxPdtkxysEVLQnGNfw=' 'sha256-3s6LVAE1ivJpM/6p9skjGrYLK/vMgq5sJODz9qyTfVI=' *.acuityscheduling.com/ *.ads-twitter.com *.amplitude.com *.bing.com *.cookieyes.com *.customer.io *.daily.co *.facebook.net *.gist.build/ *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.intercom.io *.intercomcdn.com *.licdn.com/ *.onesignal.com *.productfruits.com *.refersion.com *.segment.com *.stripe.com *.trustpilot.com *.youtube.com accounts.google.com blob://* cdn-cookieyes.com embed.typeform.com onesignal.com vercel.live/ vitals.vercel-analytics.com vitals.vercel-insights.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com;style-src 'self' 'unsafe-inline' *.cookieyes.com *.intercom.io *.intercomcdn.com *.productfruits.com *.typeform.com cdn-cookieyes.com fonts.googleapis.com onesignal.com vercel.live;worker-src 'self' blob:;report-to default;report-uri https://flown-reports.uriports.com/reports/report; 1
default-src 'self' www.affidea.com 'unsafe-inline'; script-src 'self' www.affidea.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net hello.myfonts.net www.youtube.com www.googletagmanager.com cdnjs.cloudflare.com snap.licdn.com az416426.vo.msecnd.net connect.facebook.net www.facebook.com www.google-analytics.com px.ads.linkedin.com dc.services.visualstudio.com region1.google-analytics.com; img-src 'self' www.affidea.com; style-src 'self' www.affidea.com; script-src-elem 'elem' www.affidea.com affidea.com; style-src-elem 'self' www.affidea.com; media-src: 'self'; 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://maps.googleapis.com https://maps.gstatic.com data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://www.googletagmanager.com https://imgsct.cookiebot.com https://forms.hsforms.com https://perf-eu1.hsforms.com  https://26706590.fs1.hubspotusercontent-eu1.net https://www.google.de https://www.google.com; object-src data:; frame-src 'self' mailto: tel: *.krone-dev.cybob-one.com *.krone-agriculture.com https://js-eu1.hsforms.net/ https://*.mykrone.green https://mykrone.green https://*.krone.de *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com https://my.matterport.com https://forms-eu1.hsforms.com https://td.doubleclick.net https://www.googletagmanager.com ; script-src 'self' 'unsafe-inline' https://www.google.com https://forms-eu1.hubspot.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hsforms.net/forms/embed/v2.js https://js-eu1.hsforms.net https://js-eu1.hubspot.com *.clarity.ms https://www.youtube.com; connect-src 'self' https://pagead2.googlesyndication.com https://www.googleadservices.com *.clarity.ms	https://www.googletagmanager.com https://region1.analytics.google.com https://www.google.de https://www.google.com https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hubspot.com https://cta-eu1.hubspot.com https://f.clarity.ms https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1
img-src *; default-src 'self' blob: wss://*.transport.connect.eu-west-2.amazonaws.com *.cloudfront.net https://*.amazonaws.com *.one.network https://ukwest-0.in.applicationinsights.azure.com/v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.paypal.com *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com *.google-analytics.com *.analytics.google.com https://cdn-ukwest.onetrust.com data: 'unsafe-eval' 'unsafe-inline';  report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1
default-src 'self';    script-src         https://www.googletagmanager.com        https://www.googleadservices.com/pagead/conversion/        https://apis.google.com/        https://cc-cdn.com/generic/scripts/v1/cc_c2a.min.js        https://cc-cdn.com/utils/transl/v1.6.2/transliteration.min.js        https://checkoutshopper-test.adyen.com/checkoutshopper/sdk/        https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/	https://checkoutshopper-live.cdn.adyen.com/        https://*.cdn.adyen.com/checkoutshopper/sdk/        https://pay.google.com/        https://bat.bing.com/	https://googleads.g.doubleclick.net/        'self' 'unsafe-inline' 'unsafe-eval';    style-src         https://api.fonts.coollabs.io/        https://cc-cdn.com/generic/styles/v1/cc_c2a.min.css        https://checkoutshopper-test.adyen.com/checkoutshopper/sdk/        https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/	https://checkoutshopper-live.cdn.adyen.com/        https://*.cdn.adyen.com/checkoutshopper/sdk/        https://use.fontawesome.com/releases/v5.3.1/css/all.css        https://fonts.googleapis.com/        'self' 'unsafe-inline';    img-src         https://www.googletagmanager.com/        https://www.google.com/        https://www.google.gr/        https://www.gstatic.com/images/        https://googleads.g.doubleclick.net/	https://www.googleadservices.com/        https://cc-cdn.com/generic/styles/v1/        https://checkoutshopper-test.adyen.com/checkoutshopper/images/        https://checkoutshopper-live.adyen.com/checkoutshopper/images/	https://checkoutshopper-live.cdn.adyen.com/        https://*.cdn.adyen.com/checkoutshopper/images/        https://www.gstatic.com/instantbuy/svg/        https://ad.doubleclick.net/        https://bat.bing.com/	https://bat.bing.net/        data: 'self';    font-src         https://cdn.fonts.coollabs.io/        https://use.fontawesome.com/releases/        https://fonts.gstatic.com/        https://fonts.googleapis.com/        'self';    connect-src         https://partfinder.psaparts.co.uk/	https://webservice.2-power.com/        https://api.craftyclicks.co.uk/address/1.1/retrieve        https://api.craftyclicks.co.uk/address/1.1/find        https://api.craftyclicks.co.uk/address/1.1/countries        https://*.google-analytics.com        https://*.google.com/        https://google.com/	https://bat.bing.com/	https://bat.bing.net/	https://pagead2.googlesyndication.com/        https://checkoutshopper-test.adyen.com/checkoutshopper/        https://checkoutshopper-live.adyen.com/checkoutshopper/	https://checkoutshopper-live.cdn.adyen.com/	https://checkoutanalytics-live.adyen.com/	https://checkoutshopper-test.cdn.adyen.com/	https://checkoutanalytics-test.adyen.com/        'self';    frame-src         https://partfinder.psaparts.co.uk/        https://checkoutshopper-test.adyen.com/        https://checkoutshopper-live.adyen.com/	https://checkoutshopper-live.cdn.adyen.com/        https://www.googletagmanager.com/        https://pay.google.com/        https://*.fls.doubleclick.net/	https://eu.adyen.link/	https://td.doubleclick.net/        'self';    frame-ancestors 'self';    manifest-src         https://www.google.com/        'self'; 1
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.com *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/; img-src 'self' data: http://*; object-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/; frame-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/ https://youtube.com/; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src http: https: data:; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1
default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.googleadservices.com *.usercentrics.eu connect.facebook.net snap.licdn.com *.google.com *.linkedin.com *.doubleclick.net cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.docksal.site:* *.ddev.site:* *.gstatic.com chosen.js *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com *.usercentrics.eu cdn.jsdelivr.net cdnjs.cloudflare.com chosen.css; img-src 'self' data: *.google.com *.google.be *.facebook.com *.linkedin.com *.typekit.net *.icons8.com *.usercentrics.eu www.googletagmanager.com *.doubleclick.net *.hubspot.com; media-src 'self'; frame-src 'self' *.usercentrics.eu app.powerbi.com *.youtube.com *.google.com www.googletagmanager.com *.spotify.com *.apple.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com; connect-src 'self' *.google-analytics.com *.usercentrics.eu *.linkedin.com *.facebook.com *.google.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
default-src 'self' *.optimizely.com  https: s.webtrends.com *.mycliplister.com; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src www.bosch-professional.com bosch-professional.com 'self' https:; frame-ancestors 'self' www.bosch-professional.com bosch-professional.com https: 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://login.microsoftonline.com https://*.google-analytics.com https://*.analytics.google.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com  https://*.google.co.uk https://*.venturonet.com; font-src 'self' cdnjs.cloudflare.com https://fonts.gstatic.com data: https://*.venturonet.com; frame-src 'self' https://*.google.com/recaptcha https://*.google.com https://google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.venturonet.com; img-src 'self' data: https://*.disabledholidays.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.venturonet.com; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.google.com https://*.google.com/recaptcha https://*.gstatic.com/recaptcha https://*.venturonet.com 'nonce-65aXF1cSeR7y5Qy0ZMXKkw=='; style-src 'self' unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://*.venturonet.com 1
allow 'self' data: blob; 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com www.creativecomputerconsulting.ca *.tiktok.com *.ttwstatic.com;  1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.kisd.de https://kisd.de https://*.typekit.net https://www.google-analytics.com https://*.googleapis.com; style-src https: 'unsafe-inline' https://*.kisd.de https://kisd.de https://*.typekit.net https://*.googleapis.com; 1
default-src 'self' https://cdn.competitionsuite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://*.sentry-cdn.com https://js.stripe.com https://checkout.stripe.com https://cdn.firebase.com https://www.gstatic.com https://*.firebaseio.com https://kendo.cdn.telerik.com https://ajax.googleapis.com www.google-analytics.com ssl.google-analytics.com ajax.cloudflare.com https://ajax.cloudflare.com https://d3js.org sdk.amazonaws.com beacon-v2.helpscout.net static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://player.vimeo.com/ unpkg.com; style-src 'self' data: 'unsafe-inline' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cdn.competitionsuite.com https://competitionsuite.com https://cdn.competitionsuite.io https://cdn.competitionsuite.com https://vault.compsuite.io https://competitionsuite.blob.core.windows.net https://s3.amazonaws.com cs-profile-upload.s3.amazonaws.com www.google-analytics.com ssl.google-analytics.com http://kendo.cdn.telerik.com https://*.stripe.com d33v4339jhl8k0.cloudfront.net; frame-src 'self' https://js.stripe.com https://checkout.stripe.com https://player.vimeo.com *.firebaseio.com mozilla.github.io https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://cdn.competitionsuite.com files.competitionsuite.com https://socket.competitionsuite.com https://*.sentry.io wss://socket.competitionsuite.com wss://*.firebaseio.com https://s3.amazonaws.com *.stripe.com *.vimeo.com *.pndsn.com cs-video.s3.amazonaws.com cognito-identity.us-east-1.amazonaws.com www.google-analytics.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net https://sse.competitionsuite.com; media-src 'self' http://audio.competitionsuite.com https://audio.competitionsuite.com https://s3.amazonaws.com; report-uri https://sentry.io/api/1333530/security/?sentry_key=db3117a28c894c5ebfcaf7b702a4f22f&sentry_environment=production 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://disensa.com.ec/ https://*.disensa.com.ec; img-src 'self' data: blob: ; object-src 'self' data: blob: https://disensa.com.ec https://*.disensa.com.ec https://azurewebsites.net/ https://*.azurewebsites.net/; frame-src 'self' data: blob: https://disensa.com.ec https://*.disensa.com.ec https://azurewebsites.net/ https://*.azurewebsites.net/; 1
font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.productreview.com.au https://fonts.yieldify-production.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com https://sdk.giftflick.com.au https://libraries.unbxdapi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://ib.adnxs.com https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.eventbrite.com.au https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://bat.bing.com https://sdk.giftflick.com.au https://www.clarity.ms https://googleads.g.doubleclick.net https://cdn.taboola.com https://trc.taboola.com https://wave.outbrain.com https://secure.quantserve.com https://rules.quantcount.com *.retargeted.co https://wisepops.net https://cdn.wisepops.com https://cdn.wisepops.net https://app.getwisp.co https://loader.wisepops.com https://script.crazyegg.com https://ct.pinterest.com https://libraries.unbxdapi.com https://search.unbxdapi.com  *.amazonaws.com https://gateway.pmnts.io https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://static.elfsight.com https://cdn.pmnts.io https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://static.klaviyo.com https://static-tracking.klaviyo.com; default-src 'self' https://images.wineselectors.com.au https://vars.hotjar.com https://www.google.com https://www.facebook.com https://notifications.wisepops.com https://wisepops.net; connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://c.flx1.com wss://ws1.hotjar.com https://bacon.section.io https://in.hotjar.com https://www.facebook.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://tr.outbrain.com https://stats.g.doubleclick.net https://t.clarity.ms https://cds.taboola.com https://pips.taboola.com https://maps.googleapis.com *.retargeted.co  https://cdn.giftflick.com.au/ https://wisepops.net https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://search.unbxd.io https://www.pinterest.com https://*.unbxd.io https://*.s3.amazonaws.com https://tracking.popsplot.com.au https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://www.google.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://centinelapistag.cardinalcommerce.com https://writer.cardinalcommerce.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://gateway.pmnts.io https://centinelapi.cardinalcommerce.com https://*.execute-api.us-east-1.amazonaws.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://a.klaviyo.com https://*.cloudfront.net; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au https://phosphor.utils.elfsightcdn.com; object-src 'self' https://images.wineselectors.com.au; child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://www.instagram.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://www.google.com.au https://wineselectors.ipscape.com.au https://www.ojrq.net https://tracking.gopsjump.com.au https://*.yieldify.com https://ct.pinterest.com https://ct.pinterest.com https://td.doubleclick.net https://cdn.taboola.com https://wisepops.net https://tracking.popsplot.com.au https://www.googletagmanager.com https://geostag.cardinalcommerce.com https://*.elf.site/ https://geo.cardinalcommerce.com https://www.rsa3dsauth.co.uk https://centinelapi.cardinalcommerce.com https://mycardsecure.com https://secure7.arcot.com https://authentication.cardinalcommerce.com; frame-src *; 1
default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.cloudflare.com unpkg.com google.com mdbootstrap.com google-analytics.com *.googletagmanager.com tagmanager.google.com *.google.com static.ads-twitter.com *.hs-scripts.com *.facebook.net *.clarity.ms googleads.g.doubleclick.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.fw-cdn.com fw-cdn.com *.gstatic.com *.licdn.com *.freshchat.com *.newrelic.com *.youtube.com nonce-{SERVER-GENERATED-NONCE}; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.googleapis.com unpkg.com *.fontawesome.com mdbootstrap.com *.freshchat.com *.youtube.com; img-src 'self' data: https: googletagmanager.com; frame-src 'self' *.doubleclick.net *.freshchat.com *.flowpaper.com *.youtube.com *.google.com *.facebook.com; font-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com *.doubleclick.net; connect-src 'self' 'unsafe-inline' *.hscollectedforms.net *.google.com *.hubapi.com *.ads.linkedin.com *.doubleclick.net *.fwusercontent.com *.clarity.ms *.nr-data.net *.facebook.com googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data; img-src 'self' 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com 1
allow 'self'; frame-ancestors dev.togostanza.org 1
frame-ancestors 'self' https://weiterbildung.snv.ch/ 1
frame-ancestors 'self' eventmobi.com experience.eventmobi.com *.eventmobi.com * 1
default-src  'self' data:;font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com *.seznam.cz *.clarity.ms *.facebook.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com *.clarity.ms;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk *.leady.com *.clarity.ms;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz www.googletagmanager.com;object-src  'self' 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube-nocookie.com https://*.monday.com https://*.doubleclick.net https://*.slinger.to/ https://fonts.bunny.net/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.google.nl; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-oCXd5QzzjgAv77V0t3IOhQ=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/ https://fonts.bunny.net/; upgrade-insecure-requests 1
default-src 'self' https://www.advanzia.com https://app.usercentrics.eu https://api.usercentrics.eu https://uct.service.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://fonts.googleapis.com https://fonts.gstatic.com https://www.universign.eu https://app.universign.com https://www.google-analytics.com https://*.yieldify.com https://d33wq5gej88ld6.cloudfront.net https://dwmvwp56lzq5t.cloudfront.net https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.de https://www.google.com 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; default-src 'self'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com https://metrics.mehrwert.de https://api.usercentrics.eu https://app.usercentrics.eu https://graphql.usercentrics.eu https://consents.usercentrics.eu https://uct.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu; style-src https: 'unsafe-inline' https://www.junited-autoglas.de p-su0yn5.project.space https://www.youtube-nocookie.com https://metrics.mehrwert.de; frame-ancestors https://www.junited-autoglas.de https://p-su0yn5.project.space https://metrics.mehrwert.de; frame-src 'self' https://www.youtube-nocookie.com https://p-su0yn5.project.space https://metrics.mehrwert.de; form-action 'self'; font-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://fonts.gstatic.com; img-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com https://i.ytimg.com https://metrics.mehrwert.de; media-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com; object-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space; connect-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://metrics.mehrwert.de; 1
font-src 'self'; 1
img-src * data:; 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com ; img-src 'self' data: https://ssl.google-analytics.com https://www.linkedin.com ; style-src 'self' 'unsafe-inline' ; object-src 'none' 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://gssapps.ebscohost.com/ https://forms.office.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie  https://*.google.nl https://*.webspellchecker.net 1
base-uri 'self'; script-src 'self' www.googletagmanager.com graph.instagram.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com rawgit.com 'unsafe-inline' fontawesome.com www.youtube.com recaptcha.net s.ytimg.com 0.0.0.0:8080 'unsafe-eval' static.axept.io cdn.tailwindcss.com cdn.jsdelivr.net 1
frame-ancestors 'self' https://librairie-bayard.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src 'none'; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://siteintercept.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; report-uri /report-csp-violation 1
default-src https: https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io; frame-src https://bid.g.doubleclick.net https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/ https://bettercollect.elucidity.com.au https://tiktok.com https://gstatic https://googletagmanager; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://cdn.curator.io/ https://use.typekit.net/; font-src 'self' data: https://cdn.curator.io/ https://use.typekit.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.googletagmanager.com https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js https://player.vimeo.com https://bettercollect.elucidity.com.au; connect-src 'self' https://www.google-analytics.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://prod-apim-auseast-001.azure-api.net https://api.compassion.com.au https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com/g/  https://*.googletagmanager.com https://api.quickstream.westpac.com.au https://compassionau.force.com  https://compassionau.my.site.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.hotjar.io https://*.doubleclick.net/ https://api.curator.io/ https://vimeo.com https://bettercollect.elucidity.com.au https://www.googleadservices.com; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ https://*.google-analytics.com https://*.googletagmanager.com https://bettercollect.elucidity.com.au 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com cdn.ckeditor.com maps.googleapis.com *.polyfill.io *.google.com *.unpkg.com *.gstatic.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: maps.gstatic.com maps.googleapis.com imgsct.cookiebot.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com slant.co data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: region1.google-analytics.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; 1
frame-ancestors 'self' *.business.qld.gov.au 1
default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html  *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://o419240.ingest.sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com/ https://maps.googleapis.com https://maps.googleapis.com https://www.facebook.com/ cdn.datatables.net https://analytics.google.com/; font-src 'self' fonts.gstatic.com; frame-src https://www.youtube.com https://www.facebook.com https://web.facebook.com/ https://www.google.com/ https://youtube.com/ https://td.doubleclick.net/; img-src 'self' facebook.com flickr.com https://maps.gstatic.com/ https://maps.googleapis.com/ data: https://www.google.com https://www.google.rs https://i.ytimg.com https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' connect.facebook.net https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com 'nonce-LNtVxOs89eIzYxGo49Rwcg=='; style-src 'self' fonts.googleapis.com/css 'unsafe-inline' 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com https://www.jquery.com https://www.jqueryui.com;style-src 'self' *bootstrap.com; 1
strict-dynamic 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/; 1
default-src 'self' ; connect-src 'self' wss: * ; font-src 'self' fonts.gstatic.com use.fontawesome.com webshop.abahn.net ccchat.estpak.ee embed.tawk.to data: ; img-src blob: data: http: https: 'self' ; script-src 'self' cdn.modera.org *.salesfront.eu modera-serverless-microservices-assets.s3.eu-north-1.amazonaws.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.youtube.com www.gstatic.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com static.zdassets.com cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com ajax.googleapis.com maps.googleapis.com maps.google.com webshop.abahn.net banners.adnetmedia.lt mediabrands.containers.piwik.pro services.digitalmatter.ai scdn.cxense.com id.cxense.com track.adform.net s2.adform.net static.hotjar.com script.hotjar.com cdn.visitor.chat ccchat.estpak.ee snap.licdn.com cdn-cookieyes.com analytics.tiktok.com pagead2.googlesyndication.com embed.tawk.to plausible.io www.redditstatic.com delfilt.adocean.pl 'unsafe-inline' 'unsafe-eval' ; style-src data: 'self' cdn.modera.org *.salesfront.eu fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net webshop.abahn.net use.fontawesome.com ccchat.estpak.ee embed.tawk.to 'unsafe-inline' ; media-src http: https: 'self' ; base-uri 'self' ; object-src 'none' ; frame-src http: https: 'self'; upgrade-insecure-requests ; block-all-mixed-content; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; 1
default-src 'unsafe-inline' 'self' https://*.cloudflare.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.clarity.ms https://*.azureedge.net https://*.youtube.com https://*.dynamics.com https://*.azure.com https://pro.fontawesome.com; font-src 'self' data: https://pro.fontawesome.com; frame-src https://*.facebook.com https://*.google.com https://*.youtube.com https://*.doubleclick.net https://*.googletagmanager.com; img-src 'self' data: https://*.googletagmanager.com/ https://*.bing.com https://*.clarity.ms https://*.google-analytics.com/ https://*.google.com/ https://*.google.co.za https://*.facebook.com https://snap.licdn.com https://*.linkedin.com https://*.google.es https://*.dynamics.com https://*.azureedge.net https://i.ytimg.com https://*.doubleclick.net; 1
default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-AQHOU86NHG8IuFtHHXGxmQ'; style-src 'self' https://apis.google.com/* 'nonce-AQHOU86NHG8IuFtHHXGxmQ'; img-src * data: 1
frame-ancestors 'self' *.myhotelschool.nl ; 1
base-uri 'self' https://myprio.com https://www.myprio.com https://prio.pt https://www.myprio.pt https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com https://tile.openstreetmap.org; child-src 'self' https://www.googletagmanager.com https://app.powerbi.com gap:; frame-src 'self' https://www.googletagmanager.com https://app.powerbi.com gap:; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://app.powerbi.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org https://cdn.equalweb.com https://access.equalweb.com gap:; default-src 'self' https://shellfirst.pt https://tile.openstreetmap.org https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://app.powerbi.com gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org data:; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://app.powerbi.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org https://access.equalweb.com https://translate.google.com https://fonts.gstatic.com gap: data: blob:; media-src https://tile.openstreetmap.org; object-src https://www.googletagmanager.com https://tile.openstreetmap.org https://app.powerbi.com; plugin-types https://www.googletagmanager.com https://app.powerbi.com; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://app.powerbi.com https://tile.openstreetmap.org https://cdn.equalweb.com https://access.equalweb.com gap: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tile.openstreetmap.org https://cdn.equalweb.com https://access.equalweb.com https://access.equalweb.com/styles.taf https://www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' https://shellfirst.pt https://www.shellfirst.pt www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com gap:; report-uri 'self' /SecurityUtils/rest/Report/ReportViolations?Params=7%2BMnXESGWhMb%2BfpYbi7LGmsv0apuk4Wzsj%2BS%2BPCFrJE9wH4z11%2BOG4%2FaB96tIhrWjYILn6nKfu%2BMYXW9sxyZ9A%3D%3D; <frame-src><https://app.powerbi.com> 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; img-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; object-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; frame-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.s3.eu-west-1.amazonaws.com/ https://sleeknotestaticcontent.sleeknote.com/ http://*.sleeknote.com https://api.getdrip.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/; img-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com https://onsite-subscribe.getdrip.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/; object-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; frame-src 'self' data: blob: https://drip.com/ https://getdrip.com/ https://helpscout.com/ https://checkoutapi.svea.com/ https://tag.getdrip.com/ https://beacon-v2.helpscout.net/ https://sleeknotecustomerscripts.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.dripuploads.com/ https://secure.gravatar.com/ https://organicmakers.se/ http://*.sleeknote.com http://mailchimp.sleeknote.com/ https://onsite-subscribe.getdrip.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com https://api.infomaniak.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
allow 'self'; font-src 'self'; media-src *; img-src * 'self'; script-src 'self' https://*.gravatar.com https://ajax.googleapis.com; https://*.google.com; style-src 'self'; 1
default-src pagead2.googlesyndication.com *.google.com *.googleapis.com; base-uri 'self' local.pokevalue.fr; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.nr-data.net bam.eu01.nr-data.net pagead2.googlesyndication.com fundingchoicesmessages.google.com; font-src 'self' local.pokevalue.fr pagead2.googlesyndication.com fonts.gstatic.com fundingchoicesmessages.google.com; frame-src googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com; img-src 'self' local.pokevalue.fr data: cnyskjyfya.cloudimg.io pokevalue.fr www.pokevalue.fr pokevalue.be www.pokevalue.be pokevalue.ch www.pokevalue.ch m.media-amazon.com pagead2.googlesyndication.com *.googleusercontent.com; script-src 'self' local.pokevalue.fr pagead2.googlesyndication.com 'nonce-KfALch2NM3/w7SDTyS9JyA=='; style-src 'self' local.pokevalue.fr pagead2.googlesyndication.com fonts.googleapis.com fundingchoicesmessages.google.com; report-uri /csp/report 1
object-src 'self'; img-src 'self' data: *.pothysswarnamahal.com *.gstatic.com *.google.com *.googleapis.com *.payu.in https://chimpstatic.com *.googletagmanager.com *.facebook.net https://embedsocial.com https://pothys.my.site.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.co.in https://i.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pothysswarnamahal.com *.gstatic.com *.google.com *.googleapis.com *.payu.in https://chimpstatic.com *.googletagmanager.com *.facebook.net https://embedsocial.com https://pothys.my.site.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.co.in https://i.ytimg.com; style-src 'self' 'unsafe-inline' *.pothysswarnamahal.com *.gstatic.com *.google.com *.googleapis.com *.payu.in https://chimpstatic.com *.googletagmanager.com *.facebook.net https://embedsocial.com https://pothys.my.site.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.co.in https://i.ytimg.com; form-action 'self' *.pothysswarnamahal.com *.gstatic.com *.google.com *.googleapis.com *.payu.in https://chimpstatic.com *.googletagmanager.com *.facebook.net https://embedsocial.com https://pothys.my.site.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.co.in https://i.ytimg.com 1
block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src 'self' 'unsafe-inline'; img-src https://* 1
default-src 'self' https://cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1
default-src 'self'; img-src ; media-src data:; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google.com www.google.com *.analytics.google.com nr-data.net *.nr-data.net *.smartsuppchat.com *.clarity.ms *.smartsuppcdn.com bat.bing.com consentcdn.cookiebot.com wss://websocket-visitors.smartsupp.com cdn.jsdelivr.net googlesyndication.com *.googlesyndication.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net manager.eu.smartlook.cloud google.cz www.google.cz *.seznam.cz analytics.tiktok.com www.analytics.tiktok.com; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net; img-src 'self' w3.org data: xdigr.cz facebook.com *.facebook.com bat.bing.com *.seznam.cz *.cookiebot.com www.google.com www.google.cz files.smartsuppcdn.com c.clarity.ms *.bing.com www.googletagmanager.com *.cdninstagram.com *.fbcdn.net; media-src 'self' *.smartsuppcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google.com www.gstatic.com js-agent.newrelic.com consent.cookiebot.com consentcdn.cookiebot.com smartsuppchat.com *.smartsuppchat.com clarity.ms www.clarity.ms smartlook.com *.smartlook.com seznam.cz *.seznam.cz bing.com *.bing.com www.smartsuppchat.com facebook.net *.facebook.net *.smartsuppcdn.com googleads.g.doubleclick.net www.googleadservices.com ajax.cloudflare.com www.ajax.cloudflare.com static.cloudflareinsights.com www.static.cloudflareinsights.com analytics.tiktok.com www.analytics.tiktok.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.smartsuppcdn.com; worker-src 'self' blob: 1
frame-ancestors 'self';  script-src 'nonce-0fc4317049caf3eb34c7a4502afa9747' https://www.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.google-analytics.com/ profile.line-scdn.net data: https://cdnjs.cloudflare.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://cbks0.googleapis.com/ https://geo0.ggpht.com/; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; form-action 'self'; manifest-src 'self'; object-src 'self'; media-src 'self'; 1
object-src none; frame-src *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com https://pagead2.googlesyndication.com; frame-ancestors *.prod.acquia-sites.com *.gstatic.com *.google.com *.wec360.com *.snazzymaps.com https://snazzymaps.com https://pagead2.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-apac.purina.in; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-apac.purina.in 1
default-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; script-src 'self' data: 'unsafe-inline' northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com nvlt.co *.nvlt.co; object-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com nvlt.co *.nvlt.co; style-src 'self' data: 'unsafe-inline' northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; img-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; media-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; frame-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; font-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com; connect-src 'self' data: northvolt.com *.northvolt.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com nvlt.co *.nvlt.co sentry.io *.sentry.io 1
default-src 'self' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.fonts.gstatic.com  *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.b2clogin.com *.cookiescanportal.b2clogin.com  *.cookiescan.azureedge.net   *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b2clogin.com *.cookiescanportal.b2clogin.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.clickdimensions.com *.analytics-eu.clickdimensions.com *.gstatic.com *.fonts.gstatic.com *.google.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.cookiescan.azureedge.net  *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net https://px.ads.linkedin.com *.ads.linkedin.com *.typekit.net googlesyndication.com data:;style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.clickdimensions.com *.fonts.gstatic.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.typekit.net  *.cookiescan.azureedge.net  *.azureedge.net https://px.ads.linkedin.com data:;connect-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net  *.azureedge.net https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net *.linkedin.com *.typekit.net googlesyndication.com data:;font-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.typekit.net data:;img-src 'self' 'unsafe-inline' https://c5alliance.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.gravatar.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com https://snap.licdn.com *.facebook.net *.facebook.com *.doubleclick.net  data:;frame-src 'self' 'unsafe-inline' *.gstatic.com  *.google.com  *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.b2clogin.com *.cookiescanportal.b2clogin.com  ; 1
default-src 'self';  style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com;  script-src-elem 'self' https://*.googletagmanager.com 'unsafe-inline' blob: https://cdn-cookieyes.com https://*.bing.com https://*.licdn.com https://*.clarity.ms https://*.ariasystems.com https://*.jobscore.com https://vimeo.com https://*.vimeo.com https://*.sendbird.com https://cdn-cookieyes.com https://*.twitter.com https://*.zi-scripts.com https://*.quantserve.com https://*.tctm.co https://*.dealtale.com https://*.g.doubleclick.net https://*.pardot.com https://*.quantcount.com https://*.ads-twitter.com https://*.clickagy.com https://*.adsrvr.org;  style-src-attr 'self' 'unsafe-inline';  img-src 'self' data: https://*.bing.com https://*.ads.linkedin.com https://*.googletagmanager.com https://*.truste.com https://*.gravatar.com https://*.vimeocdn.com https://*.sendbird.com https://s3.us-west-2.amazonaws.com https://*.clarity.ms https://*.ml-attr.com https://cdn-cookieyes.com https://*.bing.com https://*.adnxs.com https://*.ml-api.io https://*.google.com https://*.google.co.uk https://*.quantserve.com https://t.co https://*.twitter.com https://*.clickagy.com https://*.g.doubleclick.net https://*.sitescout.com https://*.demdex.net https://*.rlcdn.com https://*.openx.nen https://*.agkn.com;  script-src-attr 'self' 'unsafe-inline';  script-src 'self' 'unsafe-eval';  connect-src 'self' https://*.ads.linkedin.com https://*.clarity.ms https://*.bing.com https://*.plyr.io https://*.sendbird.com wss://*.sendbird.com https://cdn-cookieyes.com https://*.cdn-cookieyes.com https://*.cookieyes.com https://*.google.com https://*.analytics.google.com https://*.zi-scripts.com https://*.quantcount.com https://*.zoominfo.com https://*.clickagy.com;  frame-src 'self' https://*.vimeo.com https://*.jobscore.com https://*.ariasystems.com https://*.googletagmanager.com https://*.doubleclick.net https://*.adsrvr.org;  font-src 'self' data: https://*.gstatic.com; 1
default-src 'self' data: https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.typeform.com https://*.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube-nocookie.com https://*.googlesyndication.com https://*.doubleclick.net https://*.slinger.to/ https://*.arep.co https://arep.co; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.facebook.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.typeform.com https://*.google-analytics.com https://*.googletagmanager.com https://*.slinger.to/ https://arep.co 'nonce-qFjPfza5br2Yq1cM8Iaafg=='; style-src 'self' 'unsafe-inline' https://*.typeform.com https://*.typekit.net https://*.googletagmanager.com https://*.slinger.to/; upgrade-insecure-requests 1
default-src 'none'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://*.vimeo.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://*.youtube.com https://*.vimeocdn.com; img-src data: 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be https://*.ytimg.com https://i.vimeocdn.com/ https://www.facebook.com/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://snapchat.com https://*.snapchat.com https://*.google.com https://*.google.be https://fonts.gstatic.com https://www.googletagmanager.com; manifest-src 'self'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js https://getintouch.group/wa-link.js 'nonce-mz0ELxBmJnHJJzlMm714Nw=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1
script-src 'self'; object-src 'self' 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.facebook.com https://www.linkedin.com https://px.ads.linkedin.com https://imgsct.cookiebot.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://www.google.de data: https://*.hsforms.com; object-src 'self' data:; frame-src 'self' *.googletagmanager.com *.youtube.com *.youtube-nocookie.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://www.krone-trailer.com https://publish.flyeralarm.digital https://*.hsforms.com; script-src 'self' 'unsafe-inline' https://snap.licdn.com https://connect.facebook.net https://www.googleadservices.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js-eu1.hsforms.net; connect-src 'self' https://consent.cookiebot.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://consentcdn.cookiebot.com https://*.hsforms.com https://*.amazonaws.com ;  font-src 'self' https://fonts.gstatic.com data:; media-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.spotify.com/ https://open.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://*.google.com https://*.google.be https://snazzymaps.com https://my.matterport.com https://donate.autoworld.be; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com 'nonce-DvMWTH5U0pGY51uEY8mHRg=='; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' https://www.careopinion.org.uk/ https://www.patientopinion.org.uk/ *.nhs.uk/ *.facebook.com/ https://www.youtube-nocookie.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://graph.facebook.com/ https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' https://video.cdninstagram.com/ 1
default-src 'self'https://www.osmo.com; style-src 'self' 'unsafe-inline' https://www.osmo.com  https://*.googleapis.com; script-src 'self' 'unsafe-inline' https://www.osmo.com https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://*.googleapis.com; frame-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.youtube.com; connect-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.youtube.com https://*.googlevideo.com; img-src 'self' data: https://tze982.saas.contentserv.com https://www.osmo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://*.gstatic.com https://*.ggpht.com https://*.googleapis.com https://imgsct.cookiebot.com; font-src 'self' https://www.osmo.com https://*.gstatic.com https://*.googleapis.com 1
default-src https: ;         form-action https: ;         script-src https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://optimize.google.com 'unsafe-inline' https://js-cdn.dynatrace.com https://*.kespro.fi https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://*.kesko.fi https://*.ksync.fi data: https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://dvkesk.analytics.solteq.solutions https://mktdplp102cdn.azureedge.net https://embed.feedbackly.cloud ;         style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' https://*.kespro.fi 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com https://embed.feedbackly.cloud ;         img-src https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://images.ctfassets.net https://optimize.google.com https://www.googletagmanager.com https://www.google.fi https://public.keskofiles.com https://analytics.google.com https://www.google.com https://*.kespro.fi https://kespro.fi https://*.kesko.fi https://*.ksync.fi data: https://stats.g.doubleclick.net https://www.kespro.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://www.facebook.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://resources.paytrail.com https://embed.feedbackly.cloud ;         font-src https://fonts.gstatic.com https://*.kesko.fi https://*.kespro.fi https://fonts.gstatic.com https://*.hotjar.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.ksync.fi data: https://*.feedbackly.com https://feedbackly.com https://embed.feedbackly.cloud ;         connect-src https://*.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://stats.g.doubleclick.net https://js-cdn.dynatrace.com https://*.kespro.fi https://www.kespro.com https://analytics.google.com https://*.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com https://www.facebook.com https://dvkesp.deepvision.cloud.solteq.com  https://*.hotjar.io https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://*.kesko.fi https://*.ksync.fi https://www.google.fi https://api.poeditor.com https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://dvkesptest.deepvision.cloud.solteq.com https://embed.feedbackly.cloud ;         frame-src https://optimize.google.com https://*.hotjar.com https://www.facebook.com  https://*.kespro.fi https://sync.ksync.fi https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com https://embed.feedbackly.cloud ;         frame-ancestors https://kespro.fi https://*.kespro.fi https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-raportit-dev.azurewebsites.net https://kespro-raportit-test.azurewebsites.net https://raportit.kespro.com http://kespro-toimitukset-dev.azurewebsites.net http://toimitukset-test.kespro.com https://kespro-reseptit-dev.azurewebsites.net https://reseptit-test.kespro.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com https://tarjooma-qa.kespro.com https://tarjooma.kespro.com http://toimitukset.kespro.com https://reseptit.kespro.com ;         block-all-mixed-content; upgrade-insecure-requests; report-uri https://kespro.report-uri.com/r/d/csp/enforce; report-to default; 1
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri https://idsrv.conveyweb.co.uk/identity/csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1
default-src data: 'self' https://*.hsforms.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.hsadspixel.net https://wisembly-content.s3.amazonaws.com/ https://js-eu1.hsforms.net/ https://appvizer.one/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://*.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.usemessages.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://region1.analytics.google.com https://forms.hscollectedforms.net https://www.google.fr https://api.hubspot.com https://appvizer.one https://ariadne.appvizer.one https://bat.bing.com https://forms.hsforms.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://fg.cdn.mediactive-network.net https://cta-eu1.hubspot.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://api-eu1.hubspot.com/livechat-public/v1/message/public; font-src data: 'self' https://fonts.gstatic.com; img-src data: 'self' https://wisembly-content.s3.amazonaws.com/ https://avada.studio https://s.w.org https://ps.w.org https://*.linkedin.com https://bat.bing.com https://blog.wisembly.com https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://fg.cdn.mediactive-network.net; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-src 'self' https://td.doubleclick.net/ https://*.liveboutique.io https://avada.studio https://static.hsappstatic.net https://app.hubspot.com https://forms.hsforms.com https://vars.hotjar.com https://www.youtube.com https://cta-eu1.hubspot.com; 1
default-src https:;                            style-src 'self' 'unsafe-inline' fonts.googleapis.com res.cloudinary.com code.jquery.com cdnjs.cloudflare.com 1
default-src 'none'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://use.typekit.net https://ajax.googleapis.com; object-src 'none'; style-src 'self' https://maxcdn.bootstrapcdn.com; img-src 'self' data: www.google-analytics.com; media-src 'none'; frame-src 'none'; font-src 'self' https://maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com 1
default-src 'self' * 'unsafe-inline' data: blob: 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1
default-src 'self' https://dev.shop.bioeg.de https://shop.bioeg.de https://shop.bzga.de; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://dev.shop.bioeg.de https://shop.bioeg.de https://shop.bzga.de data: https://piwik.bzga.de https://www.bioeg.de https://service.bzga.de https://www.bzga.de; frame-src 'self' *.frcapi.com/; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none';  frame-ancestors punchoutcommerce.com nasa.sharepoint.com ariba.com *.ariba.com sciquest.com *.sciquest.com jaggaer.com *.jaggaer.com punchout2go.com *.punchout2go.com google.com *.google.com apple.com *.apple.com colamco.com *.colamco.com 1
default-src 'self' *.typekit.net  *.doubleclick.net *.google.com.tr *.google.com google.com *.googletagmanager.com blob: data: tacirlerprotfoy.com.tr fxtcr.com 'unsafe-inline' 'unsafe-eval' *.tacirlermenkul.com.tr tacirlermenkul.com.tr tacirlermenkul.com.tr:8080 31.145.122.66 www.google-analytics.com www.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.amap.com *.dotomi.com *.tiktok.com; img-src 'self' data: *.google.com nexus.ensighten.com www.googletagmanager.com citiintl.122.2o7.net www.google-analytics.com www.google.co.in www.facebook.com *.dotomi.com *.tiktok.com; 1
frame-ancestors 'self' https://neocon.com 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
connect-src 'self' api.acdn.by mc.yandex.ru yandex.ru www.gstatic.com pagead2.googlesyndication.com an.yandex.ru log.strm.yandex.ru amc.yandex.ru storage.mds.yandex.net analytics.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google.com www.google.by google.com google.by stats.g.doubleclick.net www.facebook.com analytics.tiktok.com analytics-ipv6.tiktokw.us 'unsafe-inline'; font-src 'self' data: yastatic.net fonts.gstatic.com; frame-src yastatic.net mc.yandex.ru www.gstatic.com www.google.com google.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagmanager.com googletagmanager.com googleads.g.doubleclick.net td.doubleclick.net; img-src 'self' avatars.mds.yandex.net favicon.yandex.net data: api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yandex.ru dex.ru mc.yan mc.yandex.ru pagead2.googlesyndication.com www.googletagmanager.com googleads.g.doubleclick.net storage.mds.yandex.net amc.yandex.ru www.google.com www.google.by google.com www.facebook.com; manifest-src 'self'; script-src 'self' mc.yandex.ru yandex.ru api-maps.yandex.ru core-renderer-tiles.maps.yandex.net cdn.skypack.dev yastatic.net 'unsafe-inline' www.google.com google.com www.gstatic.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com 'unsafe-inline' connect.facebook.net analytics.tiktok.com; style-src fonts.googleapis.com 'self' 'unsafe-inline' 1
default-src 'self' *.google-analytics.com *.googletagmanager.com *.googlesyndication.com www.paypal.com consentcdn.cookiebot.com www.google.com region1.analytics.google.com *.skeepers.io; block-all-mixed-content; font-src 'self' data: *.googleapis.com *.gstatic.com *.fontawesome.com *.skeepers.io; frame-src 'self' *.youtube.com *.googletagmanager.com consentcdn.cookiebot.com *.google.com api-sogecommerce.societegenerale.eu www.paypal.com assets.braintreegateway.com c.paypal.com *.skeepers.io; img-src 'self' data: facebook.com flickr.com imgsct.cookiebot.com unpkg.com api-sogecommerce.societegenerale.eu *.openstreetmap.org s3-us-west-2.amazonaws.com t.paypal.com www.paypal.com www.paypalobjects.com b.stats.paypal.com c.paypal.com lhr.paypal.com lhr.stats.paypal.com paypal.sylius.com *.skeepers.io; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com *.googlesyndication.com *.google.com *.gstatic.com api-sogecommerce.societegenerale.eu www.paypal.com www.paypalobjects.com consentcdn.cookiebot.com *.skeepers.io; style-src 'self' 'unsafe-inline' unpkg.com *.googleapis.com api-sogecommerce.societegenerale.eu consentcdn.cookiebot.com *.skeepers.io 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; img-src 'self' data: https://*; object-src 'self' data: https://*; frame-src 'self' data: https://*; 1
default-src 'self' 'unsafe-inline'; 1
script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1
default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.youtube.com https://*.youtu.be https://*.youtube-nocookie.com https://youtube.com https://youtu.be https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://*.tiktok.com https://*.snapchat.com https://vimeo.com https://*.vimeo.com https://*.ticketmatic.com https://*.spotify.com https://*.scdn.co https://noembed.com https://cdn.plyr.io https://p.scdn.co; block-all-mixed-content; font-src data: 'self'; img-src data: 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.youtube.com https://*.ytimg.com https://i.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.scdn.co https://*.snapchat.com https://fonts.gstatic.com https://placeholder.inventis.be https://sparklink-dama.s3.eu-north-1.amazonaws.com https://lab.digital-asset.app; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.ytimg.com https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://cdn.plyr.io 'nonce-JY/gkXgkycSvHU5gOhQRGQ=='; style-src 'self' 'unsafe-inline' https://cdn.plyr.io; upgrade-insecure-requests 1
frame-ancestors https://pannonkincstar.hu 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; script-src-elem 'self' https://www.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://storage.googleapis.com https://*.google-analytics.com https://ems-be.plutos.one https://assets9.lottiefiles.com https://assets.lottiefiles.com https://www.googletagmanager.com https://www.google.co.in; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://assets.lottiefiles.com; media-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri https://plutos.one/api/csp-report/csp-report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://vlibras.gov.br https://www.vlibras.gov.br https://www.googletagmanager.com https://stackpath.bootstrapcdn.com https://d3vihgyoxouv8s.cloudfront.net https://unpkg.com https://cdn.jsdelivr.net https://s7.addthis.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://d3vihgyoxouv8s.cloudfront.net https://stackpath.bootstrapcdn.com https://unpkg.com https://emoji-css.afeld.me; img-src 'self' data: https://genesis.transparencia.cloud https://vlibras.gov.br https://cdn.jsdelivr.net; frame-src 'self' https://www.youtube-nocookie.com https://genesis.transparencia.cloud https://desaparecidos.transparencia.cloud/ https://www.socorro.se.gov.br/portaltransparencia/ https://docs.google.com/; font-src 'self' https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://d3vihgyoxouv8s.cloudfront.net https://vlibras.gov.br https://cdn.jsdelivr.net; connect-src 'self' https://www.google-analytics.com https://acessos.vlibras.gov.br https://dicionario2.vlibras.gov.br https://vlibras.gov.br https://cdn.jsdelivr.net; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://travelcontentsapp.com; img-src * data:; style-src 'self' 'unsafe-inline' https://travelcontentsapp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://travelcontentsapp.com; 1
default-src 'self'; script-src 'self'; connect-src 'self' 1
default-src 'none'; frame-ancestors 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://webassistant.onconnect.app; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net https://webassistant.onconnect.app; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net https://webassist.onconnect.app https://webassistant.onconnect.app https://produkswebassistsignalr18.service.signalr.net wss://produkswebassistsignalr18.service.signalr.net; manifest-src 'self'; base-uri 'none'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' assets.ubembed.com go.wastequip.com *.salesforceliveagent.com f4362c3f5e8c411ab3ae398736a68fcc.js.ubembed.com *.simpli.fi googleads.g.doubleclick.net service.force.com *.googletagmanager.com pi.pardot.com *.licdn.com connect.facebook.net bat.bing.com *.google-analytics.com pixel.visitiq.io *.userway.org *.olark.com *.quantcount.com *.quantserve.com; object-src 'self'; img-src 'self' *.quantcount.com *.quantserve.com cdn.userway.org; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' https://*.dev-constructor.dev https://*.test-constructor.dev https://*.stage-constructor.dev https://*.constructor.app https://academy.datarockstars.ai https://learn.constructor.university https://learn.acronis.com https://dummy-tenant-for-prod.alemira.dev https://lms.constructor.school https://learn.bpsme.com https://training.acronis.com https://acb806367890429f8b15bb6cb469f10a.constructor.pro https://certification.ardanlabs.training https://lms.learn.testing.stackfuel.com https://training-new.virtuozzo.com https://ai.eduquestonline.com https://portal.nexford.edu; object-src 'none'; frame-ancestors https://*.dev-constructor.dev https://*.test-constructor.dev https://*.stage-constructor.dev https://*.constructor.app https://academy.datarockstars.ai https://learn.constructor.university https://learn.acronis.com https://dummy-tenant-for-prod.alemira.dev https://lms.constructor.school https://learn.bpsme.com https://training.acronis.com https://acb806367890429f8b15bb6cb469f10a.constructor.pro https://certification.ardanlabs.training https://lms.learn.testing.stackfuel.com https://training-new.virtuozzo.com https://ai.eduquestonline.com https://portal.nexford.edu; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
default-src 'self' *.optimizely.com https:; media-src 'self'*.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https:; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://code.jquery.com/ https://www.praha14.cz:3000/ https://www.praha14.cz/bud/hot https://npmcdn.com https://*.praha14.cz/ https://maps.google.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://schema.org https://*.hcaptcha.com/ https://hcaptcha.com/ https://mapy.cz/ https://*.mapy.cz/ https://mapy.com/ https://*.mapy.com/ https://*.seznam.cz/ https://login.szn.cz/; img-src 'self' data: blob: https://secure.gravatar.com/ https://www.praha14.cz:3000/ https://thebridge.telenorsat.com/ https://npmcdn.com/ https://*.praha14.cz/ https://maps.google.com/ https://maps.googleapis.com/ https://server.arcgisonline.com/ https://cdnjs.cloudflare.com/ https://*.mapy.cz/ https://mapy.com/ https://*.mapy.com/ https://mapy.cz/ https://*.seznam.cz/ https://login.szn.cz/; object-src 'self' data: blob: https://*.praha14.cz/ https://docs.google.com/ https://*.mapy.cz/ https://npmcdn.com/ https://maps.google.com/ https://maps.googleapis.com/ https://*.hcaptcha.com/ https://www.youtube.com/ https://youtu.be/ https://mapy.cz/ https://mapy.com/ https://*.mapy.com/ https://frame.mapy.cz/ https://*.seznam.cz/ https://login.szn.cz/; frame-src 'self' data: blob: https://*.praha14.cz/ https://docs.google.com/ https://*.mapy.cz/ https://npmcdn.com/ https://maps.google.com/ https://maps.googleapis.com/ https://*.hcaptcha.com/ https://www.youtube.com/ https://youtu.be/ https://mapy.cz/ https://mapy.com/ https://*.mapy.com/ https://frame.mapy.cz/ https://*.seznam.cz/ https://login.szn.cz/; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com browser.sentry-cdn.com cdn.cookielaw.org s2.adform.net browser.sentry-cdn.com a.omappapi.com api.lytics.io bam.nr-data.net beacon.krxd.net bh.contextweb.com browser.sentry-cdn.com c.lytics.io cdn.krxd.net cdn.jsdelivr.net cdnjs.cloudflare.com consumer.krxd.net *.facebook.com connect.facebook.net cookie-cdn.cookiepro.com fast.wistia.com fast.wistia.net app.wistia.com googleads.g.doubleclick.net js.adsrvr.org js-agent.newrelic.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net js.hubspot.com js.sentry-cdn.com js.usemessages.com maps.googleapis.com pagead2.googlesyndication.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com tpc.googlesyndication.com www.gstatic.com www.google.com fast.wistia.net www.googletagmanager.com www.googleadservices.com www.googleoptimize.com www.google-analytics.com builder.lift.acquia.com *.dcbstatic.com *.youtube.com cdn.prod.uiadpi.com; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com builder.lift.acquia.com *.lytics.io a.omappapi.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net *.dcbstatic.com; img-src 'self' blob: data: cdn.cookielaw.org *.google.com.ar *.google.es *.t.co *.google.si *.googlesyndication.com *.lytics.io *.adsrvr.org *.hsappstatic.net *.hubspot.com *.omappapi.com embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.am *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net *.dcbstatic.com *.docebosaas.com; media-src blob: data: *.akamaihd.net *.wistia.com *.dcbstatic.com; frame-src 'self' *.dcbstatic.com *.dcbstatic.net block.opendns.com c.lytics.io vimeo.com match.adsrvr.org insight.adsrvr.org *.hs-sites.com *.hubspot.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net fast.wistia.net *.youtube.com; frame-ancestors 'self'; child-src 'self' blob: *.dcbstatic.net; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net *.omappapi.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' google.com cdn.cookielaw.org adservice.google.com *.google.com *.linkedin.com *.googlesyndication.com *.omappapi.com notify.bugsnag.com sessions.bugsnag.com us.perz-api.cloudservices.acquia.io *.ucweb.com hubspot-forms-static-embed.s3.amazonaws.com tjrqub0i2d.execute-api.us-east-1.amazonaws.com fast.wistia.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com *.docebosaas.com *.dcbstatic.com *.prod.uidapi.com prod.uidapi.com insight.adsrvr.org operator-integ.uidapi.com *.adsrvr.org *.thetradedesk.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 1
default-src *.tradehq.com *.tradehq.co.uk *.tradehq.com.au https://*.amazonaws.com/public.tradehq.com/ 'self'; script-src https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://cdnjs.cloudflare.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://*.raygun.io  https://*.jsdelivr.net https://*.googleapis.com 'unsafe-inline' 'unsafe-eval' 'self'; connect-src https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com/attachments.tradehq.com/ https://*.amazonaws.com/public.tradehq.com/ https://*.raygun.io https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk https://tradehq.com https://tradehq.com.au https://tradehq.co.uk 'self'; img-src https://*.amazonaws.com/public.tradehq.com/ https://www.google-analytics.com https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk https://tradehq.com https://tradehq.com.au https://tradehq.co.uk 'self' blob: https://maps.gstatic.com data: https://maps.googleapis.com; font-src https://tradehq.com https://tradehq.co.uk https://tradehq.com.au fonts.gstatic.com *.fontawesome.com https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk 'self' https://cdn.jsdelivr.net; style-src *.fontawesome.com fonts.googleapis.com *.tradehq.com *.tradehq.co.uk *.tradehq.com.au tradehq.com 'unsafe-inline' 'self' https://cdn.jsdelivr.net; base-uri 'self'; form-action 'self'; frame-src https://www.google.com https://*.tradifyhq.com https://js.stripe.com https://*.amazonaws.com/public.tradehq.com/ https://*.amazonaws.com/attachments.tradehq.com/ https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk 'self'; 1
object-src 'none'; base-uri 'none'; 1
frame-ancestors 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://device.mobilitysignage.com http://device.mobilitysignage.com 1
form-action 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src 'self';iframe-src 'self';child-src 'self';report-uri /Error/ContentSecurity 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com  *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; connect-src 'self' *.commerce-connector.com https://privacyportal-de.onetrust.com https://www.google.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1
default-src 'self'; frame-src 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://widgets.ebscohost.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolbar.speechstream.net/ *.cloudfront.net/ https://www.googletagmanager.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ http://cdnjs.cloudflare.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://plus.browsealoud.com/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cloudfront.net/ http://cdnjs.cloudflare.com/ https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.google-analytics.com/ https://speech.speechstream.net/ https://pronunciation.speechstream.net/  *.doubleclick.net/ https://www.google-analytics.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ https://translate.googleapis.com https://feeds.trac.jobs/ 1
default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1
connect-src 'self'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src  'unsafe-inline' ; font-src 'self'  data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' self; frame-src 'self'  blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' self; img-src 'self'  'unsafe-inline'  data: ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self'  s.w.org; object-src 'self' <object>; script-src 'self'  cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self'  'unsafe-inline'  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; worker-src 'self'  blob:; 1
allow 'self' 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.typekit.net https://*.youtube-nocookie.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com; object-src 'none'; script-src 'self' https://*.youtube.com https://*.vimeo.com 'nonce-NCe9r+p+RapKhDPtM92BDQ=='; style-src 'self' 'unsafe-inline' https://*.typekit.net; upgrade-insecure-requests 1
default-src 'self' https://chat.shellfire.de https://www.google.de https://maps.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.analytics.google.com https://*.googleapis.com https://*.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.google.com https://optimize.google.com https://www.sandbox.paypal.com https://www.paypal.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://*.sitegpt.ai https://cdn.jsdelivr.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.shellfire.de https://www.google.com https://maps.google.com https://www.google.net https://connect.facebook.net https://www.google.com https://www.google.net https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.googletagmanager.com https://static.ads-twitter.com https://analytics.twitter.com https://*.analytics.twitter.com https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.paypal.com https://cdn.cookie-script.com https://report.cookie-script.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://sitegpt.ai https://*.sitegpt.ai https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.facebook.net https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; img-src data: * ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://xscore.cc https://cdn.jsdelivr.net https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.googletagmanager.com; img-src 'self' data: https://xscore.cc https://img.youtube.com https://secure.gravatar.com https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://s.w.org; object-src 'self' data: https://xscore.cc https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' data: https://xscore.cc https://lkslodz.pl https://u2.lkslodz.pl https://www.youtube.com https://www.google.com https://www.twitter.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; 1
default-src 'none'; frame-ancestors 'self'; frame-src 'self' hhttps://challenges.cloudflare.com ttps://www.youtube-nocookie.com https://player.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.cqc.org.uk https://challenges.cloudflare.com https://feeds.trac.jobs https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com; font-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' data: https://www.cqc.org.uk https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; manifest-src 'self'; base-uri 'none'; form-action 'self'; media-src 'self'; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-9UbQyeeiKOUdTFUj' *.mypurecloud.ie js.monitor.azure.com static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com www.awin1.com *.stichtingdefriesland.nl *.cloudfront.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js bat.bing.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net bat.bing.net adservice.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.mypurecloud.ie wss://*.mypurecloud.ie *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com *.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com api-engage-eu.sitecorecloud.io/v1.2/events api-engage-eu.sitecorecloud.io *.cloudfront.net js.monitor.azure.com api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.* bat.bing.net ad.doubleclick.net adservice.google.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' *.klantenvertellen.nl;child-src 'self' *.mypurecloud.ie blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm *.klantenvertellen.nl www.googletagmanager.com player.springcast.app;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
allow *; options inline-script eval-script; 1
default-src 'self'; object-src 'none'; script-src 'self'; 1
default-src 'none';  script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self'; img-src _; media-src _ data:; script-src 'self' https://sc.lfeeder.com https://www.googletagmanager.com https://ws.zoominfo.com https://cdnjs.cloudflare.com; object-src 'none'; 1
base-uri 'self'; default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; style-src https: 'unsafe-inline' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; frame-ancestors https://*.mehrwert.de; frame-src 'self' https://*.mehrwert.de; form-action 'self'; font-src data: 'self' https://*.mehrwert.de; img-src data: 'self' https://*.mehrwert.de; media-src data: 'self' https://*.mehrwert.de; object-src data: 'self' https://*.mehrwert.de; connect-src data: 'self' https://*.mehrwert.de; 1
default-src 'self' www.fotoprofi.de img.fotoprofi.de https://pc-cdn.fra1.cdn.digitaloceanspaces.com/ rmail.fotoprofi.de c.emailsys2a.net cdn.pay1.de d.ratepay.com d.ratepay.de secure.pay1.de https://www.youtube-nocookie.com img.youtube.com i.ytimg.com analytics.google.com *.analytics.google.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com tagmanager.google.com *.tagmanager.google.com apis.google.com *.apis.google.com www.gstatic.com bat.bing.com bat.bing.net connect.facebook.net facebook.com *.facebook.com facebook.net *.facebook.net *.etrusted.com *.trustedshops.com *.saal-digital.net *.fotodiensteservice.de https://s3.eu-central-1.amazonaws.com/fra-webresources/ https://s3.eu-central-1.amazonaws.com/fra-webpages.shop.saal-digital.net/ fra-webresources.s3.eu-central-1.amazonaws.com photoservice.cloud https://*.loadbee.com/ availability.loadbee.com/v3/EAN/ https://cdn.loadbee.com https://content.syndigo.com/asset/ https://content.syndigo.com/page/ https://content.syndigo.com/site/ https://scontent.webcollage.net https://syndi.webcollage.net/site/xenudo-de-de/tag.js https://*.joomag.com/res_mag/ https://www.gravatar.com media.flixcar.com media.flixfacts.com *.flix360.com media.flixsyndication.net *.flix360.io syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com analytics.webgains.io api.webgains.io 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report.php; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://storage.googleapis.com/ https://sgvsbws.mycontent.ch https://maps.googleapis.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api-produkte.www.sabag.ch https://cmsv2-admin.sabag.ch.ufirst.io https://api-ecommerce.sabag.ch.ufirst.io;default-src 'self';font-src 'self' https://fonts.gstatic.com/;form-action 'self';frame-ancestors 'none';frame-src 'self' https://www.youtube.com;img-src 'self' https://static.produkte.sabag.ch https://sgvsbws.mycontent.ch https://storage.googleapis.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://*.google-analytics.com https://*.googletagmanager.com data: maps.gstatic.com *.googleapis.com *.ggpht.com https://cmsv2-admin.sabag.ch.ufirst.io;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://*.googletagmanager.com/ 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.youtube.com https://www.facebook.com/ https://*.cloudflare.com https://www.recaptcha.net/ https://www.google.com/ https://platform.twitter.com/ https://tvorimevropu.cz https://region1.google-analytics.com https://www.instagram.com https://www.instagram.com/embed.js https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net/ https://unpkg.com/; img-src 'self' data: blob: https://secure.gravatar.com https://*.ggpht.com https://*.fbcdn.net https://*.twimg.com https://*.w.org https://*.ytimg.com https://www.facebook.com/ https://www.euroskop.cz https://euroskop.uradvlady.online https://tvorimevropu.cz https://scontent.cdninstagram.com/ http://scontent.cdninstagram.com https://*.cdninstagram.com https://www.googletagmanager.com; object-src 'self' data: blob: https://www.youtube-nocookie.com https://www.youtube.com https://*.twitter.com https://anchor.fm https://*.spotify.com/ https://www.instagram.com; frame-src 'self' data: blob: https://www.youtube-nocookie.com https://www.youtube.com https://*.twitter.com https://anchor.fm https://*.spotify.com/ https://www.instagram.com; 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: *.leadinfo.net *.typekit.net fonts.gstatic.com;img-src 'self' data: *.google.be *.google-analytics.com *.google.com www.google-analytics.com *.omappapi.com i.ytimg.com *.leadinfo.net *.pascogifts.com pascogifts.com *.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.cloudflare.com cdn.jsdelivr.net *.googleapis.com www.youtube.com www.pascogifts.com *.doubleclick.net *.hotjar.com cdn.leadinfo.net *.googletagmanager.com *.omappapi.com consent.cookiefirst.com https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js *.google-analytics.com;style-src 'self' 'unsafe-inline' *.cookiefirst.com *.leadinfo.net *.omappapi.com *.googleapis.com *.typekit.net cdn.jsdelivr.net;report-uri /csp/violation/report;connect-src *.hotjar.com *.google-analytics.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.io *.cookiefirst.com *.leadinfo.com *.leadinfo.net *.pascogifts.com *.omappapi.com consent.cookiefirst.com *.analytics.google.com;frame-src *.doubleclick.net *.teamleader.eu www.youtube.com 1
child-src https://return.flexmail.eu https://www.flexmail.eu; report-uri /report-csp-violation; upgrade-insecure-requests 1
report-uri https://965e44c24aa117ace03d5bac50cc907c.report-uri.com/r/d/csp/reportOnly; report-to default; child-src 'self' ; connect-src 'self' *.wepowerconnections.com *.opayo.eu.elavon.com *.sciencebehindecommerce.com *.bing.com *.googleapis.com *.google-analytics.com *.google.co.uk *.googletagmanager.com *.wpengine.com yoast.com *.google.com *.doubleclick.net *.azurewebsites.net *.googlesyndication.com *.cookieyes.com cdn-cookieyes.com *.facebook.net *.facebook.com data: wss://am.freshrelevance.com *.freshrelevance.com *.sagepay.com *.elegantthemes.com ; default-src 'self' ; font-src 'self' *.honey.io *.gstatic.com *.bootstrapcdn.com data: application/x-font-woff *.bunny.net *.jsdelivr.net ; form-action 'self' *.rsa3dsauth.co.uk *.revolut.com *.monzo.com *.arcot.com *.cardinalcommerce.com *.facebook.com *.sagepay.com *.modirum.com *.apata.io *.sumup.com *.marqeta.com; frame-src 'self' *.googletagmanager.com *.youtube.com *.google.com *.vimeo.com *.facebook.com *.doubleclick.net blob: *.doubleclick.net *.awin1.com *.spotify.com ; frame-ancestors 'self' ; img-src 'self' https://thetanningshop.webpower.eu https://app.squeezely.tech https://t.squeezely.tech *.g.doubleclick.net *.wp.com *.facebook.net *.youtube.com *.googleapis.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google.ie *.google-analytics.com *.gstatic.com data: w3.org/svg/2000 blob: data *.vimeocdn.com *.google.co.uk *.facebook.com *.zenaps.com *.awin1.com *.cookieyes.com cdn-cookieyes.com *.ytimg.com *.bing.com *.w.org goo.gl *.perfmatters.io *.ggpht.com ; manifest-src 'self' ; media-src 'self' *.w.org data ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.awin1.com *.bing.com *.sciencebehindecommerce.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cloudflare.com *.youtube.com *.facebook.net *.cloudfront.net *.bootstrapcdn.com *.dwin1.com *.googletagmanager.com *.gstatic.com *.cookieyes.com cdn-cookieyes.com *.jsdelivr.net *.sagepay.com *.googleadservices.com; script-src-elem 'self' 'unsafe-inline' https://live.opayo.eu.elavon.com https://squeezely.tech *.googleadservices.com *.sciencebehindecommerce.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cloudflare.com *.youtube.com *.facebook.net *.cloudfront.net *.bootstrapcdn.com *.dwin1.com *.awin1.com *.googletagmanager.com *.gstatic.com *.jsdelivr.net *.cookieyes.com cdn-cookieyes.com *.bing.com *.sagepay.com ; script-src-attr 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.googleapis.com *.jsdelivr.net *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.bunny.net ; style-src-elem 'self' 'unsafe-inline' *.arwin1.com *.honey.io *.sciencebehindecommerce.com *.googleadservices.com *.bootstrapcdn.com *.googleapis.com *.cloudflare.com *.jsdelivr.net *.bunny.net *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' ; worker-src 'self' blob:; 1
base-uri 'self'; child-src 'self' gap: data:; frame-src 'self' gap: data:; connect-src 'self' jcapsystems.repay.io https://www.google-analytics.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com blob:; object-src 'self' data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=qPazqqe4w0lenIfPbnrE%2BNbO7eQg2YZSWB0VdTWAPwPY7vW6hIZU0m6KqdikNK2xWpakrnY4xfFfy4mdD0Dwhw%3D%3D; 1
img-src 'self' *.norma.fr https://piwik.norma-online.de https://captcha.liveidentity.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma.fr https://piwik.norma-online.de www.youtube.com blob:; object-src 'none'; font-src 'self' *.norma.fr; 1
default-src 'self'; img-src 'self'; 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fcmanrique.org https://*.fcmanrique.org https://maps.googleapis.co https://*.fontawesome.com https://*.google.com https://code.jquery.com https://*.gstatic.com/ https://pagead2.googlesyndication.com/ blob:; img-src 'self' data: blob: https://fcmanrique.org https://*.fcmanrique.org blob: https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.comlh6.ggpht.com https://cbk0.googleapis.com https://cbks0.googleapis.com https://khm0.googleapis.com https://khm1.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com; object-src 'self' data: blob: https://www.google.com; frame-src 'self' data: blob: https://www.google.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' blob: * https:; connect-src * blob:; 1
default-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://static.digitalchargingsolutions.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; frame-src 'self' https://pay.sandbox.datatrans.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; img-src 'self' https: data: https://cpo-logo.digitalchargingsolutions.com https://static.digitalchargingsolutions.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com ; style-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; font-src 'self' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; 1
default-src 'self' ; media-src 'self' *.mycliplister.com mycliplister.com ; font-src 'self' https: ; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1
default-src  *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.tiktok.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.pinimg.com *.fullstory.com *.monsido.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js https://ct.pinterest.com/ https://ct.pinterest.com/static/ct/token_create.js https://sc-static.net/sc-pixel-helper.min.js *.nprapps.org *.mikmak.ai *.swaven.com; object-src 'self'; style-src 'self'  'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.monsido.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com https://analytics.tiktok.com  *.typekit.net; img-src 'self' *.adsrvr.org *.doubleclick.net *.google-analytics.com *.monsido.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: https://di.rlcdn.com https://cdn.cookielaw.org *.mikmak.ai *.swaven.com; media-src 'self' *.acsitefactory.com; frame-src 'self' *.youtube.com *.doubleclick.net *.snapchat.com *.amazon-adsystem.com *.googletagmanager.com *.google.com *.adsrvr.org *.flashtalking.com https://analytics.tiktok.com *.eprize.com *.pinterest.com *.mikmak.ai *.swaven.com https://ct.pinterest.com/ https://bluetriton-bestiesquiz.shared-a.apollo.prod.aws.eprize.net/; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.mikmak.ai ; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.typekit.net *.mikmak.ai *.swaven.com; connect-src 'self' *.doubleclick.net *.pinterest.com *.snapchat.com *.adsrvr.org *.insight.adsrvr.org *.fullstory.com *.facebook.com *.onetrust.com *.tiktok.com *.google-analytics.com *.monsido.com *.mapbox.com *.nr-data.net *.igodigital.com https://cdn.cookielaw.org *.analytics.google.com *.google.com *.mikmak.ai *.swaven.com https://insight.adsrvr.org/track/realtimeconversion https://analytics-ipv6.tiktokw.us/ipv6/enrich_ipv6 https://analytics-ipv6.tiktokw.us/ipv6/enrich_ipv6 https://ct.pinterest.com/user/ https://tr.snapchat.com/p https://insight.adsrvr.org/track/realtimeconversion https://tr6.snapchat.com/p https://analytics-ipv6.tiktokw.us/ipv6/enrich_ipv6'ng-sys.com; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google.se *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com *.redditstatic.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com *.reddit.com ; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com *.googletagmanager.com *.doubleclick.net *.issuu.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com *.reddit.com  *.redditstatic.com *.facebook.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.uno.uk/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 1
frame-src * 1
default-src 'none'; frame-ancestors 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-access.limbic.ai/ https://cdn.ebo.ai/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline'  data: https://limbic-web-bot.s3.eu-west-2.amazonaws.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' *.sentry.io *.mixpanel.com *.limbic.ai *.postcodes.io *.getaddress.io *.gov.uk *.nhs.uk *.ipify.org http://icanhazip.com/ wss://directline.botframework.com https://directline.botframework.com https://midlands-configuration.ebo.ai https://midlands-conversation.ebo.ai https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net; manifest-src 'self'; base-uri 'none'; form-action 'self' https://*.ebscohost.com/login.aspx; 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com https://i.vimeocdn.com https://i.ytimg.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com *.google-analytics.com vimeo.com; 1
default-src 'self' 'unsafe-inline' https://www.google.com https://www.facebook.com https://*.krxd.net https://*.adsrvr.org https://download-video.akamaized.net/ https://www.googletagmanager.com https://*.addthis.com https://www.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://vod-progressive.akamaized.net https://*.myfonts.net https://*.callrail.com https://*.vimeo.com https://connect.facebook.net https://*.doubleclick.net https://*.crazyegg.com https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.vimeocdn.com https://js-agent.newrelic.com https://bam.nr-data.net; img-src 'self' blob: data: https://www.googletagmanager.com https://*.adsrvr.org https://*.demdex.net https://*.krxd.net https://insight.adsrvr.org https://www.google.com https://www.facebook.com https://www.google-analytics.com https://*.doubleclick.net https://cdn.cookielaw.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.userway.org *.gstatic.com *.contextweb.com *.doubleclick.net *.googleadservices.com *.calendly.com calendly.com *.akamaihd.net *.cmsuapps.com *.typekit.net *.googletagmanager.com stats.sa-as.com *.brightcove.com *.brightcove.net *.google-analytics.com *.pardot.com stats.g.doubleclick.net go.us.medical.canon www.google.com vjs.zencdn.net *.boltdns.net *.brightcovecdn.com *.googleapis.com *.youtube.com *.twimg.com *.ytimg.com www.gstatic.com *.gravatar.com *.twitter.com *.seismic.com; frame-ancestors 'self' *.pardot.com *.salesforce.com *.seismic.com 1
default-src 'unsafe-inline' 'self' data: *.eru.cz *.eru.gov.cz *.googleapis.com nia.identitaobcana.cz app.powerbi.com fonts.gstatic.com cdn.jsdelivr.net *.youtube.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz unpkg.com datawrapper.dwcdn.net; report-uri /report-csp-violation 1
frame-ancestors DENY 1
connect-src 'self' https://*.paypal.com wss://*.paypal.com wss://*.upscope.io https://*.upscope.io https://sjmvgfnyja.execute-api.us-west-2.amazonaws.com https://mig-prod-connect-p-storg-bkt.s3.us-west-2.amazonaws.com https://d1lz30fckg5qs2.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://*.transport.connect.us-west-2.amazonaws.com https://analytics.google.com https://www.google.com https://www.google-analytics.com  https://google.com https://googleads.g.doubleclick.net https://forms.hscollectedforms.net  https://stats.g.doubleclick.net https://*.cloudfront.net https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com https://*.segment.com https://*.segment.io https://*.px-cdn.net https://*.pxchk.net https://*.px-cloud.net https://*.mercuryinsurance.com 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1
default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru  http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data:  http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1
frame-ancestors https://www.twoa.ac.nz 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://*.calendly.com/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.list-manage.com/ https://calendly.com/ https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG https://google-analytics.com/ https://googletagmanager.com/ https://maps.google.com/ https://maps.googleapis.com/ https://platform.twitter.com/widgets.js https://s3.amazonaws.com/ https://stats.wp.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; img-src 'self' data: https://*.google-analytics.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.ytimg.com/ https://google-analytics.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://googletagmanager.com/ https://gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://pixel.wp.com/ https://translate.googleapis.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; object-src 'self' data: https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; frame-src 'self' data: https://zohoadmin-dynatouch.zohobookings.com* https://zohoadmin-dynatouch.zohobookings.com/portal-embed#/billpaykiosks https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; 1
frame-ancestors 'self' piwik.betaalvereniging.nl; 1