Values for x-content-security-policy:
default-src 'self'; img-src *; media-src * data:; 376
frame-ancestors 'self' 201
allow 'self'; 49
default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 42
img-src *; media-src * data:; 40
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 36
report-uri /report-csp-violation 28
default-src 'self'; script-src 'self'; 22
default-src 'self' 18
report-uri /report-csp-violation; upgrade-insecure-requests 16
default-src 'self' 'unsafe-inline' 15
default-src 'self'; 14
default-src 'self'; script-src 'self' 'unsafe-inline' 11
frame-ancestors 'none' 9
upgrade-insecure-requests 9
sandbox allow-scripts allow-popups allow-same-origin; 8
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/; form-action *; reflected-xss block; upgrade-insecure-requests; 8
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 6
frame-ancestors https://*.marketo.com 6
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 6
frame-ancestors 'self'; 6
6
allow 'self'; media-src *; img-src *; script-src *; style-src *; 6
upgrade-insecure-requests; 5
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 5
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 5
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 4
frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 4
frame-ancestors 'self' weleda.sabio.de 4
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 4
frame-ancestors https://app.storyblok.com/ 4
script-src 'self' 4
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 3
block-all-mixed-content 3
allow-scripts allow-popups allow-same-origin; 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 3
nosniff 3
allow 'self'; options inline-script eval-script; frame-ancestors 'self' 3
frame-ancestors 'self' https://*.felgenoutlet.de 3
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 3
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; img-src 'self$ 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 3
reflected-xss block 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 2
default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: https://cookie-cdn.cookiepro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://code.jquery.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com 2
style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://app.guestoo.de https://my.visme.co 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 2
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 2
frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 2
default-src 'self'; script-src 'self' 2
base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 2
frame-ancestors 'self' https://www.staging6.oldstreetsolutions.com https://staging6.oldstreetsolutions.com 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bosch-tt.kittelberger.net bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' www.google.com www.facebook.com wss://*.hotjar.com  *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineaccess1.com https: dc.services.visualstudio.com dl.episerver.net s.ytimg.com *.imi.chat js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net cds-sdkcfg.onlineaccess1.com d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com www.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net connect.facebook.net bat.bing.com cdn.cookielaw.org js.hsforms.net forms.hsforms.com js.hsleadflows.net js.hs-scripts.com js.hs-analytics.net *.onetrust.com cdn.cookielaw.org js.hs-banner.com *.hotjar.com *.hotjar.io www.gstatic.com lh3.googleusercontent.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 8316073.fls.doubleclick.net www.googleadservices.com *.google.com ssl.google-analytics.com www.youtube.com js.adsrvr.org *.umpquabank.com; style-src 'self' 'unsafe-inline' *.imi.chat https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com dl.episerver.net js.hs-scripts.com js.hs-analytics.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com *.ads.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net *.hotjar.com connect.facebook.net bat.bing.com cdn.cookielaw.org 8316073.fls.doubleclick.net js.hsforms.net forms.hsforms.com js.hs-banner.com fonts.googleapis.com tagmanager.google.com;  img-src 'self' 'unsafe-inline' *.imi.chat https: lh3.googleusercontent.com dc.services.visualstudio.com *.hotjar.com *.hotjar.io *.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com stats.g.doubleclick.net bat.bing.com px.ads.linkedin.com *.hubspot.com p.adsymptotic.com gateway.zscalerthree.net cdn.cookielaw.org *.umpquabank.com www.googletagmanager.com insight.adsrvr.org www.linkedin.com pixel.advertising.com ib.adnxs.com pixel.rubiconproject.com *.adsrvr.org cm.g.doubleclick.net t.co  x.bidswitch.net   dsum-sec.casalemedia.com  simage2.pubmatic.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' *.imi.chat wss://*.hotjar.com https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com *.hotjar.com:* *.hotjar.io www.google-analytics.com cdn.cookielaw.org *.hubspot.com forms.hsforms.com stats.g.doubleclick.net rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' *.imi.chat https: *.q4cdn.com *.adsrvr.org www.theroishop.com www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com forms.hsforms.com *.umpquabank.com *.hotjar.com *.hotjar.io bid.g.doubleclick.net player.megaphone.fm 9395210.fls.doubleclick.net platform.mi.spglobal.com *.youtube.com *.onetrust.com cdn.cookielaw.org player.ooyala.com *.q4web.com;font-src 'self' 'unsafe-inline' *.imi.chat https: *.umpquabank.com *.hotjar.com *.hotjar.io fonts.gstatic.com  data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 2
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2
default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src  *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl  https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net  data:; object-src 'none'; 2
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 2
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 2
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 2
default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com; img-src * data: *.crazyegg.com acsbapp.com *.acsbapp.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com; report-uri /report-csp-violation 2
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 2
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 2
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none' 2
allow 'self';  x-xss-protection: 1; mode=block 2
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 2
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 2
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 2
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 2
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 2
frame-src * 2
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-qybs789xa-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 2
self 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/25034534.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://snap.licdn.com/; object-src 'none'; frame-ancestors 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.ew.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-BCmr8HVmxTeqpJKkVAzykONsImMUzagRe/vT827a0HhLfkUm'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 1
policy-uri /parivahan//'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.instyle.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de blob: data:; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self' http: https: go.addigy.com https://*.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com https://*.pantheonsite.io wss://ws.hotjar.com;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https:  pages.addigy.com;img-src 'self' data: https://app-app.addigy.com https://www.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com  http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://aorta.clickagy.com https://b.sf-syn.com https://dev.visualwebsiteoptimizer.com https://alb.reddit.com https://forms.hsforms.com https://track.hubspot.com https://*.linkedin.com https://ps.eyeota.net https://match.adsrvr.org https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://ml314.com https://obseu.bzcclandlord.com https://cm.g.doubleclick.net;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfamily.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 1
script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'  1
frame-ancestors 'self' *.griffith.edu.au 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com  https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.learnreligions.com 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
default-src data: wss://*.sptpub.com wss://*.ln.md:* wss://ln.md:* wss://*.7777.md:* wss://7777.md:* wss://*.7777gaming.tech:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://ln.md https://*.ln.md https://7777.md https://*.7777.md https://apis.google.com https://fonts.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.comm100.io https://*.comm100download.com https://www.googleadservices.com https://www.google.com https://*.google.bg https://*.google.md https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net  https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://*.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.adform.net/ https://*.hotjar.com https://*.trafficjunky.com/ https://*.cloudflareinsights.com https://cloudflareinsights.com https://7777gaming.xyz/ https://*.7777gaming.xyz https://7777gaming.tech/ https://*.7777gaming.tech  https://sb2integration-altenar2.biahosted.com https://sb2clientstatic-altenar2.biahosted.com https://sb2frontend-altenar2.biahosted.com https://sb2auth-altenar2.biahosted.com https://sb2betslip-altenar2.biahosted.com https://wgt-s3-cdn.statscore.com https://widgets.sir.sportradar.com https://lmt.fn.sportradar.com https://widgets.fn.sportradar.com/  https://sb2bets-altenar2.biahosted.com https://sb2bonus-altenar2.biahosted.com https://sb2betbuilder-altenar2.biahosted.com/ https://sb2streaming-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2lottery-betscalculator-altenar2.biahosted.com/ https://sb2platformoperations-altenar2.biahosted.com/ https://hu-sb2frontend-altenar2.biahosted.com/ https://hu-sb2bets-altenar2.biahosted.com/  https://fbstreambro.cc https://embed.twitch.tv https://spbro.live https://*.spbro.live https://ctrack.trafficjunky.net/ https://storage.googleapis.com/ ; frame-ancestors 'self' *.ln.md *.7777.md 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com polyfill.io unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com *.simpli.fi tag.demandbase.com pagead2.googlesyndication.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' p.dlx.addthis.com www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms um.simpli.fi * data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
frame-ancestors 'self' *.iza.org; 1
frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'self' 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /report-csp-violation 1
frame-ancestors; none 1
default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://eoy-appeal-2024-2.raisely.com/ https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://*.qualtrics.com/ https://beyondblue.elmotalent.com.au/; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/; frame-ancestors 'self' https://beyondblue-npsp.my.salesforce-sites.com/; 1
ALLOW-FROM https://app.storyblok.com/ 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.agriculture.com 1
default-src 'self' 'unsafe-eval' *.bundesverfassungsgericht.de; base-uri 'self' *.bundesverfassungsgericht.de; style-src 'self' 'unsafe-inline'*.bundesverfassungsgericht.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de *.bundesverfassungsgericht.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de *.bundesverfassungsgericht.de; connect-src 'self' *.itzbund.de *.bundesverfassungsgericht.de; frame-ancestors 'self'; worker-src 'self'; 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
default-src 'self' *.googleapis.com cdnjs.cloudflare.com danord.gdi-sh.de efi2.schleswig-holstein.de efi.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com danord.gdi-sh.de *.digsy.land; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr *.schleswig-holstein.de https://danord.gdi-sh.de https://cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.vimeo.com https://matomo.schleswig-holstein.de 'sha256-Z63e+VFsLCeJvcIIADffuk58gwH7zpv5jIPJITytEps=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' *.schleswig-holstein.de 'sha256-Iv6+ueUCwCo7hxRPKs4x5N9MLe5bAOcJqKOJNkpFa4Q=' 'sha256-hwQ3jJFF76RYXz5z/h9KPxxCmJrIWmkrPI/0ue3TTVA=' 'sha256-jJH1V3gDESBl63xPMOf/g+/WVSLp61k6VjeyPRt1KKQ=' https://danord.gdi-sh.de 'sha256-4klLXXsGOpjKz3t5aaLNu/fwLVb7TxsGq0CBc4UUkGM=' cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com *.materna.de; object-src 'none' 'self' multimedia.gsb.bund.de; media-src 'self' blob: https://multimedia.gsb.bund.de *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookies.com https://youtu.be https://vimeo.com; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de https://danord.gdi-sh.de *.podigee-cdn.net *.readspeaker.com *.kaltura.com *.seminareonlinebuchen.de; frame-src cdn.podigee.com *.podigee-cdn.net *.umweltdaten.landsh.de *.schleswig-holstein.de danord.gdi-sh.de *.google.com *.gstatic.com *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.fr danord.gdi-sh.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr https://matomo.schleswig-holstein.de *.schleswig-holstein.de https://danord.gdi-sh.de https://sg.geodatenzentrum.de *.seminareonlinebuchen.de *.umweltdaten.landsh.de *.cdninstagram.com hht.infomaxnet.de dam.destination.one *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net; worker-src blob: 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' bam.harri.com harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com new.harri.com fr.new.harri.com es.new.harri.com ru.new.harri.com de.new.harri.com pl.new.harri.com ar.new.harri.com tr.new.harri.com live.harri.com liveschedule.harri.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com https://client.crisp.chat *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 1
base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=8GLgSIw6S54kHcDv29V9Pycq5L4fJBR0OCpIoSUcXq%2Bbt7VFcuyi0Qv78N1M1cli19F12RWp%2FsBEyLiSiJvMPg%3D%3D; 1
frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com https://virtualtour.csbsju.edu 1
frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org 1
default-src 'self' https://*.tv1.eu http://*.tv1.eu 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru  *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.bitrix24.ru *.roistat.com top-fwz1.mail.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1
default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com www.googleadservices.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net ad.doubleclick.net *.google.ca *.gstatic.com *.googletagmanager.com; media-src 'self' 'unsafe-inline' youtube.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com  onelink-edge.com  googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com bid.g.doubleclick.net *.company-target.com youtu.be; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com *.linkedin.com *.google.com *.g.doubleclick.net *.analytics.google.com *.google.ca *.demandbase.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi https://public.flourish.studio/ https://fonts.googleapis.com/; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai data.reactandshare.com https://public.flourish.studio/; media-src 'self'; font-src 'self' https://public.flourish.studio/; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai cdn.reactandshare.com data.reactandshare.com https://public.flourish.studio/ *.monitor.azure.com *.cdn.applicationinsights.io; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai networkmigri.boost.ai prh.boost.ai data.reactandshare.com *.in.applicationinsights.azure.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com https://public.flourish.studio/; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
default-src 'self' 'unsafe-inline' region1.analytics.google.com www.google-analytics.com *.google.com *.google.it *.printfriendly.com www.unescap.org unescap.org static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com https://www.google-analytics.com *.printfriendly.com www.unescap.org unescap.org static.cloudflareinsights.com ajax.cloudflare.com *.flickr.com platform.twitter.com *.youtube.com *.cloudflare.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com www.unescap.org unescap.org *.fontawesome.com  *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com ajax.cloudflare.com *.cloudflare.com repository.unescap.org; img-src 'self' 'unsafe-inline' data: *.google-analytics.com *.google.it *.google.com *.googletagmanager.com www.unescap.org unescap.org repository.unescap.org youtube.com www.youtube.com i.ytimg.com *.staticflickr.com *.twitter.com *.google.co.th; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com www.unescap.org unescap.org *.unescap.org *.twitter.com *.canva.com *.powerbi.com; child-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com www.unescap.org unescap.org; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.jsdelivr.net www.unescap.org unescap.org *.cloudflare.com; connect-src www.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net www.unescap.org unescap.org cloudflareinsights.com repository.unescap.org; report-uri /report-csp-violation 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de; block-all-mixed-content 1
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 1
frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 1
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=a7eq7lFK5viON8mJBprz9X1HZKcMSk29wN7DSHSXBlKW7uFWOK3osquyhswFXZ7%2B3GlJGxvJi3KzhBKCPB%2B1qw%3D%3D; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv https://cdn01.spd.de https://mitgliedwerden.spd.de ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de https://socialwall.spd.de https://cdn01.spd.de https://*.spd.de https://*.openstreetmap.de https://images.admiralcloud.com ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net https://sipg.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://umfragen.spd.de https://t3prod.admiralcloud.com https://player.admiralcloud.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; connect-src 'self' https://analytics.spd.de https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de https://mitgliedwerden.spd.de ; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'.de datawrapper.dwcdn.net; 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ https://www.onemap.gov.sg *.dcube.cloud *.wogaa.sg *.demdex.net s.yimg.com *.evergage.com https://dataplane.rum.ap-southeast-1.amazonaws.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://www.onemap.gov.sg https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://cdn.evgnet.com/ https://cdn.evergage.com/ https://tagmanager.google.com https://www.googletagmanager.com https://bat.bing.com .yahoo.com .yahoodns.net s.yimg.com sp.analytics.yahoo.com *.yimg.com 'sha256-EltsDipbnEG0YsYxV4cppQIJsmW2izi1abiYZxFCjis=' 'sha256-h1fUiJjnt0URa9CRwnwhJT0ig1omj4+zbW09yMKok5A=' *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg; frame-ancestors 'none' 1
frame-ancestors 'self' cmsv2.zebrix.net 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.dailypaws.com 1
frame-ancestors 'self' *.force.com *.salesforce.com; 1
font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de  'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
frame-src 'self' 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report 1
default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
sandbox; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
default-src 'self';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self';font-src 'self';style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; 1
default-src 'self' static1.clickandboat.com; connect-src 'self' https://api.clickandboat.com static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io; img-src 'self' static1.clickandboat.com static2.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ https://blog.clickandboat.com/ data: blob: quasar.clickbo.at *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org; script-src 'unsafe-eval' 'self' static2.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net *.paypal.com 'unsafe-inline' 'nonce-RhAndeHTsE4HS30ZMvCpYg=='; style-src 'self' static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-LEixhhO9Bts5i/RN' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.midwestliving.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1
default-src 'self' data: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob:; media-src 'self' data: https: blob:; frame-src 'self' data: blob: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'none';frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self'; 1
default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' http://*.usercentrics.eu:* https://*.usercentrics.eu:* http://*.usercentrics.eu https://*.usercentrics.eu wss://*.usercentrics.eu 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob: https://*.reactful.com http://*.reactful.com; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.eelv.fr/ https://*.issuu.com/ https://sourcemaps.issuu.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://www.youtube.com/ http://*.ufederation.com/ https://*.eelv.fr/; img-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/ https://*.ytimg.com/ https://*.twimg.com/ https://platform.twitter.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://*.dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ https://www.youtube.com/ http://*.ufederation.com/ https://*.eelv.fr/; object-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/ https://*.youtube.com/ https://www.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.youtu.be/ https://*.vimeo.com/ https://*.spotify.com/ https://*.issuu.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.soundcloud.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://typeform.com/ https://*.dailymotion.com/ https://dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ http://*.ufederation.com/ https://*.eelv.fr/; frame-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/ https://*.youtube.com/ https://www.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.youtu.be/ https://*.vimeo.com/ https://*.spotify.com/ https://*.issuu.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.soundcloud.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://typeform.com/ https://*.dailymotion.com/ https://dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ http://*.ufederation.com/ https://*.eelv.fr/; 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-T4T2PoMtde6AV7+rmVCz2g==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
default-src 'self'; connect-src 'self' https://*.usercentrics.eu https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://*.ekir.de; frame-src 'self' https://*.usercentrics.eu https://umap.openstreetmap.fr https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://*.usercentrics.eu https://*.openstreetmap.fr https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; frame-ancestors 'none'; 1
default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
frame-ancestors https://*.holman.com 1
frame-ancestors * 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.gsb.bund.de; media-src 'self' *.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /eur/report-csp-violation 1
frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv  *.github.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://kin.test https://e3-kinaxis-build.pantheonsite.io https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site https://dev-kinaxis-build.pantheonsite.io https://test-kinaxis-build.pantheonsite.io https://fenix-kinaxis-build.pantheonsite.io; report-uri /report-csp-violation 1
block-all-mixed-content; frame-ancestors 'self' 1
default-src 'self';               frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com https://forms.hsforms.com;               frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://vmecharttest3 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://maps.googleapis.com               https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com                https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai               https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://vmecharttest3 https://snap.licdn.com;              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com;               font-src 'self' https://fonts.gstatic.com https://code.jquery.com;               form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com;               img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://maps.gstatic.com               https://hyropublic.blob.core.windows.net https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com               https://www.google.com https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com;              connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net               wss://web.hyro.ws/widget-client https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://app.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com;              object-src 'none';              base-uri 'self';              media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1
report-uri /admin/config/system/seckit/csp-report 1
connect-src 'self' idx.liadm.com *.doubleclick.net *.linkedin.com cdn.linkedin.oribi.io consentcdn.cookiebot.com maps.googleapis.com www.google-analytics.com player-telemetry.vimeo.com region1.google-analytics.com 132vod-adaptive.akamaized.net 62vod-adaptive.akamaized.net *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' *.podigee-cdn.net fonts.gstatic.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src 'self' cdn.yoshki.com *.taylorwessing.com form.typeform.com tw.bryter.io *.podigee.io *.podigee-cdn.net *.newsmailservice.de *.soundcloud.com *.podcasts.apple.com *.spotify.com *.fliplet.com sites-taylor-wessing.vuturevx.com v6.newsmailservice.de app.livestorm.co *.buzzsprout.com consentcdn.cookiebot.com player.vimeo.com www.google.com *.youtube.com taylorwessing.foleon.com datastudio.google.com lookerstudio.google.com; img-src *.siteimproveanalytics.io *.linkedin.com *.cookiebot.com *.taylorwessing.com www.taylorwessing.com 'self' data: i.vimeocdn.com maps.googleapis.com maps.gstatic.com www.google-analytics.com www.gstatic.com videoapi-sprites.vimeocdn.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'self' *.taylorwessing.com blob: www.taylorwessing.com; script-src-elem  *.taylorwessing.com *.podigee-cdn.net embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com *.vimeocdn.com *.licdn.com *.hotjar.com  'unsafe-inline' www.google-analytics.com  'self' consent.cookiebot.com consentcdn.cookiebot.com f.vimeocdn.com maps.googleapis.com www.buzzsprout.com www.google.com www.googletagmanager.com www.gstatic.com extend.vimeocdn.com; style-src-elem 'unsafe-inline' 'self' *.podigee-cdn.net embed.typeform.com  f.vimeocdn.com fonts.googleapis.com hello.myfonts.net www.gstatic.com; worker-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.woodmagazine.com 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com fundingchoicesmessages.google.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1
allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
frame-ancestors *.mastercardconnect.com 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-9222560f40553864b29d80e1c25b74db' 'nonce-3baf2f168509f379fd247545c75969b1' 'nonce-5112003dc970bfb576aa9aff74b82cf4' 'nonce-0bbc0f071bddfd42d8868f34dc39a8ad' 'nonce-5a93b7f35ab3ae05b45186374596ad25' 'nonce-6acfd28c609c9dfc79cc0885b823fca4' 'nonce-fa186929e662b31633696ef0f00051e3' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9222560f40553864b29d80e1c25b74db' 'nonce-3baf2f168509f379fd247545c75969b1' 'nonce-5112003dc970bfb576aa9aff74b82cf4' 'nonce-0bbc0f071bddfd42d8868f34dc39a8ad' 'nonce-5a93b7f35ab3ae05b45186374596ad25' 'nonce-6acfd28c609c9dfc79cc0885b823fca4' 'nonce-fa186929e662b31633696ef0f00051e3' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.buymusic.club wss://ws.hotjar.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors 'none'; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com 'nonce-GADDSZ24uNKdNL6qwewsPw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com www.googletagmanager.com adservice.google.ru adservice.google.com.ua *.google.com *.mail.ru vk.com *.buzzoola.com ajax.googleapis.com cackle.me *.cackle.me *.sape.ru code.createjs.com ad.slickjump.com slickjump.com sjsmartcontent.ru googletagmanager.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru cdn.al-adtech.com *.al-adtech.com; connect-src 'self' an.yandex.ru strm.yandex.ru mc.yandex.ru mc.yandex.com yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru sjsmartcontent.ru *.al-adtech.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com https://*.analytics.google.com https://*.youtube.com/ https://analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com; 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io  *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr  *.youtube.com  *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.vectary.com  *.instagram.com *.facebook.com *.cdninstagram.com  *.pinterest.com  *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com  *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com  *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.pinterest.com *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com  *.contentsquare.net *.contentsquare.com  *.contentsquare.fr  *.google-analytics.com  *.soyooz.com  *.mxpnl.com  code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com  googleads.g.doubleclick.net  *.facebook.net  *.tradelab.fr  *.pinimg.com *.inbenta.services *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com  *.soyooz.com  *.atlantic.fr  *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com 1
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-v3dLZ1akjoGqFbmE4dVvAyqPLYoc20Pp' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1
default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de  platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com *.twitter.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.instagram.com *.cdninstagram.com *.bund.de *.bundesbots.de https://twemoji.maxcdn.com https://pbs.twimg.com https://cdn.jsdelivr.net https://www.kununu.com https://assets.kununu.com; frame-ancestors 'self'; 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
base-uri 'none';child-src 'none';connect-src 'self' https://analytics.gam3s.gg https://staging.api.gam3s.gg/ http://localhost:3001/ http://localhost:3002/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://staging.api.polkastarter.gg/ https://api.polkastarter.gg/ https://dev.api.polkastarter.gg/ https://polkastarter-cms-staging.herokuapp.com/graphql https://polkastarter-cms.herokuapp.com/graphql https://api.twitch.tv https://cms.polkastarter.gg/graphql http://127.0.0.1:1337/graphql https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com wss://ws-mt1.pusher.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.cookie3.co https://*.arbitrum.io/rpc;default-src 'self';font-src 'self' data: https://*.hotjar.com;form-action 'self' *;frame-ancestors http://127.0.0.1:* https://polkastarter.gg https://www.polkastarter.gg https://www.gam3s.gg https://gam3s.gg;frame-src 'self' *;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://video.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://embed.twitch.tv https://player.twitch.tv/ https://www.youtube.com/ https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live http://embed.typeform.com https://browser.sentry-cdn.com https://va.vercel-scripts.com https://cdn.vercel-insights.com https://*.hotjar.com http://*.hotjar.com https://*.cookie3.co;style-src 'self' 'unsafe-inline' http://embed.typeform.com;worker-src 'self'; 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com https://maps.googleapis.com *.clarity.ms https://c.bing.com;frame-src https://www.youtube.com https://bid.g.doubleclick.net *.cookiebot.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=';style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;manifest-src https://www.wefact.nl 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self'; 1
default-src 'self' multimedia.gsb.bund.de medien.bmi.bund.de; base-uri 'self'; font-src 'self'  data: medien.bmi.bund.de; style-src 'self' 'unsafe-inline' *.twitter.com medien.bmi.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com   medien.bmi.bund.de; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de  *.newsletter2go.com hls-hd.myrasec.de     medien.bmi.bund.de; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de video.bundesregierung.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net hls-hd.myrasec.de cdnjs.cloudflare.com medien.bmi.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io *.linkedin.com; img-src 'self' blob: data: *.google.com *.gstatic.com social.bund.de muenster.im *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com cdnjs.cloudflare.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de  *.cio.bund.de *.newsletter2go.com   medien.bmi.bund.de; frame-ancestors 'self' *.prod.gsb.bmi.in.bund.de; upgrade-insecure-requests; 1
child-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team ; connect-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team  wss://coapi.myoffice.team data:; default-src 'none'; font-src 'self' data: cdn.myoffice.team; frame-ancestors auth.myoffice.team cdn.myoffice.team docs.myoffice.team files.myoffice.team links.myoffice.team mail.myoffice.team; frame-src 'self' blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team  im.ncloudtech.ru; img-src 'self' data: blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team ; media-src 'self' blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team ; object-src 'self' blob: coapi.myoffice.team; report-uri https://coapi.myoffice.team/csp-report; script-src 'self' 'unsafe-eval' cdn.myoffice.team; style-src 'self' 'unsafe-inline' cdn.myoffice.team 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1
default-src 'self' ; script-src 'self' 1
default-src 'self'; script-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; style-src * 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src *; 1
script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com connect.facebook.net cdnjs.cloudflare.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net translate.google.com translate.googleapis.com www.google.com www.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net www.gstatic.com; img-src 'self' data: cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net fonts.gstatic.com www.gstatic.com www.google.com; media-src 'none'; frame-src 'none'; font-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net netdna.bootstrapcdn.com; connect-src 'self' translate.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.googlesyndication.com *.google.co.il *.rlcdn.com *.twitter.com *.google.co.th *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' app.hubspot.com *.hs-sites.com fast.wistia.net fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com adservice.googlesyndication.com www.google.co.uk connect.facebook.net px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.google.de *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src 'self' 'unsafe-inline' data: 'unsafe-hashes' sha256-8mtE2lezrJT4S67cW4pWVhz/pwoK7b8USlyAQAIxkMk= sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ= *.manodaktaras.lt *.manodaktaras.local *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.lt *.ampproject.org *.googleapis.com omnisnippet1.com *.gemius.pl *.soundestlink.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.quickblox.com wss://chat.quickblox.com:5291 *.facebook.net *.facebook.com *.google-analytics.com *.jsdelivr.net *.sentry-cdn.com *.ingest.sentry.io *.cookielaw.org *.onetrust.com *.onetrust.io *.youtube.com media.twiliocdn.com *.twilio.com wss://*.twilio.com optanon.blob.core.windows.net klinikoms.manodaktaras.lt klinikoms.manodaktaras.local:8890; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1
default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://s.yimg.jp https://fonts.gstatic.com https://*.impact-ad.jp https://*.im-apps.net https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://*.impact-ad.jp https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
base-uri 'none';connect-src 'self'  *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com;worker-src 'self'; 1
default-src 'self'; img-src 'self' https: data:; font-src 'self' https:; script-src 'unsafe-inline' https:; object-src 'none'; frame-ancestors https: http://localhost:4200; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; frame-src 'self' https://www.google.com https://kleos2.wolterskluwer.com https://kleosapp.com https://qa2eu.kleosapp.com https://qaeu.kleosapp.com https://staging.kleosapp.com https://eu.kleosapp.com http://landing.kleos.wolterskluwer.com https://landing-kleos.wolterskluwer.com https://www.wkf.fr http://www.nj.se/kleos http://www.kleossupport.be http://avvocatiliberi.it/kleos http://www.wk-logiciels.fr https://info.wolterskluwer.com https://pagelogin.avvocatiliberi.it https://demologinpage.labonext.com https://comm.lopcloud.com/; 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com https://mainnet.infura.io https://kovan.infura.io/ https://*.binance.org https://*.binance.org:8545 https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc-mumbai.maticvigil.com https://forno.celo.org https://alfajores-forno.celo-testnet.org https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://testnet.omni.network https://sepolia-rollup.arbitrum.io https://arb1.arbitrum.io https://*.base.org https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com https://api.web3modal.com wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://rpc.ankr.com https://cloudflare-eth.com/ https://*.polkastarter.com https://*.cookie3.co https://*.mode.network;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' https://*.polkastarter.com;frame-ancestors 'none';frame-src https://verify.synaps.io/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live;img-src 'self' blob: data: https://*.polkastarter.com https://registry.walletconnect.com https://img.youtube.com https://*.google-analytics.com https://explorer-api.walletconnect.com https://vercel.com/ https://api.web3modal.com https://token-icons.s3.amazonaws.com;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com  ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: https://events.click-around.systems/ https://ictp-trst-001.westeurope.cloudapp.azure.com/matomo/ https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com 1
block-all-mixed-content; upgrade-insecure-requests 1
object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-80Dfq0bYwcYgQ4htwI4mJg=='; style-src 'self' *.cloudflare.com 'unsafe-inline' 'nonce-80Dfq0bYwcYgQ4htwI4mJg=='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self'; img-src 'self' 1
allow *; options inline-script eval-script; frame-ancestors 'self'; 1
font-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://app.termly.io https://frontend.id-visitors.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://*.6sc.co/; img-src 'self' data: blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://*.gravatar.com https://*.6sc.co/ https://www.google.com/; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; form-action 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.google-analytics.com www2.theticketfactory.com connect.facebook.net *.facebook.com https://fbanalytics.theticketfactory.com ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net *.googleadservices.com *.google.co.uk *.google.com s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.tiktok.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; object-src data: 'unsafe-eval' 'self' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.queue-it.net cookiesuksouth.blob.core.windows.net https://*.hotjar.com; img-src 'self' 'self' data: www.awin1.com https://*.hotjar.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com bat.bing.com https://clarity.microsoft.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net *.facebook.com theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.tiktok.com *.twitter.com *.googleadservices.com *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 d16fk4ms6rqz1v.cloudfront.net applepay.cdn-apple.com *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com applepay.cdn-apple.com https://*.hotjar.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk connect.facebook.net ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com d16fk4ms6rqz1v.cloudfront.net gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *;.rienergy.com; 1
frame-ancestors https://*.nywerk.de https://*.test https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-d7QdGFu0mSSACo8fJgUV1sbfCzA2QTQz' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online  https://ecommerctst.tatasteel.online  https://ecmc01qa.tatasteel.online  https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online  https://local.tatacwr.com/CWR/docroot/; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://snap.licdn.com https://cdnjs.cloudflare.com https://*.linkedin.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.clarity.ms https://connect.facebook.net https://*.googlesyndication.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; img-src 'self' data: *; frame-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.google.com https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.googlesyndication.com https://*.linkedin.com https://googleads.g.doubleclick.net; report-uri /report-csp-violation 1
report-to 'self' ; child-src 'self' ; connect-src 'self' ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com wss: *.litix.io *.wistia.com *.hubspot.com *.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com wss://ws40.hotjar.com content.hotjar.io *.hotjar.com www.trumba.com forms.hsforms.com *.s3.amazonaws.com cdn.linkedin.oribi.io geolocation.onetrust.com cookie-cdn.cookiepro.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.nitrocdn.com *.getnitropack.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.vwo.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com  fonts.gstatic.com cdn.jsdelivr.net *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self'  'unsafe-inline'  'unsafe-eval' forms.hsforms.com; frame-src 'self' app.hubspot.com ppd.turtl.co *.twitter.com forms.hsforms.com player.vimeo.com biz.mosio.com www.buzzsprout.com vars.hotjar.com static.addtoany.com players.brightcove.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.nitrocdn.com nitroscripts.com blob: www.google.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.vwo.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' cgtkiosk.immersive.tf; img-src 'self' assets.turtl.co syndication.twitter.com *.wistia.com no-cache.hubspot.com i.vimeocdn.com cf-images.us-east-1.prod.boltdns.net metrics.brightcove.com *.dialogtech.com *.kickfire.com www.trumba.com *.hsforms.com www.linkedin.com p.adsymptotic.com track.hubspot.com *.ads.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.nitrocdn.com  ts.w.org s.w.org ps.w.org nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  'unsafe-inline'  'unsafe-eval' blob: *.wistia.com s.w.org manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net ; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' blob: ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.nitrocdn.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.vwo.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' blob: ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.nitrocdn.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.vwo.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' *.nitrocdn.com *.nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com; style-src 'self'  'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.nitrocdn.com  cdn.jsdelivr.net nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.vwo.com *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.nitrocdn.com  cdn.jsdelivr.net nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.vwo.com *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' *.nitrocdn.com *.nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com; worker-src 'self'  'unsafe-inline'  'unsafe-eval' blob: *.visualwebsiteoptimizer.com ;  upgrade-insecure-requests; 1
: default-src 'self' 1
default-src 'self' blob: data: https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://app.pendo.io https://cdn.pendo.io https://data.pendo.io https://pendo-op-static.storage.googleapis.com https://pendo-static-5741583443689472.storage.googleapis.com https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://us01ccistatic.zoom.us https://us01campaign.zoom.us https://us01apizva.zoom.us https://file.zoom.us wss://zpns.zoom.us https://file-paa.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enveruswyupccs.dataplane.rudderstack.com https://fast.appcues.com 'unsafe-eval' 'unsafe-inline'; font-src 'self' blob: data: https://cdn.skypack.dev https://cdn.jsdelivr.net; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com app.pendo.io data.pendo.example.com collector-PXmAgoUgH1.px-cloud.net collector-PXmAgoUgH1.px-cdn.net collector-PXmAgoUgH1.pxchk.net 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com wjrmdnw.pa-cd.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'nonce-8a4ee07f84f6499daab148ce59dc9193' 'unsafe-eval' https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://ruler.nyltx.com/ https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com ;connect-src 'self' https://docs.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://*.acsbapp.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com https: data:;style-src 'self' 'unsafe-inline'  https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com data:;font-src 'self' static.tacdn.com *.gstatic.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
object-src 'none'; frame-ancestors *; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com; upgrade-insecure-requests 1
default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com  ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io imgsct.cookiebot.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net  collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com  data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com  *.analytics.google.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-gLMpaHedPM+RqZEq23PGUA=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://polyfill.io *.google.com *.google.ad *.google.al *.google.am *.google.as *.google.at   *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch  *.google.ci *.google.cl *.google.cm *.google.cn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm  *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq  *.google.is *.google.it *.google.je *.google.jo *.google.ki *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net https://maps.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.google.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://snap.licdn.com https://polyfill.io/v3 https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' *.pumps.circor.com *.youtube.com https://js.stripe.com https://consentcdn.cookiebot.com *.doubleclick.net *.google.com; child-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; connect-src 'self' https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu https://px.ads.linkedin.com wss://ws.hotjar.com https://content.hotjar.io https://www.google.com https://*.google-analytics.com https://metrics.hotjar.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.analytics.google.com https://maps.googleapis.com; report-uri /report-csp-violation 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob:;img-src * data: blob:;font-src * data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
frame-ancestors 'self'; default-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; img-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; font-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de; 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
default-src 'self'; \
        script-src 'self' https://ssl.google-analytics.com; \
        img-src 'self' https://ssl.google-analytics.com 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=vJbf2opEeP9llDicCxBsRo6AhhsNuVlP32pSqOQL%2FFDL94JVrbT5R4PmkqOVA19qiUaWXBCbqVMtafqNFAYVWw%3D%3D; 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-1f7e12f274507bcbbba03eac1e468c20' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-1f7e12f274507bcbbba03eac1e468c20' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://webmessaging.usw2.pure.cloud/v1 wss://cobrowse-v2.usw2.pure.cloud; 1
frame-ancestors https://goloadup.com 1
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1
base-uri 'self'; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com https://www.google.com/; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com https://www.google.com/; connect-src fonts.googleapis.com fonts.gstatic.com global.sitesearch360.com ict.infinity-tracking.net insights.sitesearch360.com 'self' *.feefo.com *.google.com *.onetrust.com *.paragonbankinggroup.co.uk *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' cdn.sitesearch360.com cdn-ukwest.onetrust.com ict.infinity-tracking.net snap.licdn.com unpkg.com widget.trustpilot.com *.doubleclick.net *.feefo.com *.paragonbankinggroup.co.uk *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com fonts.googleapis.com register.feefo.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.surveymonkey.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=QQJooqpJu%2F5BQJXe9T4qCqsp5OewYQW2tek6Ui5J9E0JP1aq8ysE7Q42vL%2F%2BSibs2za4nRmQ4nCSoOF%2FqFulVQ%3D%3D; 1
default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
script-src 'self'; frame-ancestors 'self'; img-src 'self'; font-src 'self' 1
frame-ancestors 'self' localhost:* *.tason.com 1
default-src 'self' *.gstatic.com;       style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;       script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.google-analytics.com *.googleapis.com www.google.com         data: *.gstatic.com *.googleapis.com *.ggpht.com;       img-src 'self' www.googletagmanager.com www.google-analytics.com *.googleapis.com         data: *.gstatic.com *.googleapis.com *.ggpht.com;       connect-src 'self' www.google-analytics.com *.googleapis.com;       frame-src 'self' www.google.com; 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org data: https://shop.bzga.de/; img-src 'self' data: https://i.ytimg.com https://cdn.ckeditor.com/ https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://ssl.p.jwpcdn.com/; script-src 'self' 'unsafe-inline' https://s.ytimg.com/ https://www.liebesleben.de/typo3conf/ext/theme/Resources/Public/Bower/vue/dist/vue.min.js https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://cdn.ckeditor.com/; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-W6X9PZxsocburMvz6jK5Y2HglX58sqEM' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 1
frame-ancestors 'self' insights.hotjar.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://*.spotify.com https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at wss://*.onlim.com https://*.googleapis.com https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com https://*.onlim.com; media-src https://* 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ wss://api.staging.abchosting.org/ https://*.facebook.net https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure https://identitytoolkit.googleapis.com; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to https://fonts.googleapis.com; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com https://mintme.firebaseapp.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-vOd2U1uAGXZaCfZqhBCytQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://sentry.io https://*.ingest.sentry.io https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://*.hotjar.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://staticcdn.co.nz https://*.vimeo.com/ https://*.powerbi.com/ https://powerbi.com/; img-src 'self' https://*.google-analytics.com https://shielded.co.nz https://staticcdn.co.nz https://*.vimeo.com/ https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com blob: data:; media-src https://*.vimeocdn.com/; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://googleads.g.doubleclick.net https://*.gstatic.com https://static.doubleclick.net https://polyfill.io https://staticcdn.co.nz/ https://browser.sentry-cdn.com https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; style-src 'self' https://hello.myfonts.net https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6521288/security/?sentry_key=a79b5568564347a2937890e4932796e3&sentry_environment=live; upgrade-insecure-requests 1
frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 1
report-uri https://o1077175.ingest.sentry.io/api/4505885719068672/security/?sentry_key=b6aebb41fe8678c142fa73198318922f 1
default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://embed.podcasts.apple.com https://w.soundcloud.com https://playlist.megaphone.fm; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'nonce-fWlzEsX3db7h6Fv5OUKIoQ=='; style-src 'self' 'unsafe-inline' 1
frame-ancestors *; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com customlocation.here.com; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; img-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; object-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; frame-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; 1
default-src 'self'; frame-src youtube.com https://www.youtube.com https://www.youtu.be; 1
default-src 'self' fonts.gstatic.com themes.googleusercontent.com www.google-analytics.com www.googletagmanager.com https://analytics.google.com stats.g.doubleclick.net data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors DENY 1
frame-ancestors 'self' www.abaxis.com; report-uri /report-csp-violation 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it  mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1
default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com *.smartlook.cloud *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com *.smartlook.cloud https://googleads.g.doubleclick.net *.gstatic.com *.clarity.ms;form-action 'self';frame-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.clarity.ms *.ytimg.com *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com *.smartlook.cloud *.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.gstatic.com 1
connect-src 'self' *.fefundinfo.com *.fundinfo.com; font-src 'self' https://fonts.gstatic.com/ *.cloudflare.com; frame-src 'self' *.fundinfo.com *.fefundinfo.com edge-cdn.net *.google.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.gstatic.com *.fundinfo.com *.google.com *.jquery.com *.fefundinfo.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.fundinfo.com *.fefundinfo.com *.feprecisionplus.com https://fonts.googleapis.com/ 'unsafe-inline'; 1
frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.trustlogo.com https://trustlogo.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:  *.trustlogo.com; media-src 'self'; frame-src 'self' *.google.com; font-src 'self'; connect-src 'self'; report-uri /csp-report.php 1
default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-+gGDDEQhmasuQX0zcRLrBw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-87516faa492466db1de25489605682f5' 'nonce-206f69e1d5764325a0b224154890fd98' 'nonce-9b8a6a68501a540d4a30705fbf938981' 'nonce-fb4d3bef5ad7eb4eb65d56d235080e1d' 'nonce-08df7d2fef4763e148d2530e124ca545' 'nonce-82fa2a7a14d995dcc476c1ba021000f0' 'nonce-cce7737a22c5cea33cfa6deb770d0b50' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-87516faa492466db1de25489605682f5' 'nonce-206f69e1d5764325a0b224154890fd98' 'nonce-9b8a6a68501a540d4a30705fbf938981' 'nonce-fb4d3bef5ad7eb4eb65d56d235080e1d' 'nonce-08df7d2fef4763e148d2530e124ca545' 'nonce-82fa2a7a14d995dcc476c1ba021000f0' 'nonce-cce7737a22c5cea33cfa6deb770d0b50' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org *.googlesyndication.com https://storage.googleapis.com *.googletagmanager.com *.bootstrapcdn.com *.cloudflare.com https://cdnjs.cloudflare.com *.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com *.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ *.youtube.com/ https://snap.licdn.com/ *.google-analytics.com *.doubleclick.net *.google.com *.linkedin.com *.instagram.com *.newrelic.com *.evidon.com *.nr-data.net; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net https://www.clarity.ms; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://yoast.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://cdn.jsdelivr.net/npm/webfontloader@1.6.28/webfontloader.min.js https://oss.maxcdn.com/webfontloader/1.5.21/webfontloader.js https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ https://developers.google.com https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://prod-druid-apc.azureedge.net/druid_webchat.js https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://optimize.google.com https://s.yimg.com/wi/ytc.js https://sp.analytics.yahoo.com https://*.hotjar.com https://prod-druid-apc.azureedge.net/druid_webchat_modules.js *.qualtrics.com https://cdn.jsdelivr.net:* https://unpkg.com:* https://p.teads.tv/teads-fellow.js *.adform.net:* *.hicloud.com:*; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ https://cdn.rawgit.com https://cdnjs.cloudflare.com/ajax/libs/ https://*.hotjar.com https://prod-druid-apc.azureedge.net/druid_webchat.css https://tagmanager.google.com https://optimize.google.com https://otpdev.druidplatform.com https://cdn.jsdelivr.net:*; img-src 'self' data: https://s.w.org https://stats.g.doubleclick.net https://www.google-analytics.com https://media.licdn.com https://secure.gravatar.com https://fonts.gstatic.com https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://ssl.gstatic.com https://www.gstatic.com https://cdn.rawgit.com https://raw.githubusercontent.com https://druiddemo18533.blob.core.windows.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ro https://www.facebook.com/tr/ https://optimize.google.com https://www.otpbank.ro/sites/default/files/assets/images/octavian-avatar-2.png https://www.otpbank.ro/sites/default/files/assets/images/OTP-24-2x.png https://www.otpbank.ro/sites/default/files/assets/images/OTP-Octavian2.png https://*.hotjar.com https://*.doubleclick.net https://fra1.qualtrics.com https://siteintercept.qualtrics.com *.google-analytics.com *.analytics.google.com *.teads.tv:*; media-src 'self' data:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.facebook.com https://s-static.ak.facebook.com https://media.licdn.com https://bid.g.doubleclick.net https://4884242.fls.doubleclick.net/ https://optimize.google.com https://vars.hotjar.com/ https://web.facebook.com/ *.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com  https://themes.googleusercontent.com https://themes.googleusercontent.com https://*.hotjar.com; connect-src 'self' https://yoast.com https://otp.druidplatform.com/api/ https://directline.botframework.com https://directline.botframework.com/ https://directline.botframework.com/v3/directline/conversations/ https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://www.google.com/pagead/ https://s.yimg.com/ https://stats.g.doubleclick.net/ https://prod-druid-api.azurewebsites.net/api/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://siteintercept.qualtrics.com *.google-analytics.com *.analytics.google.com https://maps.googleapis.com:* https://cm.teads.tv:* *.teads.tv:*; upgrade-insecure-requests 1
frame-ancestors https://*.estratraining.it 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
default-src 'self'; \
    script-src 'self' https://ajax.googleapis.com; \
    img-src 'self' https://ssl.google-analytics.com 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://smart-ip.net; connect-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' blob: *.hellowork.com *.zdassets.com *.zendesk.com *.zopim.com https://zendesk-eu.my.sentry.io *.dev-hellowork.com wss:;script-src 'self' *.hellowork.com 'wasm-unsafe-eval' *.zdassets.com *.zendesk.com *.zopim.com https://zendesk-eu.my.sentry.io https://cdn.jsdelivr.net/npm/ 'nonce-ae1oaa5DlCP8iItFfYJzyA==' *.dev-hellowork.com;style-src 'self' 'unsafe-inline' blob: *.hellowork.com *.zdassets.com *.zendesk.com *.zopim.com https://zendesk-eu.my.sentry.io *.dev-hellowork.com;worker-src blob:;connect-src *;child-src blob:;object-src 'none';frame-ancestors 'self' https://compte.hellowork.com;upgrade-insecure-requests;block-all-mixed-content; base-uri 'self'; 1
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-4a345bbc82d20df0b9ed8a5ef3343cb1' 'nonce-4e30e2d37122fda8728020af7bfbcf9c' 'nonce-b1b004fb49850a3cd38d4c54cd8034b6' 'nonce-e09d6b58283df6fd395adcfbce13a11e' 'nonce-207394d7c53d99fa8ae49201c45d771a' 'nonce-f8660af90f9ce02754c55abeec87461e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-4a345bbc82d20df0b9ed8a5ef3343cb1' 'nonce-4e30e2d37122fda8728020af7bfbcf9c' 'nonce-b1b004fb49850a3cd38d4c54cd8034b6' 'nonce-e09d6b58283df6fd395adcfbce13a11e' 'nonce-207394d7c53d99fa8ae49201c45d771a' 'nonce-f8660af90f9ce02754c55abeec87461e' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-2b3a5aced53be18b46ae4889d1a86af2' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none' 1
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com;	font-src 'self' fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' connect.facebook.net itunes.apple.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com ajax.googleapis.com s.ytimg.com; connect-src 'self' webadmin.heartline.com admin.heartline.com backend.heartline.com pascal-prod.evidation.com pascal-beta.evidation.com pascal.evidation.com stats.g.doubleclick.net www.google-analytics.com evidation-pascal.zendesk.com www.ups.com itunes.apple.com  www.facebook.com; img-src 'unsafe-inline' 'self' www.facebook.com www.google.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com assets.prod.heartline.com i.ytimg.com data:; media-src 'self' assets.prod.heartline.com www.youtube.com i.ytimg.com;  frame-src 'self' assets.prod.heartline.com www.youtube.com; 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.campaign.playable.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://objects.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://story.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; upgrade-insecure-requests 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-8IFKZDhhpiTISN+5Zjckj2GGkOsGkKUUowOE0neCY7c=' 1
frame-ancestors self; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com secure.payzen.eu maps.googleapis.com *.paypal.com *.algolia.net *.algolianet.com *.bing.com *.facebook.net www.googletagmanager.com *.mgtmod01.com *.magnetis.io *.modulecall.fr www.gstatic.com googleads.g.doubleclick.net www.google.fr *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinterest.com *.pinimg.com;frame-src 'self' secure.payzen.eu www.youtube.com maps.googleapis.com *.paypal.com secure.ogone.com ogone.test.v-psp.com *.openstreetmap.org *.facebook.com *.youtube-nocookie.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr widget.eu.criteo.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com *.gstatic.com placehold.it https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr stats.g.doubleclick.net *.youtube-nocookie.com *.ytimg.com googleads.g.doubleclick.net secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.criteo.com e1.emxdgt.com cm.g.doubleclick.net rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com www.googletagmanager.com *.yahoo.net *.postrelease.com *.pinterest.com *.pinimg.com;font-src 'self' fonts.gstatic.com data: cdn.linearicons.com;connect-src 'self' *.paypal.com *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com *.magnetis.io *.modulecall.fr noembed.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net *.criteo.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.analytics.google.com *.google-analytics.com *.googlesyndication.com;base-uri 'self' 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl; frame-ancestors 'self' *.ufg.pl; 1
frame-ancestors http://*.viewlift.com 1
frame-ancestors 'self' https://appwizzy.com 1
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 http://127.0.0.1:3000 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de https://staging.bptk.de https://staging-api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1
worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1
report-to 'self' ; child-src 'self' blob: ; connect-src 'self' *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' blob: *.crazyegg.com *.constantcontact.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src 'self' tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.medtronic.com; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; worker-src 'self' blob: ;  upgrade-insecure-requests; 1
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-1ec686359d6648b118b66ce45153e276' 'nonce-d8dc052f88e130b71c55492ed9c0dfc4' 'nonce-7f0e0cacd92757b87cf72e511d7d63be' 'nonce-800456a5f10f7001b267114e3355586c' 'nonce-53034f0df5fdbd9d34d511e290b9de83' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-1ec686359d6648b118b66ce45153e276' 'nonce-d8dc052f88e130b71c55492ed9c0dfc4' 'nonce-7f0e0cacd92757b87cf72e511d7d63be' 'nonce-800456a5f10f7001b267114e3355586c' 'nonce-53034f0df5fdbd9d34d511e290b9de83' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; \
        script-src 'self' https://ajax.googleapis.com; \
        img-src 'self' https://ssl.google-analytics.com 1
script-src 'self' *.wp.com *.onrocket.site *.agentadvice.com *.amazonaws.com *.clickmeter.com *.abrankings.com *.omappapi.com *.jivosite.com *.stripe.com *.continual.ly *.google.com *.gstatic.com googleads.g.doubleclick.net googleads.g.doubleclick.ne www.google-analytics.com www.googletagmanager.com www.googleadservices.com ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com www.youtube.com s.ytimg.com *.typeform.com *.amazonaws.com *.ladesk.com *.livechatinc.com *.visualwebsiteoptimizer.com *.vwo.com *.tiktok.com *.facebook.com *.facebook.net 'unsafe-inline'; 1
block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tag.aticdn.net 1
upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1
default-src https: 'unsafe-inline' 1
img-src ; media-src  data:; 1
default-src charlesstanley.sjv.io utt.impactcdn.com *.responsetap.com *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; script-src utt.impactcdn.com *.googleapis.com *.responsetap.com *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; connect-src 'self' charlesstanley.sjv.io *.google-analytics.com *.onetrust.com wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com https://bat.bing.com/; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com https://bat.bing.com/ * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; https://whitelabel.2u.com; 1
default-src 'none'; font-src 'self' *.gstatic.com *.tiny.cloud; frame-src 'self' *.youtube.com *.google.com *.vimeo.com vimeo.com staticcdn.co.nz; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.tiny.cloud; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: google.com gstatic.com *.google-analytics.com *.googleapis.com ajax.googleapis.com *.googletagmanager.com cdn.tiny.cloud www.civildefence.govt.nz civildefence.govt.nz staticcdn.co.nz; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.tiny.cloud staticcdn.co.nz; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com placehold.it *.tiny.cloud *.tinymce.com *.googletagmanager.com *.placeholder.com shielded.co.nz *.google.com *.google.co.nz; 1
base-uri 'self'; child-src 'self'; frame-src 'self'; connect-src 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=XvruOHhKEvD5CD79lJ5cHr8SlzHfMQPP8arqHONz0pYJmsha3e8gjAJhVCCm%2BYKhfd5hHR48wbkIuSiajbGzWA%3D%3D; 1
frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1
frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1
frame-ancestors https://teams.microsoft.com *.microsoft.com *.live.com *.outlook.com *.office365.com *.office.com 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sdk.privacy-center.org https://api.privacy-center.org https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' data: https://www.fasad.eu https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' data: ; frame-src 'self' data: ; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-pjzcpkz5FcCgXULYnvKdRg=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com 'unsafe-inline' 'nonce-pjzcpkz5FcCgXULYnvKdRg=='; report-uri /csp/report 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
frame-ancestors *; 1
report-to 'self' ; child-src 'self'  'unsafe-inline' self; connect-src 'self'  'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self'  'unsafe-inline'  self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  'unsafe-inline'  self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  'unsafe-inline'  blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.san.com *.go-vip.net *.doubleclick.net *.cookiebot.com *.googleapis.com *.googletagmanager.com *.wp.com *.parsely.com *.brightcove.net *.brightcove.com *.zencdn.net *.gstatic.com *.newrelic.com *.surveycarrot.com *.googlesyndication.com *.googletagservices.com *.dwcdn.net *.jsdelivr.net *.appboycdn.com *.twitter.com *.x.com *.instagram.com *.facebook.net *.facebook.com *.google.com *.tiktok.com *.tiktokcdn-us.com *.mouseflow.com *.typeform.com *.sparkloop.app; img-src * data:; font-src * data:; connect-src *; worker-src * blob:; media-src * blob:; frame-src 'self' san.com *.san.com san-maps.vercel.app *.google.com *.wp.com *.cookiebot.com *.twitter.com *.x.com *.youtube.com *.instagram.com *.facebook.net *.facebook.com *.g.doubleclick.net *.googlesyndication.com *.safeframe.googlesyndication.com *.tiktok.com *.typeform.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.alperia.eu *.tawk.to *.google.hr *.hotjar.com a.twiago.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.outbrain.com *.microad.jp *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.zenaps.com onetag-sys.com *.onetag-sys.com *.doubleclick.net *.googleadservices.com *.dwin1.com *.gstatic.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.facebook.net *.dynatrace.com *.tawk.to *.cloudflare.com *.newrelic.com *.trustpilot.com *.bootstrapcdn.com *.jsdelivr.net *.google-analytics.com *.nr-data.net *.google.com *.googleapis.com *.tagcommander.com *.etermin.net *.unpkg.com unpkg.com *.aklamio.com *.tradedoubler.com *.smct.io *.smct.co *.retargeted.co *.google.hr *.hosting-suite.it *.smct.co smct.co *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.rfihub.net  *.retargeted.co api.commander1.com *.trustcommander.net static.addtoany.com *.clarity.ms clarity.ms snap.licdn.com  *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com *.fido.id *.trustfull.com *.policies.google.com ; style-src 'self' 'unsafe-inline' *.tawk.to *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.smct.io *.smct.co *.hosting-suite.it; img-src 'self' *.thebrighttag.com *.krxd.net id5-sync.com *.demdex.net *.microad.jp *.adscale.de *.ants.vn *.atdmt.com *.smartclip.net *.clmbtech.com *.zenaps.com *.onetag-cdn.com *.facebook.com *.tagcommander.com *.facebook.net *.commander.com *.google *.dwin1.com *.bing.com *.googletagmanager.com *.alperia.eu *.linkedin.com *.google-analytics.com *.tawk.to *.doubleclick.net *.sciencebehindecommerce.com *.google.com *.google.it *.gstatic.com *.googleapis.com data: *.aklamio.com *.alperiagroup.eu *.smct.io *.smct.co *.commander1.com *.outbrain.com *.smartadserver.com *.yahoo.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.3lift.com *.media.com *.sharethrough.com *.omnitagjs.com *.stickyadstv.com *.advertising.com *.ivitrack.com *.liadm.com *.smaato.net *.mgid.com *.yieldmo.com *.adnxs.com *.criteo.com *.openx.net *.omnitagis.com *.mediavine.com *.media.net *.rlcdn.com *.rfihub.com *.tremorhub.com *.dmxleo.com *.rubiconproject.com *.socdm.com ad.yieldlab.net x.bidswitch.net  *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com *.fido.id *.trustfull.com *.policies.google.com *.aklamio.com; media-src 'self' *.tawk.to ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; font-src 'self' 'unsafe-inline' *.tawk.to *.google.com *.gstatic.com data: *.googleusercontent.com *.hotjar.com; connect-src 'self' data: *.gstatic.com *.google.de *.zenaps.com *.google.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.tawk.to *.nr-data.net wss://*.tawk.to *.dynatrace.com *.alperiaenergy.eu *.amazonaws.com *.google-analytics.com *.doubleclick.net *.alperiagroup.eu *.commander1.com *.google.hr *.smct.co *.smct.io *.googleapis.com *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.hotjar.io *.rfihub.net *.retargeted.co *.trustcommander.net *.hotjar.com wss://*.hotjar.com cdn.tagcommander.com *.google.it google.it *.clarity.ms clarity.ms *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.addtoany.com *.pagead2.googlesyndication.com *.googlesyndication.com *.aklamio.com; report-uri /report-csp-violation 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com usercentrics.eu  data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
frame-ancestors 'self' decisely.com *.decisely.com 1
default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ 'nonce-171328712067200' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/  https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.gstatic.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json; img-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json; object-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json; frame-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com https://rmcursosmedicos.activehosted.com https://conoret.com/ https://api.ipify.org?format=json; 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' script.hotjar.com wave.outbrain.com tr.outbrain.com connect.facebook.net amplify.outbrain.com static.hotjar.com googleads.g.doubleclick.net maps.googleapis.com https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://admin.yallastore.co.il https://admin.webzie.com; 1
frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1
default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com  https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1
upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1
frame-ancestors khh.travel 'self' 1
frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1
frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1
default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/ https://e-m-l.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru https://e-m-l.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru https://e-m-l.ru blob:; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:* https://e-m-l.ru; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru; 1
frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.web2016-acc.netivity.nl https://matrabike.WEB2016-ACC.netivity.nl http://www.google.com 1
default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com apps.mypurecloud.com.au player.vimeo.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com www.google-analytics.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com staticcdn.co.nz apps.mypurecloud.com.au; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io www.googleadservices.com fls.doubleclick.net; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com webforms.optimum.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com; font-src 'self' *.googleapis.com *.gstatic.com *.acsbapp.com *.googleusercontent.com data:; connect-src 'self' * blob: *.demdex.net; base-uri 'self'; report-uri /report-csp-violation 1
script-src 'nonce-abcdefg'; data: blob:; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoll-portal.de; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
form-action 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src 'self';iframe-src 'self';child-src 'self';report-uri /Error/ContentSecurity 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
frame-ancestors 'self' google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com  https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://webvisor.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1
default-src 'self'; img-src 'self'  cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1
default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com www.youtube.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; media-src www.youtube-nocookie.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1
default-src 'self' https://*.sendpulse.com https://*.doubleclick.net https://*.datatables.net; font-src 'self' data: https://yeni.iskultur.com.tr https://*.sendpulse.com https://fonts.gstatic.com *.bootstrapcdn.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://*.wp.com; object-src 'none'; frame-ancestors 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://unpkg.com  https://*.alexametrics.com https://connect.facebook.net https://*.unpkg.com https://cdn.visitorlab.com https://rec.smartlook.com/ https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.sendpulse.com https://*.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://*.iskultur.com.tr https://*.ampproject.org https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.google-analytics.com https://*.addthis.com https://*.facebook.com https://*.twitter.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.bootstrapcdn.com https://*.wp.com https://*.gravatar.com; style-src 'self' https://*.iskultur.com.tr https://*.sendpulse.com  https://secure.gravatar.com https://*.wp.com https://cdn.jsdelivr.net https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.google.com  https://*.iskultur.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.gravatar.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.gaug.es/ https://*.googleadservices.com https://*.iskultur.com.tr https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png https://*.alexametrics.com https://*.googletagmanager.com https://*.facebook.com https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.iskultur.com.tr https://*.sendpulse.com https://*.placeholder.com https://*.doubleclick.net https://secure.gravatar.com https://www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.wp.com https://pixel.wp.com; frame-src 'self'  'unsafe-inline' 'unsafe-eval' https://td.doubleclick.net/ https://online.flippingbook.com/ https://www.facebook.com https://tpc.googlesyndication.com/ https://tpc.googlesyndication.com https://www.youtube.com https://bid.g.doubleclick.net/ https://www.youtube.com https://sanalpos.isbank.com.tr/ https://*.yandex.ru https://www.facebook.com https://*.yandex.com.tr https://*.yandex.com https://yandex.com.tr https://*.yandex.ru https://www.google-analytics.com  https://*.sendpulse.com  https://*.iskultur.com.tr https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://secure.gravatar.com https://*.wp.com; connect-src 'self' https://mc.yandex.com https://analytics.google.com https://*.doubleclick.net https://*.facebook.com https://ymetrica1.com https://*.googleapis.com https://www.google-analytics.com https://*.yandex.ru https://pushdata.sendpulse.com:4434/ https://manager.smartlook.com/ https://manager.eu.smartlook.com/ https://collect.visitorlab.com/142134579 https://cdn.ampproject.org 1
frame-ancestors https://*.smartrecruiters.com 1
urbanohio.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.tt.mbww.com *.analytics.neutrogena.com.mx *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.www.youtube.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'nonce-Pz++OqSgDUDyAQwnHngvd5DIIhA=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-FXPzZwgoYOgVdMLG' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://dev.visualwebsiteoptimizer.com  https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://app.vwo.com https://cdn.harvest.graindata.com;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/reportOnly; 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net https://*.tiktok.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://*.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net https://*.tiktok.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net https://*.tiktok.com 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://*.typenetwork.com 'unsafe-inline'; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * 'unsafe-inline'; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.smart-cloud-intelligence.com/ https://secure.smart-cloud-intelligence.com/js/ https://secure.smart-cloud-intelligence.com/Track/ https://secure.smart-cloud-intelligence.com/js/269760.js https://secure.smart-cloud-intelligence.com/Track/Capture.aspx https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/; img-src 'self' data: https://fia-tech.com https://www.paypalobjects.com/ https://www.greatplacetowork.com/images/profiles/7037816/; object-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; frame-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.calendly.com/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.list-manage.com/ https://calendly.com/ https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG https://google-analytics.com/ https://googletagmanager.com/ https://maps.google.com/ https://maps.googleapis.com/ https://platform.twitter.com/widgets.js https://s3.amazonaws.com/ https://stats.wp.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; img-src 'self' data: https://*.google-analytics.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.ytimg.com/ https://google-analytics.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://googletagmanager.com/ https://gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://pixel.wp.com/ https://translate.googleapis.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; object-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; frame-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com rpxnow.com *.rpxnow.com data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
policy-uri /'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  1
script-src 'none'; frame-ancestors 'self'; img-src 'self'; font-src 'self'; object-src 'none'; require-trusted-types-for 'script' 1
report-to 'self' ; child-src 'self' ; connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.vimeocdn.com; frame-src 'self' view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; object-src 'self' ; script-src 'self'  'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.googleapis.com *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self' ;  upgrade-insecure-requests; 1
default-src 'self' *.relay42.com *.doubleclick.net googletagmanager.com *.googlesyndication.com *.googleadservices.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com optimize.google.com gstatic.com;img-src data: 'self' *.achmea.nl *.contentsquare.net *.googlesyndication.com *.r42tag.com *.relay42.com https://www.googletagmanager.com maps.googleapis.com maps.gstatic.com optimize.google.com region1.analytics.google.com region1.google-analytics.com www.advieskeuze.nl www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com https://i.ytimg.com *.w3.org *.vimeocdn.com px.ads.linkedin.com px4.ads.linkedin.com google.be translate.google.com fonts.gstatic.com googleads.g.doubleclick.net rekentools.webbridge.nl zilverenkruis.nl;font-src data: 'self' fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.facebook.net *.googlesyndication.com api.advieskeuze.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com  www.google-analytics.com *.google.com *.doubleclick.net translate.googleapis.com;media-src 'self' *.youtube-nocookie.com player.vimeo.com www.youtube.com;object-src 'self' https://td.doubleclick.net/;child-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com optimize.google.com www.google.com player.vimeo.com t.svtrd.com td.doubleclick.net rekentools.webbridge.nl www.youtube.com https://td.doubleclick.net/ https://tpc.googlesyndication.com/;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://achmea.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my *.google.co.uk *.analytics.google.com *.googletagmanager.com; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.google.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
frame-ancestors https://members.cafepress.com  https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  cdn.jsdelivr.net unpkg.com player.vimeo.com www.vimeo.com f.vimeocdn.com static.userback.io www.google.com www.gstatic.com https://www.chipta.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com fonts.googleapis.com static.userback.io; img-src data: 'self' *.vimeocdn.com *.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.vimeo.com vimeo.com www.google.com https://iframeshop.chipta.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com https://static.userback.io; connect-src 'self' api.userback.io https://*.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com; font-src 'self' http://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
connect-src 'self' wss://*.upscope.io https://*.upscope.io https://sjmvgfnyja.execute-api.us-west-2.amazonaws.com https://mig-prod-connect-p-storg-bkt.s3.us-west-2.amazonaws.com https://d1lz30fckg5qs2.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://*.transport.connect.us-west-2.amazonaws.com https://analytics.google.com https://www.google.com https://www.google-analytics.com  https://google.com https://googleads.g.doubleclick.net https://forms.hscollectedforms.net  https://stats.g.doubleclick.net https://*.cloudfront.net https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
allow 'self' *.ceca.es; 1
default-src 'self' https://api-adresse.data.gouv.fr; block-all-mixed-content; font-src 'self' data:; frame-src 'self' blob:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.pype.tech https://bam.nr-data.net https://*.linkedin.com https://measurement-api.criteo.com https://www.google-analytics.com https://analytics.google.com https://widget-format-sbx.pype.tech https://*.launchdarkly.com https://pagead2.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://google.com https://www.facebook.com https://my.matterport.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://sslwidget.criteo.com https://static.criteo.net https://player.vimeo.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://extend.vimeocdn.com https://connect.facebook.net https://www.googleadservices.com; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1
default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://cdn.jsdelivr.net/ https://anchor.fm/ https://trustmate.io/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://cdnjs.cloudflare.com/ https://kit.fontawesome.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://geowidget-app.inpost.pl/* https://geowidget-app.inpost.pl/ https://*.vimeo.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://cdn.jsdelivr.net/ https://mateuszostrega.pl/ https://anchor.fm/ https://trustmate.io/ https://cdn.trustmate.io/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://*.inpost.pl/* https://ketocentrum.com/ https://static.przelewy24.pl/ https://*.vimeo.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://anchor.fm/ https://podcasters.spotify.com/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://*.inpost.pl/ https://geowidget-app.inpost.pl/ https://*.vimeo.com/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://anchor.fm/ https://podcasters.spotify.com/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://*.inpost.pl/ https://geowidget-app.inpost.pl/ https://*.vimeo.com/; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru  http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data:  http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1
default-src 'self'; script-src 'unsafe-inline' 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://c.clarity.ms/ https://cdnjs.cloudflare.com/ https://www.google.com/  https://www.google-analytics.com/ https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net/; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/; font-src 'self' https://pro.fontawesome.com/; frame-src https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: https://c.bing.com https://c.clarity.ms/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.co.za https://www.facebook.com; connect-src 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://j.clarity.ms/ https://c.clarity.ms/ https://analytics.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net; 1
default-src 'self' *.dehst.de 'unsafe-eval'; base-uri 'self' *.dehst.de ; style-src 'self' *.dehst.de 'unsafe-inline'; connect-src 'self' *.dehst.de *.itzbund.de; script-src 'self' *.dehst.de 'unsafe-inline' 'unsafe-eval' *.itzbund.de  www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.dehst.de multimedia.gsb.bund.de; media-src 'self' *.dehst.de multimedia.gsb.bund.de *.youtube.com; frame-src  *.dehst.de *.youtube.com; img-src 'self' *.dehst.de blob: data: piwik.itzbund.de; frame-ancestors 'self' *.dehst.de; worker-src 'self' *.dehst.de; 1
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 1
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googleapis.com *.google.com *.googletagmanager.com googletagmanager.com *.googleadservices.com *.google-analytics.com *.credit-cgi.fr ui.vivafi.fr simulateur.vivafi.fr vivafi.fr *.facebook.net js.stripe.com *.crisp.chat *.abtasty.com *.ekonsilio.io *.hotjar.com *.hotjar.io openfpcdn.io *.axept.io *.doubleclick.net *.aticdn.net *.stampyt.io;frame-src 'self' *.google.com *.googleapis.com *.credit-cgi.fr ui.vivafi.fr simulateur.vivafi.fr vivafi.fr js.stripe.com *.youtube.com *.abtasty.com *.hotjar.com *.hotjar.io *.doubleclick.net *.stampyt.io;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.ekonsilio.io *.hotjar.com *.hotjar.io *.abtasty.com googletagmanager.com *.googletagmanager.com *.stampyt.io;img-src 'self' data: blob: *.fidcar.com *.googleapis.com *.webqamapps.com *.autodisol.com *.webqam.fr *.gstatic.com *.google-analytics.com autobernard.staging.front-commerce.cloud *.google.com *.google.fr *.ekonsilio.io *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.com *.abtasty.com *.axept.io axeptio.imgix.net googletagmanager.com *.googletagmanager.com *.googlesyndication.com *.stampyt.io;font-src 'self' data: *.gstatic.com *.ekonsilio.io *.hotjar.com *.hotjar.io *.abtasty.com;connect-src 'self' *.bridged.cc *.algolia.net *.algolianet.com *.google-analytics.com *.doubleclick.net *.stampyt.fr *.googleapis.com *.facebook.net *.facebook.com *.abtasty.com *.ekonsilio.io ws.livechat.ekonsilio.io cdn.simplelocalize.io *.hotjar.com *.hotjar.io ws.hotjar.com *.sentry.io *.mixpanel.com region1.analytics.google.com wss://*.hotjar.com *.axept.io *.googlesyndication.com *.google.com *.google.fr *.xiti.com *.pa-cd.com *.stampyt.io;base-uri 'self';report-uri /csp/report 1
frame-ancestors https://www.twoa.ac.nz 1
default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com  *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self' https://*.facebook.net https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.youtube-nocookie.com https://*.youtube.com https://*.matterport.com https://snazzymaps.com https://*.snazzymaps.com; block-all-mixed-content; img-src 'self' data: https://placeholder.inventis.be https://*.ytimg.com https://*.google-analytics.com https://*.vimeocdn.com https://*.facebook.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.vimeo.com 'nonce-kw0Y9xJQVZFrhnqeote7Xg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouser.com *.google-analytics.com *.google.com *.hubapi.com *.youtube.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.crazyegg.com *.jquery.com https://js.hs-scripts.com https://api.ipify.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://googleads.g.doubleclick.net https://snap.licdn.com https://ajax.googleapis.com https://js.hsforms.net/ https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://px.ads.linkedin.com https://track.hubspot.com data:; img-src 'self' https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://track.hubspot.com data: https://microstrainstg.prod.acquia-sites.com https://www.microstrain.com *.ads.linkedin.com https://js.hsforms.net https://forms-na1.hsforms.com https://forms.hsforms.com/ https://*.ads.linkedin.com; frame-src https://www.youtube.com https://www.googletagmanager.com https://forms.hsforms.com/ https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com; frame-ancestors self https://www.google.com; font-src *.gstatic.com 'self' https://themes.googleusercontent.com; connect-src 'self' https://www.youtube.com https://ipapi.co https://microstrainstg.prod.acquia-sites.com https://api.mouser.com https://api.hubapi.com https://px.ads.linkedin.com https://forms.hubspot.com https://analytics.google.com https://code.jquery.com  *.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://maps.googleapis.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com/; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1
upgrade-insecure-requests; block-all-mixed-content 1
img-src 'self' data:; default-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.etracker.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; img-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; object-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; frame-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; img-src 'self'; script-src 'self'; 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src *.sibelga.be *.youtube.com *.youtube-nocookie.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net prod.sibelga2.marlon.be *.google.com https://playplay.com www.google.com www.gstatic.com; img-src * data:; manifest-src prod.sibelga2.marlon.be 'self'; script-src *.sibelga.be 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com *.youtube.com *.youtube-nocookie.com tagmanager.google.com https://snap.licdn.com cookie-cdn.cookiepro.com cdn.matomo.cloud *.matomo.cloud www.google.com www.gstatic.com consent.cookiebot.com; style-src prod.sibelga2.marlon.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
default-src 'self' 'unsafe-inline' wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* ;style-src * 'unsafe-inline'  https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:*; 1
frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://cdn.mxpnl.com; img-src 'self' data: https://api.adorable.io https://chart.googleapis.com https://cdn.mxpnl.com; connect-src 'self' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com wss://triggers.hawkeye.care; font-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.infotechexpress.com infotechinc.zendesk.com *.zdassets.com *.google-analytics.com *.stripe.com *.cloudflare.com *.hotjar.com wss://*.hotjar.com 1
default-src 'self' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googlesyndication.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; block-all-mixed-content; img-src 'self' data: *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googlesyndication.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; style-src 'self' 'unsafe-inline' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com 1
allow 'self' www.google-analytics.com ajax.googleapis.com; 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals ; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://mailworx.marketingsuite.info/Scripts/Captcha https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu https://code.jquery.com https://cdnjs.cloudflare.com https://mailworx.marketingsuite.info/Scripts/Captcha; object-src 'self'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha; child-src 'self' https://www.youtube.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors rextheme.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 1
frame-ancestors http://programasgratis.searchmgr.com/ 1
allow 'self' data: blob; 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com www.creativecomputerconsulting.ca *.tiktok.com *.ttwstatic.com;  1
base-uri 'none';child-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com;connect-src 'self' ws: wss: https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net http://view.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com https://*.ttwstatic.com https://*.consultationonline.co.uk;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' sarthac.gov.in 10.3.0.45 127.0.0.1 localhost www.google.com www.youtube.com 10.244.91.80 172.25.142.93 ; 1
frame-ancestors 'self' *.business.qld.gov.au 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/; img-src 'self' data: http://*; object-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/; frame-src 'self' data: https://*.paypal.com/ https://events.timely.fun https://soundcloud.com/ https://*.soundcloud.com/ https://www.facebook.com/ https://*.rte.ie/ https://*.youtube.com/ https://*.vimeo.com/ https://issuu.com/ https://*.issuu.com/; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1
default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 1
frame-ancestors https://*.posylka.de 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-JglQj6PX/c3n1AtXwhS4fkUY+TTFNX3M/x4JjovL2tY=' 'sha256-gRjb7Pg9ekg78sSAQ935jMPX8YulX2dOQYx79CdC2uE=' 'nonce-SFE7wDy/TSsDnomHoIJCYw=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gtm-wnd6vzj-yme0m.uc.r.appspot.com *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 1
default-src 'self' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self'; frame-src 'self' https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.com *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net db.onlinewebfonts.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.cdninstagram.com *.googletagmanager.com *.drift.com www.google.com *.google-analytics.com *.google.be *.g.doubleclick.net *.facebook.com *.fbcdn.net *.bing.com https://sync.outbrain.com https://secure.adnxs.com https://pixel.rubiconproject.com https://ad.360yield.com https://r.casalemedia.com https://pixel.advertising.com https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://us-u.openx.net https://ad.yieldlab.net https://simage2.pubmatic.com https://visitor.omnitagjs.com https://cm.adform.net https://sp.analytics.yahoo.com https://rtb-csync.smartadserver.com https://matching.ivitrack.com https://ib.adnxs.com https://criteo-sync.teads.tv https://tg.socdm.com https://ih.adscale.de https://x.bidswitch.net https://dis.criteo.com https://cotads.adscale.de https://match.sharethrough.com https://ads.stickyadstv.com https://contextual.media.net https://cdn.stickyadstv.com https://i.imgur.com/ terrebleue.com https://c.clarity.ms https://sync-t1.taboola.com https://s.ad.smaato.net https://ups.analytics.yahoo.com https://insight.adsrvr.org *.criteo.com id5-sync.com *.mediavine.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com dpm.demdex.net beacon.krxd.net s.thebrighttag.com https://vumbnail.com/ *.emxdgt.com https://ct.pinterest.com/v3/* *.pinterest.com jadserve.postrelease.com *.yahoo.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com js.driftt.com http://player.vimeo.com/* https://player.vimeo.com/api/player.js *.vimeo.com *.getflowbox.com *.drift.com *.googletagmanager.com *.api.driftt.com data: *.googleadservices.com *.hotjar.com *.google-analytics.com *.g.doubleclick.net connect.facebook.net tagmanager.google.com criteo.net static.criteo.net *.criteo.com bat.bing.com https://www.google.com/recaptcha/api.js *.gstatic.com https://matomo-37c3d2d32108.victhorious.com https://www.google.com/pagead/conversion_async.js https://trackcmp.net prism.app-us1.com diffuser-cdn.app-us1.com https://js.adsrvr.org *.clarity.ms https://insight.adsrvr.org cdn.cookiehub.eu https://s.pinimg.com/ct/* https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.c22402a2.js *.pinimg.com *.pinterest.com tglyr.co;style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net tagmanager.google.com terrebleue.com googletagmanager.com cdn.cookiehub.eu db.onlinewebfonts.com;report-uri /nelmio/csp/report;connect-src cdn.plyr.io *.amazonaws.com *.uat.dukeandgrace.site *.hotjar.com *.terrebleue.com wss://ws2.hotjar.com/api/v1/client/ws *.criteo.com *.dukeandgrace.site *.g.doubleclick.net *.google-analytics.com *.clarity.ms wss://*.hotjar.com insight.adsrvr.org maps.googleapis.com bat.bing.com region1.analytics.google.com consent-eu.cookiehub.net content.hotjar.io *.googlesyndication.com *.pinterest.com *.google.be *.google.com tglyr.co;frame-src www.youtube.com *.vimeo.com js.driftt.com www.vimeo.com *.vimeo.com *.g.doubleclick.net *.hotjar.com *.criteo.com *.facebook.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org *.pinterest.com *.doubleclick.net;media-src *.cdninstagram.com *.fbcdn.net *.akamaized.net *.vimeo.com 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com; font-src 'self'; frame-src *.tradetracker.net; img-src 'self' data: unpkg.com api.mapbox.com code.jquery.com *.buienradar.nl *.datatables.net *.google-analytics.com *.tradetracker.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com cdn.ckeditor.com code.jquery.com *.datatables.net *.fontawesome.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' code.jquery.com unpkg.com *.datatables.net *.tradetracker.net; upgrade-insecure-requests 1
base-uri 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;child-src 'none';connect-src 'self' *.backblazeb2.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com search.redballoon.work analytics.redballoon.work api.honeybadger.io secure.safewebservices.com aorta.clickagy.com hemsync.clickagy.com;default-src 'self';font-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com fonts.gstatic.com;form-action 'self';frame-ancestors www.youtube.com;frame-src hemsync.clickagy.com www.youtube.com player.vimeo.com www.youtube-nocookie.com calendly.com iframe.cloudflarestream.com secure.safewebservices.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;img-src 'self' blob: assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data:;manifest-src 'self';media-src 'self';object-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;script-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com www.youtube.com embed.cloudflarestream.com analytics.redballoon.work secure.safewebservices.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com;style-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: fonts.googleapis.com secure.safewebservices.com 'unsafe-inline';worker-src 'self'; 1
default-src 'self' *.region1.google-analytics.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://api2.abtasty.com try.abtasty.com *.region1.google-analytics.com *.analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gstatic.com z.moatads.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gtm.js wss://*.bing.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://comptoir.jobs.beetween.com; img-src 'self' https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.google.com editor-assets.abtasty.com *.contentsquare.net https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com data: *; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr https://qa-assistant.abtasty.com try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://bid.g.doubleclick.net https://qa-assistant.abtasty.com csxd.comptoirdesvoyages.fr *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com; object-src 'none' 1
'self' www.aksandik.org 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://asistenciawebv2-dev.grupokonecta.co:5005 https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com https://ajax.googleapis.com https://fast.appcues.com https://code.jquery.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.datagran.io https://static.hotjar.com https://script.hotjar.com https://api.ipify.org; style-src 'unsafe-hashes' 'unsafe-inline' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://asistenciawebv2-dev.grupokonecta.co:5005; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://csmetrics.hotjar.com wss://wsp17.hotjar.com https://content.hotjar.io https://asistenciawebv2-dev.grupokonecta.co:5005 https://asistenciawebv2.grupokonecta.co:8443 https://widget.grupokonecta.co wss://ws.hotjar.com/api/v2/client/ws https://analytics.google.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://9865914.fls.doubleclick.net https://9919689.fls.doubleclick.net https://98659149865914.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' https://ad.doubleclick.net https://asistenciawebv2.grupokonecta.co:8443 https://i.ytimg.com https://conecta.fidely.net https://tools.fidelitymkt.com https://bidagent.xad.com https://www.facebook.com https://cdn.datagran.io https://www.google.com https://www.google.com.mx https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' 1
default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com https://instapi.s3.rbx.io.cloud.ovh.net;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://maps.googleapis.com/ https://maps.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://google.com/ https://*.google.com/ https://googleadservices.com/ https://*.googleadservices.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://*.cloudflare.com/ https://cloudflare.com/ https://google.pl/ https://*.google.pl/; img-src 'self' data: https://google-analytics.com/ https://*.google-analytics.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://translate.googleapis.com/ https://*.ytimg.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://googleads.g.doubleclick.net/ https://google.com/ https://*.google.com/ https://img.youtube.com/ https://google.pl/ https://*.google.pl/; object-src 'self' data: https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/. https://google.pl/ https://*.google.pl/; frame-src 'self' data: https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/. https://google.pl/ https://*.google.pl/; 1
policy-uri /'unsafe-inline' 1
default-src 'none'; script-src 'self' https://code.jquery.com https://www.google-analytics.com; img-src 'self' https://www.google-analytics.com; connect-src 'self' https://sgo.indors.it; font-src 'self'; style-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.tt.mbww.com *.analytics.mamasalrescate.com *.tt.mbww.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1
default-src 'self' *.pagofacil.de imspagofacil.es imsolutionspci.es *.google.com *.googleapis.com *.gstatic.com *.surveymonkey.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
img-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ http://www.njuskalo.hr/ https://www.njuskalo.hr/; 1
allow 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://imgsct.cookiebot.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://www.google.de data: https://*.hsforms.com; object-src 'self' data:; frame-src 'self' *.youtube.com *.youtube-nocookie.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://www.krone-trailer.com https://publish.flyeralarm.digital https://*.hsforms.com; script-src 'self' 'unsafe-inline' https://www.googleadservices.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js-eu1.hsforms.net; connect-src 'self' https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://consentcdn.cookiebot.com https://*.hsforms.com https://*.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1
default-src 'self' *.fg.cz;font-src 'self' fonts.gstatic.com *.fg.cz;connect-src 'self' *.fg.cz *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net https://www.smsticket.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fg.cz maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com *.gstatic.com https://www.smsticket.cz;form-action 'self' *.fg.cz;frame-src 'self' *.fg.cz www.youtube.com https://www.google.com/ www.google.com https://www.smsticket.cz/;child-src 'self' *.fg.cz www.youtube.com https://www.google.com/ www.google.com https://www.smsticket.cz/;frame-ancestors 'self' *.fg.cz;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net blob: *.gst *.fg.cz;style-src 'self' 'unsafe-inline' *.fg.cz fonts.googleapis.com;object-src 'self' 1
default-src https: ;         form-action https: ;         script-src https://optimize.google.com 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://*.kespro.fi https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://*.kesko.fi https://*.ksync.fi data: https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://dvkesk.analytics.solteq.solutions ;         style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' https://*.kespro.fi 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com ;         img-src https://images.ctfassets.net https://optimize.google.com https://www.googletagmanager.com https://www.google.fi https://public.keskofiles.com https://bam.nr-data.net https://analytics.google.com https://www.google.com https://*.kespro.fi https://kespro.fi https://*.kesko.fi https://*.ksync.fi data: https://stats.g.doubleclick.net https://www.kespro.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://www.facebook.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://resources.paytrail.com ;         font-src https://fonts.gstatic.com https://*.kesko.fi https://*.kespro.fi https://fonts.gstatic.com https://*.hotjar.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com ;         connect-src https://stats.g.doubleclick.net https://bam.nr-data.net https://js-agent.newrelic.com https://*.kespro.fi https://www.kespro.com https://analytics.google.com https://*.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com https://www.facebook.com https://dvkesp.deepvision.cloud.solteq.com  https://*.hotjar.io https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://*.kesko.fi https://*.ksync.fi https://www.google.fi https://api.poeditor.com https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://dvkesptest.deepvision.cloud.solteq.com ;         frame-src https://optimize.google.com https://*.hotjar.com https://www.facebook.com  https://*.kespro.fi https://sync.ksync.fi https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com ;         frame-ancestors https://kespro.fi https://*.kespro.fi https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-raportit-dev.azurewebsites.net https://kespro-raportit-test.azurewebsites.net https://raportit.kespro.com http://kespro-toimitukset-dev.azurewebsites.net http://toimitukset-test.kespro.com https://kespro-reseptit-dev.azurewebsites.net https://reseptit-test.kespro.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com https://tarjooma-qa.kespro.com https://tarjooma.kespro.com http://toimitukset.kespro.com https://reseptit.kespro.com ;         block-all-mixed-content; upgrade-insecure-requests; report-uri https://kespro.report-uri.com/r/d/csp/enforce; report-to default; 1
frame-ancestors 'self' https://librairie-bayard.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com endpoint-app.cognigy.ai *.githubusercontent.com maps.google.de 'unsafe-inline' 'unsafe-eval' data: 1
allow 'self'; img-src *; script-src *; options eval-script inline-script; 1
default-src 'self' 'unsafe-inline' https://frontend-cdn.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://frontend-cdn.digitalchargingsolutions.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; frame-src 'self' https://pay.sandbox.datatrans.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; img-src 'self' https: data: https://cpologo.digitalchargingsolutions.com https://frontend-cdn.digitalchargingsolutions.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com ; style-src 'self' 'unsafe-inline' https://frontend-cdn.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com ; font-src 'self' https://frontend-cdn.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;style-src 'self' 'unsafe-inline'; 1
img-src *; media-src *; script-src 'self'; frame-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'  cdnjs.cloudflare.com; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.kemenpora.go.id *.responsivevoice.org *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.jquery.com *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com; style-src 'self' 'unsafe-inline' *.kemenpora.go.id *.googleapis.com *.responsivevoice.org *.google.com *.gstatic.com *.amazonaws.com *.bootstrapcdn.com *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com; img-src 'self' data: *.kemenpora.go.id *.responsivevoice.org *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.gravatar.com *.w.org *.creativecommons.org *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; font-src 'self' data: *.kemenpora.go.id *.gstatic.com *.bootstrapcdn.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; connect-src 'self' *.kemenpora.go.id *.googletagmanager.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; media-src 'self' *.kemenpora.go.id *.w.org *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; object-src 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.responsivevoice.org; child-src 'self' *.googletagmanager.com *.google.com pastebin.com *.videopress.com akismet.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; form-action 'self'; frame-ancestors 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; upgrade-insecure-requests; 1
base-uri 'self'; child-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; frame-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; connect-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au analytics.google.com; default-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: * blob:; script-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com dev.visualwebsiteoptimizer.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; frame-ancestors 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=QbUDQhzIZCpIB4W4eJxOLa6lHdHLdzGqFEIMzPzWvpz0OB0oJXSL53Qcq38tQtRuNpfkenbPZHzrGlReO4bSBA%3D%3D; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com  *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; connect-src 'self' *.commerce-connector.com https://www.google.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' *.giornaledellalibreria.it ; 1
default-src 'self'; block-all-mixed-content; child-src https://www.google.com https://pay.google.com/ https://www.facebook.com https://gateway.sumup.com https://assets.pinterest.com/; connect-src 'self' https://checkout.sumupstore.com https://api.notolytix.com https://o196784.ingest.sentry.io *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://cdn.optimizely.com https://google.com https://www.google.com https://pay.google.com cdn.sumup.store https://gateway.sumup.com https://api.sumup.com https://js.sumup.com https://api.sumup.net/; font-src 'self' use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://checkout.sumupstore.com https://cdnjs.cloudflare.com https://static.sumup.com cdn.sumup.store; frame-ancestors https://me.sumup.com https://dashboard.sumup.com; img-src 'self' https://cdn.shoplo.com cdn.sumup.store https://my-images.sumup.com https://catalog-images-live.s3.amazonaws.com https://catalog-images-dev.s3.amazonaws.com/ https://catalog-images-stage.s3.amazonaws.com https://cdn.sumup.store/ https://www.shopos.local.shoplonet.com https://www.sumupstorecom.icu cdn.sumup.store static.sumup.com *.google-analytics.com *.analytics.google.com https://www.gstatic.com https://api.sumup.com https://circuit.sumup.com https://www.facebook.com https://log.pinterest.com; script-src 'self' ajax.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://gateway.sumup.com https://net-tracker.notolytix.com/main.js 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://pay.google.com/gp/p/js/pay.js cdn.sumup.store https://api.sumup.com https://js.sumup.com https://connect.facebook.net https://assets.pinterest.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com cdn.sumup.store; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.example.com test.example.com *.amap.com blob: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' pagead2.googlesyndication.com *.adform.net js.hs-analytics.net js.hubspot.com js.usemessages.com connect.facebook.net maps.googleapis.com www.gstatic.com www.google.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' *.gstatic.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.googlesyndication.com *.adform.net *.google.com.sg *.google.at connect.facebook.net embedwistia-a.akamaihd.net *.googleapis.com *.google.ch *.google.es *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: *.akamaihd.net *.wistia.com; frame-src 'self' *.adform.net fast.wistia.net *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com px.ads.linkedin.com *.google.be *.adform.net *.google.nl *.google.de connect.facebook.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net connect.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net api.lytics.io connect.facebook.net c.lytics.io js.hubspot.com a.omappapi.com js.adsrvr.org builder.lift.acquia.com js.usemessages.com connect.facebook.net cookie-cdn.cookiepro.com js.hs-scripts.com fast.wistia.net maps.googleapis.com snap.licdn.com js-agent.newrelic.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.gstatic.com pagead2.googlesyndication.com tpc.googlesyndication.com www.google.com fast.wistia.net app.wistia.com bh.contextweb.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' builder.lift.acquia.com *.lytics.io a.omappapi.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.google.es *.t.co *.google.si *.googlesyndication.com *.lytics.io *.adsrvr.org *.hsappstatic.net *.hubspot.com *.omappapi.com embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.am *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' block.opendns.com c.lytics.io vimeo.com match.adsrvr.org insight.adsrvr.org *.hs-sites.com *.hubspot.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net fast.wistia.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net *.omappapi.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com *.google.com *.linkedin.com *.googlesyndication.com *.omappapi.com notify.bugsnag.com sessions.bugsnag.com us.perz-api.cloudservices.acquia.io *.ucweb.com hubspot-forms-static-embed.s3.amazonaws.com fast.wistia.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://static.b4healthonline.com https://static2.b4healthonline.com https://b4-wus2-powerbi-funcapp-p01.azurewebsites.net https://app.powerbi.com  1
frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self' *.akeneo.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'nonce-07f41c14e74157aff6fa6296dac0027c13e46705'; img-src 'self' data: *.akeneo.com marketplace.akeneo.com; frame-src *; font-src 'self' data:; connect-src 'self' *.akeneo.com 1
default-src 'self'; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; img-src 'self' data: https://*; object-src 'self' data: https://*; frame-src 'self' data: https://*; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://atal.pl/ https://*.atal.pl/ https://googletagmanager.com https://*.googletagmanager.com; img-src 'self' data: https://atal.pl/ https://*.atal.pl/; object-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; frame-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; 1
default-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.be https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.youtube.be https://*.youtu.be https://*.snapchat.com https://*.vimeo.com https://*.spotify.com; block-all-mixed-content; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; img-src data: 'self' https://placeholder.inventis.be https://*.googletagmanager.com https://*.google-analytics.com https://fonts.gstatic.com https://*.google.com https://*.google.be https://*.ytimg.com https://i.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.scdn.co https://*.youtube.com https://*.youtube.be https://*.snapchat.com https://i.vimeocdn.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js 'nonce-vXvTytVWbih92fTy2v2anA=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1