Values for x-content-security-policy:
default-src 'self'; img-src *; media-src * data:; 317
frame-ancestors 'self' 157
allow 'self'; 30
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 27
img-src *; media-src * data:; 23
report-uri /report-csp-violation 13
default-src 'self'; script-src 'self'; 13
upgrade-insecure-requests; 11
report-uri /report-csp-violation; upgrade-insecure-requests 10
allow 'self'; media-src *; img-src *; script-src *; style-src *; 10
default-src 'self' 9
default-src 'self' 'unsafe-inline' 8
default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 7
sandbox allow-scripts allow-popups allow-same-origin; 6
default-src 'self'; 6
frame-ancestors 'none' 4
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 4
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com 4
frame-ancestors https://*.marketo.com 4
upgrade-insecure-requests 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 4
default-src 'self' https://www.chatbase.co/ https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://www.chatbase.co/ https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self'; frame-src 'self' https://www.chatbase.co/ *.stage.ueberbit.de *.prev.ueberbit.de https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/ https://lv.dialoglabor.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 4
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 3
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 3
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 3
script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors *; form-action *;media-src *; default-src 'self' www.optimizecdn.com; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; frame-src *; connect-src *; 3
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 2
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' avm.de *.avm.de piwik.avm.de vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com maps.google.com *.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-inline' ; media-src 'self' *.avm.de static.zdassets.com *.googleapis.com *.gstatic.com ytimg.com s.ytimg.com blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  2
block-all-mixed-content 2
frame-ancestors www.red-gate.com; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2
nosniff 2
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; reflected-xss block; upgrade-insecure-requests; 2
frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 2
default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl  https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net  data:; object-src 'none'; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: * 2
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 2
script-src 'self'; 2
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 2
default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com https://sst.metanet.ch https://pagesense-collect.zoho.eu https://salesiq.zohopublic.eu wss://vts.zohopublic.eu https://vts.zohopublic.eu https://pagead2.googlesyndication.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com https://css.zohocdn.com https://pagead2.googlesyndication.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net https://pagead2.googlesyndication.com; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net https://pagesense-collect.zoho.eu https://pagead2.googlesyndication.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net https://sst.metanet.ch https://cdn-eu.pagesense.io https://salesiq.zohopublic.eu https://js.zohocdn.com https://js.zohostatic.eu https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com https://css.zohocdn.com https://css.zohostatic.eu https://pagead2.googlesyndication.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://webmessaging.usw2.pure.cloud/v1 wss://cobrowse-v2.usw2.pure.cloud; 2
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.vimeo.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com  tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com *.player.vimeo.com *.viralsweep.com js.adsrvr.org cdn.userway.org *.vimeo.com analytics.tiktok.com; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com  *.quantserve.com  *.vimeo.com 2
strict-dynamic 2
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 2
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 2
2
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2
frame-ancestors https://app.storyblok.com/ 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 2
reflected-xss block 2
frame-ancestors 'self' weleda.sabio.de 2
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 2
default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://www.twitter.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; 2
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 2
default-src 'self'; style-src 'self' 'unsafe-inline' 2
frame-ancestors 'self'; 2
self 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.people.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-zBewb3D0UFUW+piCx2s7RjP91bECdlETZZwQoLQeM+EbxAXu'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de blob: data:; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.shape.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com https://tags.srv.stackadapt.com/events.js trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com connect.facebook.net/en_US/fbevents.js *.byspotify.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com https://tags.srv.stackadapt.com/events.js trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com connect.facebook.net/en_US/fbevents.js *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com dev.virtualearth.net; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com googletagmanager.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com; report-uri /report-csp-violation 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 1
frame-ancestors 'self' *.griffith.edu.au 1
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com; object-src 'none' 1
allow-scripts allow-popups allow-same-origin; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1
object-src none 1
X-Content-Security-Policy 1
frame-ancestors 'self' courses.ecu.edu.au *.instructure.com *.canvaslms.com https://ecu.atlassian.net 1
default-src https:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' http: www.google-analytics.com ajax.googleapis.com; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com intermezzo-coop.eu:* *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net  *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'  1
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com  *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 1
frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com  auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com youtu.be *.youtu.be gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net *.g.doubleclick.net addthis.com *.addthis.com 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com www.googleadservices.com www.google.com *.googleadservices.com *.google.com googleads.g.doubleclick.net bid.g.doubleclick.net *.g.doubleclick.net snap.licdn.com *.snap.licdn.com *.licdn.com p.adsymptotic.com *.adsymptotic.com *.googlesyndication.com googlesyndication.com cdn.linkedin.oribi.io www.google.com.eg *.google.com.eg *.mainstay.com addtoany.com *.addtoany.com googleapis.com *.googleapis.com noembed.com *.noembed.com plyr.io *.plyr.io cdn.jsdelivr.net; report-uri /report-csp-violation 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
default-src 'self'; script-src 'report-sample' 'self' https://contaazul.my.salesforce.com/embeddedservice/5.0/client/liveagent.esw.min.js https://d.la1-c2-ia4.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://d.la1-c2-ia5.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://www.googletagmanager.com/gtag/js; style-src 'report-sample' 'self' https://contaazul.my.salesforce.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://contaazul.my.salesforce.com; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://653a851cb68e7c6a2aefe900.endpoint.csper.io/?v=0; worker-src 'self'; 1
default-src 'self'; script-src 'self' https://youtube.com/ https://cnes.matomo.cloud/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io ; object-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com ; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io/css/ cdn.tarteaucitron.io/css/ https://fonts.googleapis.com/; img-src 'self' data: https://i.ytimg.com 'unsafe-inline' https://tarteaucitron.io/log/ tarteaucitron.io/log/; media-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com ; frame-src 'self' https://youtube.com https://www.youtube.com player.vimeo.com  youtube.com www.youtube.com https://youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; frame-ancestors 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://tarteaucitron.io/ tarteaucitron.io https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io; child-src 'self'  https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; connect-src 'self' 'unsafe-inline' https://cnes.matomo.cloud/ https://cdn.matomo.cloud/cnes.matomo.cloud/ https://tags.data-driven.fr cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.hlisb.com.my https://www.hlb.com.kh https://www.hlbank.com.sg https://www.hlbank.com.vn https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my  https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my https://10.103.8.91 wss://10.103.8.91 1
default-src 'self'; script-src 'self' 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru  *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.bitrix24.ru *.roistat.com privacy-cs.mail.ru top-fwz1.mail.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1
child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com; connect-src 'self'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self'  *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self'  *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self'  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self'  s.w.org app.qualified.com; script-src 'self'  'unsafe-inline'  'unsafe-eval' https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net  js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr  'unsafe-inline' ; style-src 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com  cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self'  blob: *.qualified.com;  upgrade-insecure-requests; 1
default-src 'self' static1.clickandboat.com; connect-src 'self' static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ https://blog.clickandboat.com/ blog.clickandboat.com data: blob: res.cloudinary.com quasar.clickbo.at *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com 'unsafe-inline' 'nonce-jKme68lYSMTPA4YGmzPZDg=='; style-src 'self' static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com 1
default-src https: 1
frame-src 'self' 1
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net  https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
sandbox; 1
default-src 'self'; font-src *; img-src * data:; script-src *; style-src *; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com 'self' https://webapps.itmc.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 'self' 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-2fcc601eca83e749d797af3d702c29c4' 'nonce-089ef34ccd5735ee42eac4a920d3561d' 'nonce-bebcb5a8ef7e3a8795e398676e48710a' 'nonce-09e656fddcf2239b0119d1068ed77fe3' 'nonce-b3bf8a78a282541453ecacc000d93654' 'nonce-28a8c5a75c35cda803972f2f8e59500b' 'nonce-5b296f6c99500027c8426a68ca60c10b' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-2fcc601eca83e749d797af3d702c29c4' 'nonce-089ef34ccd5735ee42eac4a920d3561d' 'nonce-bebcb5a8ef7e3a8795e398676e48710a' 'nonce-09e656fddcf2239b0119d1068ed77fe3' 'nonce-b3bf8a78a282541453ecacc000d93654' 'nonce-28a8c5a75c35cda803972f2f8e59500b' 'nonce-5b296f6c99500027c8426a68ca60c10b' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 1
script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com  *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.youtube.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com youtu.be *.youtube.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-src 'self' player.vimeo.com *.youtube.com *.youtube-nocookie.com youtu.be *.youtube.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com youtu.be *.youtube.com *.ytimg.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1
default-src 'self'; img-src 'self' 1
allow 'self'; options inline-script eval-script; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://app-sj27.marketo.com/ https://cdn.transifex.com/ https://segments.company-target.com/ https://api.company-target.com/ https://s.company-target.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://*.fontawesome.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://cdn.vidyard.com/ https://cdn.transifex.com/ https://segments.company-target.com/ https://id.rlcdn.com/ https://px.ads.linkedin.com/ https://pixel.sitescout.com/ https://www.google.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://*.fontawesome.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.transifex.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://kit.fontawesome.com/; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.transifex.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://framework.scaledagilenetwork.com/ http://localhost:1113/ https://ka-p.fontawesome.com/ https://kit.fontawesome.com/; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 1
frame-ancestors * 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de  www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1
upgrade-insecure-requests; default-src * data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' data: https://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline' 'unsafe-eval' https://web106.reachmee.com https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://cdn.plyr.io https://player.vimeo.com https://static.cloud.coveo.com https://cdn.jsdelivr.net https://view.ceros.com https://jamesleist.com https://clientweb.passle.net https://cdn.iframe.ly; style-src 'self' data: 'unsafe-inline' https://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.plyr.io https://static.cloud.coveo.com https://jamesleist.com; img-src * 'self' data: https://*.hotjar.com https://jamesleist.com; font-src 'self' data: https://*.hotjar.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com https://jamesleist.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://jamesleist.com; frame-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com https://view.ceros.com https://jamesleist.com https://www.podcaster.de https://w.soundcloud.com https://open.spotify.com/  https://cdn.iframe.ly; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-wis+EzMBZuq0DakV' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com *.stichtingdefriesland.nl d1mj578wat5n4o.cloudfront.net sitecorecloud.io;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; connect-src 'self' https://*.usercentrics.eu https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://*.ekir.de; frame-src 'self' https://*.usercentrics.eu https://umap.openstreetmap.fr https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://*.usercentrics.eu https://*.openstreetmap.fr https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; frame-ancestors 'none'; 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob:;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 1
frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.truckworks.de https://special.mercedes-benz-trucks.com 1
default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://*.slinger.to/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-BkKNWGOc2WHx23FHaYUbBA=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/; upgrade-insecure-requests 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
frame-ancestors 'self' https://*.leoncountyfl.gov  https://leoncmsinternet-new.azurewebsites.net; object-src 'none' https:; 1
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1
default-src 'self'; script-src 'self' 'nonce-74/T5ftGg4sZ1D//gYzSIOSCRQGufm0qhTwpvmSh680=' 'unsafe-inline' koop.piwik.pro; connect-src 'self' 'nonce-74/T5ftGg4sZ1D//gYzSIOSCRQGufm0qhTwpvmSh680=' 'unsafe-inline' koop.piwik.pro; img-src 'self' koop.piwik.pro; style-src 'self' 'nonce-74/T5ftGg4sZ1D//gYzSIOSCRQGufm0qhTwpvmSh680=' 'unsafe-inline'; frame-src 'self' data: koop.piwik.pro; frame-ancestors 'self'; 1
default-src 'self' ; script-src 'self' 1
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-beJK0UP84dDxsvJdJraIRFMqsWBUsSsK' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mista.ua https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com  https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org https://polyfill.io/ wikimapia.org https://*.jsdelivr.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com syndicatedsearch.goog *.googletagservices.com *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org *.adsensecustomsearchads.com https://www.tiktok.com/; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self'; 1
connect-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://api.carrotquest.app/ https://api.carrottrack.app/ https://rts-v2.carrotquest.app/ wss://rts-v2.carrotquest.app/ https://tracker.comagic.ru/ https://stats.g.doubleclick.net;default-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://tracker.comagic.ru https://stats.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://maps.google.com http://bitrix.info https://connect.facebook.net https://*.gstatic.com:* https://*.googleapis.com https://www.google.ru https://*.googleadservices.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.maps.yandex.net https://cdnjs.cloudflare.com https://app.comagic.ru https://cllctr.roistat.com/ https://cloud.roistat.com/ https://cdn.jsdelivr.net/ https://cdn.carrotquest.app/ https://use.fontawesome.com/ https://www.google.com/recaptcha/ https://yastatic.net:*;style-src 'self' 'unsafe-inline' data: https://mc.yandex.ru:* https://*.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.jsdelivr.net https://*.gstatic.com:*;img-src 'self' data: https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app/ blob: https://*.maps.yandex.net;font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com/ https://cdn.carrotquest.app/ https://*.gstatic.com:*;frame-src 'self' data: https://*.youtube.com https://*.youtu.be https://*.yandex.ru https://yandex.ru https://mc.yandex.ru/ https://www.google.com https://*.youtube-nocookie.com;base-uri 'self';form-action 'self' data: ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com *.crwdcntrl.net tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com www.rumiview.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net 1
default-src 'self' multimedia.gsb.bund.de medien.bmi.bund.de; base-uri 'self'; font-src 'self'  data: medien.bmi.bund.de; style-src 'self' 'unsafe-inline' *.twitter.com medien.bmi.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com   medien.bmi.bund.de; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de  *.newsletter2go.com hls-hd.myrasec.de     medien.bmi.bund.de; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de video.bundesregierung.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net hls-hd.myrasec.de cdnjs.cloudflare.com medien.bmi.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.make.org *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io *.linkedin.com d2ukmxblae710r.cloudfront.net; img-src 'self' blob: data: *.google.com *.gstatic.com social.bund.de muenster.im *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com cdnjs.cloudflare.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de  *.cio.bund.de *.newsletter2go.com   medien.bmi.bund.de; frame-ancestors 'self' *.prod.gsb.bmi.in.bund.de; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-4JiipS6untN1WDT3FGaUJckFNGDwqca4' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com;  1
default-src 'self'; img-src *; media-src * data: 1
default-src 'self' ;options inline-script eval-script;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net  https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com *.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://img.youtube.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com translate-pa.googleapis.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com player.vimeo.com;  1
default-src https: wss:; base-uri 'none'; font-src https: data:; img-src https: data:; script-src 'strict-dynamic' 'nonce-auKlSSVSKSceTE5RvmMDyw=='; style-src https: 'unsafe-inline' 1
default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1
default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src  *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 1
default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io calendly.com *.calendly.com *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr  *.youtube.com  *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.vectary.com  *.instagram.com *.facebook.com *.cdninstagram.com  *.pinterest.com calendly.com *.calendly.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com  *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.calendly.com  *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com  *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.pinterest.com *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com  *.contentsquare.net *.contentsquare.com  *.contentsquare.fr  *.google-analytics.com  *.soyooz.com  *.mxpnl.com  code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com  googleads.g.doubleclick.net  *.facebook.net  *.tradelab.fr  *.pinimg.com *.inbenta.services *.inbenta.io calendly.com *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com  *.soyooz.com  *.atlantic.fr  *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.calendly.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
frame-ancestors 'self' vidaworld.com *.vidaworld.com heromotocorp3--dev.sandbox.my.salesforce.com heromotocorp3--dev.sandbox.lightning.force.com vidaworld--sit.sandbox.lightning.force.com vidaworld.lightning.force.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allrecipes.com 1
frame-ancestors 'self' localhost:* *.tason.com 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1
frame-ancestors https://*.smartrecruiters.com 1
default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org service.bzga.de piwik.bzga.de *.stage.bio; style-src 'self' 'unsafe-inline' fast.fonts.net;font-src 'self' data:; media-src 'self' *.stage.bio; connect-src 'self' nominatim.openstreetmap.org ws://socket.stage.bio *.stage.bio piwik.bzga.de; img-src 'self' data: shop.bzga.de piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de service.bzga.de *.stage.bio; frame-src bzga.neueshandeln.de; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com cdn.usefathom.com *.hotjar.com *.dotdigital-pages.com https: data:;style-src 'self' 'unsafe-inline' *.hotjar.com https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.googleadservices.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com *.adnxs.com cdn.usefathom.com *.smooch.io wss://api.smooch.io *.hotjar.com *.hotjar.io wss://*.hotjar.com ct.pinterest.com pro.ip-api.com api.hellobar.com data:;font-src 'self' static.tacdn.com *.gstatic.com assets.hootsuite.com *.hotjar.com my.hellobar.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net cdn.usefathom.com assets.hootsuite.com *.hotjar.com hi.hellobar.com px.gumgum.com data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net e.issuu.com ct.pinterest.com *.dotdigital-pages.com ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
frame-ancestors https://*.nywerk.de https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
default-src 'self'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.google.com *.privacybee.ch *.privacybee.io; font-src 'self' *.gstatic.com cdn.scaleflex.it; frame-src player.vimeo.com *.doubleclick.net *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.doubleclick.net; script-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.privacybee.ch *.privacybee.io 'nonce-mskRrMa9I+k/w43pIl0ksA=='; style-src 'self' *.googleapis.com *.privacybee.ch *.privacybee.io *.googletagmanager.com 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src 'self' blob: 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://fonts.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
"default-src *" 1
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 1
default-src 'self' data: https://www.dw.com https://api.service-digitale-verwaltung.de https://events.click-around.systems/ https://ictp-trst-001.westeurope.cloudapp.azure.com/matomo/ https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ingest.sentry.io *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' wss://genii-messages.tolk.ai; block-all-mixed-content; font-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; frame-src *.adform.net *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.tiktok.com *.tolk.ai *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org *.x.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; img-src *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline'; script-src *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://tarteaucitron.io inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-ohFX+UyKej2jWoEav03VzQ=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-ohFX+UyKej2jWoEav03VzQ=='; upgrade-insecure-requests; report-uri /csp/report 1
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self' 'sha256-UQBytKn0DQWyDg5/YC+FaQxonSsbQk4k0ErDHqBuhfw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self' 1
frame-ancestors *; report-uri /report-csp-violation 1
frame-ancestors 'self'; default-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; img-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; font-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com 1
default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-0lDYQL2d/roCsciV' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com *.stichtingdefriesland.nl d1mj578wat5n4o.cloudfront.net sitecorecloud.io;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https: rldb:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
base-uri 'self';child-src 'self';connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io webpack://*;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self'  https://*.bethematch.org;frame-ancestors 'self'  https://*.bethematch.org https: data:;frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;manifest-src 'self';media-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; object-src 'none'; connect-src 'self'  analytics.google.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net region1.analytics.google.com data.pendo.io pendo-static-4855106659811328.storage.googleapis.com https://px.ads.linkedin.com https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io;frame-ancestors app.pendo.io; frame-src 'self'  stats.g.doubleclick.net https://td.doubleclick.net; child-src ; sandbox allow-forms allow-same-origin allow-scripts allow-popups; style-src 'self' 'unsafe-inline' 'sha256-3ITP0qhJJYBulKb1omgiT3qOK6k0iB3rMDhGfpM8b7c=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' app.pendo.io cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io https://snap.licdn.com https://connect.facebook.net https://secure.barn5bake.com https://static.hotjar.com https://script.hotjar.com; script-src-elem 'self' 'unsafe-inline'  'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io https://snap.licdn.com https://connect.facebook.net https://secure.barn5bake.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' www.googletagmanager.com cdn.pendo.io app.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io px.ads.linkedin.com www.google.co.uk; 1
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 1
frame-ancestors 'self' assets.adobedtm.com fondi.widiba.it fondiwidiba.widitools.widiprod; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-x2EKQkp1jfwvOP0DDmahTQ=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com 'unsafe-inline' 'nonce-x2EKQkp1jfwvOP0DDmahTQ=='; report-uri /csp/report 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; style-src https: 'unsafe-inline' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://www.instagram.com https://static.cdninstagram.com; frame-src 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de https://www.youtube-nocookie.com https://www.youtube.com https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; frame-ancestors 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de; 1
frame-ancestors https://www.degussa-goldhandel.de https://news.degussa-goldhandel.de https://www.degussa-adventskalender.de https://media.degussa-goldhandel.de 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://*.spotify.com https://archiv.yourvideo.tv https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at wss://*.onlim.com https://*.googleapis.com https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com https://*.onlim.com; media-src https://*; worker-src blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'  1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrich.ai *.cookiebot.eu *.usemessages.com *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src  *.nrich.ai *.usercentrics.eu *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.cookiebot.eu *.hubspot.com td.doubleclick.net ad.doubleclick.net  *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.nrich.ai *.cookiebot.eu google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org https://storage.pardot.com/961942/1714040807BiAtzoZM/attribution_engine.min.js https://pt.onelineage.com/l/961942/2024-04-25/5n7n9/961942/1714040807BiAtzoZM/attribution_engine.min.js *.zi-scripts.com *.datadoghq-browser-agent.com *.vimeo.com js.zi-scripts.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com; img-src 'self' data: *.crazyegg.com acsbapp.com *.acsbapp.com *.gstatic.com *.googleapis.com https://cdn.cookielaw.org/logos/static/ot_close.svg https://cdn.cookielaw.org/logos/00ede55a-7822-413c-a767-b17482b93176/6a9f63ca-67d4-447a-846e-044d865079f1/fd22dd1b-b5d9-4bdc-803d-bb78e0f32fd3/lineage_logo.png https://cdn.cookielaw.org/logos/static/powered_by_logo.svg https://id.rlcdn.com/464526.gif *.company-target.com *.everesttech.net *.linkedin.com *.bing.com *.doubleclick.net *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.casalemedia.com *.adnxs.com *.openx.net *.rubiconproject.com *.yahoo.com *.pubmatic.com *.bluekai.com *.cookielaw.org; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com https://airtable.com/ player.vimeo.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://browser-intake-us5-datadoghq.com *.zi-scripts.com *.zoominfo.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com; report-uri /report-csp-violation 1
frame-ancestors 'self' aviloo--uat.sandbox.my.site.com site.com 1
form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://app.mailjet.com/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://app.mailjet.com/; object-src 'self' https://cdn.joomlacontenteditor.net/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self'; frame-src 'self'; 1
frame-ancestors https://*.cloudfront.net https://*.streavent.de https://*.dwa.de https://*.dwa-bayern.de https://*.dwa-bw.de https://*.dwa-hrps.de https://*.dwa-nord.de https://*.dwa-no.de https://*.dwa-nrw.de https://*.dwa-st.de https://*.gfa-news.de 1
allow *; options inline-script eval-script; frame-ancestors 'self'; 1
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 1
none 1
report-to 'self' ; child-src 'self' blob: ; connect-src 'self' *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' blob: *.crazyegg.com *.constantcontact.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src 'self' tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.medtronic.com; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; worker-src 'self' blob: ;  upgrade-insecure-requests; 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-70240ad0e9522dc7012de59765aa6b3a' 'nonce-3453fc7aea07c0e3dc2db5a066700a7b' 'nonce-8e53ec3d0dbed13f88a4176818c21b21' 'nonce-285689f1475d2831ecd68d7fc0a8c09c' 'nonce-06bdcdf073aa9a5afc1431f0bd709c0b' 'nonce-d20b0fc9da7e727c09237138a59fd6ce' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-70240ad0e9522dc7012de59765aa6b3a' 'nonce-3453fc7aea07c0e3dc2db5a066700a7b' 'nonce-8e53ec3d0dbed13f88a4176818c21b21' 'nonce-285689f1475d2831ecd68d7fc0a8c09c' 'nonce-06bdcdf073aa9a5afc1431f0bd709c0b' 'nonce-d20b0fc9da7e727c09237138a59fd6ce' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.squaredup.com https://squaredup.com; 1
frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com; 1
object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 1
frame-ancestors 'self' 'hackintosh-olarila.com'; 1
object-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; \
        script-src 'self' https://ajax.googleapis.com; \
        img-src 'self' https://ssl.google-analytics.com 1
frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
frame-ancestors 'self' bam.harridev.com harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com pl.harridev.com ar.harridev.com tr.harridev.com dev.harridev.com fr.dev.harridev.com es.dev.harridev.com ru.dev.harridev.com de.dev.harridev.com pl.dev.harridev.com ar.dev.harridev.com tr.dev.harridev.com newdev.harridev.com stage.harridev.com hmap.harridev.com fr.hmap.harridev.com es.hmap.harridev.com ru.hmap.harridev.com de.hmap.harridev.com pl.hmap.harridev.com ar.hmap.harridev.com tr.hmap.harridev.com dv1.harridev.com dv2.harridev.com sandbox.harridev.com local.harridev.com:9001 fr.local.harridev.com:9001 es.local.harridev.com:9001 ru.local.harridev.com:9001 de.local.harridev.com:9001 pl.local.harridev.com:9001 ar.local.harridev.com:9001 tr.local.harridev.com:9001 local.harridev.com:9002 fr.local.harridev.com:9002 es.local.harridev.com:9002 ru.local.harridev.com:9002 de.local.harridev.com:9002 pl.local.harridev.com:9002 ar.local.harridev.com:9002 tr.local.harridev.com:9002 localhost.harridev.com:9001; 1
frame-ancestors https://*.procampaign.net 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1
frame-ancestors 'self' https://appwizzy.com 1
default-src data: 'self' https://*.hsforms.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://tic.streamakaci.com https://js.hsadspixel.net https://wisembly-content.s3.amazonaws.com/ https://js-eu1.hsforms.net/ https://appvizer.one/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://*.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.usemessages.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://tic.streamakaci.com https://api.hubapi.com https://region1.analytics.google.com https://forms.hscollectedforms.net https://www.google.fr https://api.hubspot.com https://appvizer.one https://ariadne.appvizer.one https://bat.bing.com https://forms.hsforms.com https://forms.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; font-src data: 'self' https://fonts.gstatic.com; img-src data: 'self' https://wisembly-content.s3.amazonaws.com/ https://avada.studio https://s.w.org https://ps.w.org https://*.linkedin.com https://bat.bing.com https://blog.wisembly.com https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.google.fr; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-src 'self' https://td.doubleclick.net/ https://*.liveboutique.io https://avada.studio https://static.hsappstatic.net https://app.hubspot.com https://forms.hsforms.com https://vars.hotjar.com https://www.youtube.com; 1
script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
script-src blob: https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://d5.gs1.mwsrv.de https://consent.cookiefirst.com https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com https://static.virtualbadge.io; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://consent.cookiefirst.com https://d5.gs1.mwsrv.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' https://*.gs1-germany.de https://optimize.google.com https://*.walls.io https://consent.cookiefirst.com https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://easy-feedback.com https://*.easy-feedback.com https://ext.nonstoppartner.net https://*.gs1.org https://f5ba538cf0d6445983504cc2cd8ccb42.svc.dynamics.com https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net https://public.virtualbadge.io; frame-ancestors 'self' https://*.dev.mehrwert.de https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.at *.cookiebot.eu *.google-analytics.com connect.facebook.net px.ads.linkedin.com px4.ads.linkedin.com stats.g.doubleclick.net *.transgourmet.com *.transgourmet.at svrdntfctn.com analytics.tiktok.com *.googleadservices.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.at *.gstatic.com *.googletagmanager.com *.google-analytics.com api.mapbox.com *.mindspace.at *.vorauerfriends.com *.usercentrics.eu px.ads.linkedin.com px4.ads.linkedin.com *.transgourmet.com *.transgourmet.at *.facebook.com; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.cookiebot.eu *.googletagmanager.com *.google-analytics.com snap.licdn.com connect.facebook.net svrdntfctn.com analytics.tiktok.com *.googleadservices.com; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; report-uri /csp/report 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 1
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com secure.payzen.eu maps.googleapis.com *.paypal.com *.algolia.net *.algolianet.com *.bing.com *.facebook.net *.facebook.com www.googletagmanager.com *.mgtmod01.com *.magnetis.io *.modulecall.fr www.gstatic.com googleads.g.doubleclick.net www.google.fr *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinterest.com *.pinimg.com;frame-src 'self' secure.payzen.eu www.youtube.com maps.googleapis.com *.paypal.com secure.ogone.com ogone.test.v-psp.com *.openstreetmap.org *.facebook.com *.youtube-nocookie.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr widget.eu.criteo.com *.pinterest.com *.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com *.gstatic.com placehold.it https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr stats.g.doubleclick.net *.youtube-nocookie.com *.ytimg.com googleads.g.doubleclick.net secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.criteo.com e1.emxdgt.com cm.g.doubleclick.net rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com www.googletagmanager.com *.yahoo.net *.postrelease.com *.pinterest.com *.pinimg.com *.adform.net *.facebook.net sync.1rx.io jadserve.postrelease.com *.unrulymedia.com;font-src 'self' fonts.gstatic.com data: cdn.linearicons.com;connect-src 'self' *.paypal.com *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com *.magnetis.io *.modulecall.fr noembed.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net *.criteo.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.analytics.google.com *.google-analytics.com *.googlesyndication.com *.pinterest.com *.facebook.com *.outbrain.com;base-uri 'self' 1
worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoll-portal.de; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1
default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.bing.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net; connect-src * 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz; connect-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://staticcdn.co.nz; font-src 'self' https://*.hotjar.com https://*.hotjar.io data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.pega.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mypurecloud.com.au https://*.youtube-nocookie.com https://*.youtube.com https://subscriptions.smartrecruiters.com/ https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz; img-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://*.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://staticcdn.co.nz https://*.google.co.nz *.google.co.nz blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au 'nonce-MjBmYjNjMjZmZTllODY1MzQ3ZDQ0MGUxYTE4OGNlNTI3NmM2MTRlNWE4MTU2M2Y0N2NiMThiMTZhNDI5ZjEzZThkOWM0N2Y0OTlhMWIwODI3NWM3NDc0MjA4YWEwY2U3YTc0Njg3ZTRkMDQ0NGM0OWRlOWIyY2E1MDkzOGFlNmE=' 'unsafe-eval'; style-src 'self' https://s.swiftypecdn.com https://*.mypurecloud.com.au https://static.smartrecruiters.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6229198/security/?sentry_key=d3383061a5464af09b0da48432305265&sentry_environment=live; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com letsgoeasy-koop.de; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1
default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com www.youtube.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; media-src www.youtube-nocookie.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-D8FW+VR8eKETbOlEshk5OqV1' 'nonce-I47N3ZX5WJq7rvnpKQLE6oz7' 'nonce-TEeh6CHAF7R4ThBEFI537q0O' 'nonce-V9ZiSTLEMIh4kp22KRmg4r8G' 'nonce-Q/iJK4NpiaObPKVaTn2REO3C' 'nonce-P0YsrxmRdujvneYjGqVEKtY7' 'nonce-SVr890P/2s3HGUIVfP4wj5j7' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-a399d6bf201dd4bee56d2314c8deff59' 'nonce-9a9fedcb3ef7d0dd7e156caf1329ed3d' 'nonce-8ec1b7517d434e946e74e3d1e2b687e8' 'nonce-b4390b2804e5fefa0d893ba9bc399e72' 'nonce-0397dee50e5733b7bc64b6d61b69b134' 'nonce-b67e0aa0fd3dbe6f9965fae23dccb26e' 'nonce-d085b1c1d19d6e01e91af714ed811273' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a399d6bf201dd4bee56d2314c8deff59' 'nonce-9a9fedcb3ef7d0dd7e156caf1329ed3d' 'nonce-8ec1b7517d434e946e74e3d1e2b687e8' 'nonce-b4390b2804e5fefa0d893ba9bc399e72' 'nonce-0397dee50e5733b7bc64b6d61b69b134' 'nonce-b67e0aa0fd3dbe6f9965fae23dccb26e' 'nonce-d085b1c1d19d6e01e91af714ed811273' 'self' 'unsafe-inline' https: 'report-sample' 1
object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.hotjar.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-YjkxNTUxOGRhNTQ3MjBmODY0ODQ0Njg5NTFiZGI3MDlkNjU4ZTJkMmE1Nzg2NGFjOWMyZDEyMThjMzhjZjY3ZDA3Y2ExMTAwODZmODI4MTNmMTI1YTFkMDFhOWRhYmQ5ZDEyMmNlNTVhNDY3ZDgxZmNlMjY0NWQ1YzNkNDlmNDQ=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; upgrade-insecure-requests 1
frame-ancestors http://programasgratis.searchmgr.com/ 1
default-src 'self' www.affidea.com 'unsafe-inline'; script-src 'self' www.affidea.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net hello.myfonts.net www.youtube.com www.googletagmanager.com cdnjs.cloudflare.com snap.licdn.com az416426.vo.msecnd.net connect.facebook.net www.facebook.com www.google-analytics.com px.ads.linkedin.com dc.services.visualstudio.com region1.google-analytics.com; img-src 'self' www.affidea.com; style-src 'self' www.affidea.com; script-src-elem 'elem' www.affidea.com affidea.com; style-src-elem 'self' www.affidea.com; media-src: 'self'; 1
script-src 'self'; frame-ancestors 'self'; img-src 'self'; font-src 'self'; object-src 'none'; require-trusted-types-for 'script' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.cloudflare.com unpkg.com google.com mdbootstrap.com google-analytics.com *.googletagmanager.com tagmanager.google.com *.google.com static.ads-twitter.com *.hs-scripts.com *.facebook.net *.clarity.ms googleads.g.doubleclick.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.fw-cdn.com fw-cdn.com *.gstatic.com *.licdn.com *.freshchat.com *.newrelic.com *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.cloudflare.com *.googleapis.com unpkg.com *.fontawesome.com mdbootstrap.com *.freshchat.com *.youtube.com; img-src 'self' data: https:;; frame-src 'self' *.doubleclick.net *.freshchat.com *.flowpaper.com *.youtube.com *.google.com *.facebook.com; font-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com *.doubleclick.net; connect-src 'self' 'unsafe-inline' *.hscollectedforms.net *.google.com *.hubapi.com *.ads.linkedin.com *.doubleclick.net *.fwusercontent.com *.clarity.ms *.nr-data.net *.facebook.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1
frame-ancestors https://*.estratraining.it 1
default-src 'self' https://equatio.texthelp.com/client/ wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com https://equatio-search-proxy-eu.texthelp.com https://script.google.com/ https://idp.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/client/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/client/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://*.europe-west1.firebasedatabase.app/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/client/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/client/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se *.bidtheatre.com chat.hotelchat.ai; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com *.cookiebot.com backend.chatbase.co; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com *.doubleclick.net chat.hotelchat.ai; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net *.chatbase.co; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
upgrade-insecure-requests; default-src https://urzadskarbowy.gov.pl/; script-src 'self'; frame-src 'self' https://login.mf.gov.pl/; connect-src https://dc.services.visualstudio.com/ https://eurzad.datahub.mf.gov.pl/ https://urzadskarbowy.gov.pl/ https://login.mf.gov.pl/ https://api-klient-eformularz-logged.mf.gov.pl/; img-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'none'; object-src 'none'; base-uri 'self'; sandbox allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com;style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://11639395.fls.doubleclick.net *.doubleclick.net https://promotion.mars.de/PAF/wp/2024-q3-PEDIGREE-DE/ https://promotion.mars.de/wp/2024-q3-PAWPARADE-DE https://promotion.mars.de/wp/2024-q3-PED-TDZ-DE *mars.acsitefactory.com https://marspulse.my.salesforce-sites.com https://survey.mars.com https://marspulse.my.salesforce.com; child-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://11639395.fls.doubleclick.net *.doubleclick.net https://promotion.mars.de/PAF/wp/2024-q3-PEDIGREE-DE/ https://promotion.mars.de/wp/2024-q3-PAWPARADE-DE https://promotion.mars.de/wp/2024-q3-PED-TDZ-DE *mars.acsitefactory.com https://marspulse.my.salesforce-sites.com https://survey.mars.com https://marspulse.my.salesforce.com 1
script-src 'nonce-abcdefg'; data: blob:; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
frame-ancestors 'self' https://admin.yallastore.co.il; 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self' data:; block-all-mixed-content; connect-src http: https: ws: blob: 'self' *.tinymce.com *.tiny.cloud blob:; font-src 'self' data: fonts.gstatic.com *.tinymce.com *.tiny.cloud *.fontawesome.com; img-src 'self' data: http: https: *.tinymce.com *.tiny.cloud data: blob:; script-src 'self' 'unsafe-inline' js-agent.newrelic.com static.zdassets.com *.zendesk.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com *.posthog.com *.tinymce.com *.tiny.cloud 'nonce-0l58oTDPzIC1mC5J1TX+Hw=='; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com *.tinymce.com *.tiny.cloud; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/ https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru https://mod.calltouch.ru/; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru https://e-m-l.ru blob: https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:* https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; 1
default-src: none; 1
connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.vimeocdn.com; frame-src 'self' view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self'  'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; script-src 'self'  'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self'  'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.googleapis.com *.googleapis.com *.gstatic.com ; style-src-attr  'unsafe-inline' ;  upgrade-insecure-requests; 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cmmdhoksda.cloudimg.io/ https://cdnjs.cloudflare.com https://cmmdhoksda.cloudimg.io/ https://uploads-ssl.webflow.com/ https://cdn.jsdelivr.net https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://svc.webspellchecker.net/ https://postcodes.io; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com https://13646485.fls.doubleclick.net/ https://td.doubleclick.net/; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/ https://svc.webspellchecker.net/ https://postcodes.io https://pagead2.googlesyndication.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.google-analytics.com; font-src data: 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self' https://uploads-ssl.webflow.com; object-src 'self'; frame-ancestors none 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com  cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  cdn.jsdelivr.net unpkg.com player.vimeo.com www.vimeo.com f.vimeocdn.com static.userback.io www.google.com www.gstatic.com https://www.chipta.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com fonts.googleapis.com static.userback.io; img-src data: 'self' *.vimeocdn.com *.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.vimeo.com vimeo.com www.google.com https://iframeshop.chipta.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com https://static.userback.io; connect-src 'self' api.userback.io https://*.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 1
frame-ancestors rextheme.com; 1
urbanohio.com 1
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net *.youtube.com view.genial.ly view.genially.com *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
default-src "self"; img-src *; media-src * data:; 1
report-to 'self' ; child-src 'self'  'unsafe-inline' self; connect-src 'self'  'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self'  'unsafe-inline'  self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  'unsafe-inline'  self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  'unsafe-inline'  blob:; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-MbwqCHX1t4B4QYoJDYAos47ypoIeOR9K' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 1
default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';form-action 'self';report-uri /WebResource.axd?cspReport=true 1
upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1
default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru  http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data:  http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1
allow 'self' data: blob; 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com www.creativecomputerconsulting.ca *.tiktok.com *.ttwstatic.com;  1
allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com 1
default-src 'self' https://fg.cdn.mediactive-network.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://fg.cdn.mediactive-network.net https://*.hsforms.net https://*.youtube.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://fg.cdn.mediactive-network.net https://*.hsforms.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.hsforms.com https://www.youtube.com; img-src 'self' data: https://fg.cdn.mediactive-network.net https://*.hsforms.com; media-src 'self'; worker-src 'none'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
connect-src 'self' wss://*.upscope.io https://*.upscope.io https://sjmvgfnyja.execute-api.us-west-2.amazonaws.com https://mig-prod-connect-p-storg-bkt.s3.us-west-2.amazonaws.com https://d1lz30fckg5qs2.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://*.transport.connect.us-west-2.amazonaws.com https://analytics.google.com https://www.google.com https://www.google-analytics.com  https://google.com https://googleads.g.doubleclick.net https://forms.hscollectedforms.net  https://stats.g.doubleclick.net https://*.cloudfront.net https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.kemenpora.go.id *.responsivevoice.org *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.jquery.com *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com; style-src 'self' 'unsafe-inline' *.kemenpora.go.id *.googleapis.com *.responsivevoice.org *.google.com *.gstatic.com *.amazonaws.com *.bootstrapcdn.com *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com; img-src 'self' data: *.kemenpora.go.id *.responsivevoice.org *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.gravatar.com *.w.org *.creativecommons.org *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; font-src 'self' data: *.kemenpora.go.id *.gstatic.com *.bootstrapcdn.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; connect-src 'self' *.kemenpora.go.id *.googletagmanager.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; media-src 'self' *.kemenpora.go.id *.w.org *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; object-src 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.responsivevoice.org; child-src 'self' *.googletagmanager.com *.google.com pastebin.com *.videopress.com akismet.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; form-action 'self'; frame-ancestors 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; upgrade-insecure-requests; 1
default-src 'self';object-src 'none';script-src 'self' *.googleapis.com *.ip-api.com *.fullsteampay.net *.google.com *.gstatic.com *.gstatic.cn *.recaptcha.net 'nonce-sso' 'nonce-delayed';style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.fullsteampay.net *.google.com *.gstatic.com;img-src 'self' data: *.gstatic.com *.googleapis.com;font-src 'self' data: *.fontawesome.com *.gstatic.com;connect-src 'self' maps.googleapis.com;frame-src 'self' *.fullsteampay.net *.recaptcha.net *.google.com;frame-ancestors 'none';upgrade-insecure-requests; 1
frame-ancestors https://webvisor.com/; 1
frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1
allow 'self' www.google-analytics.com ajax.googleapis.com; 1
frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de https://analytics.tiktok.com https://umfrage.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-690bcf471f270b4885206de828b79194' 'nonce-5527922efa7742b9a6baf0e288105750' 'nonce-0a73e244ec783bb23fb71ae743baae7a' 'nonce-ce5646e480ebc93e70c04dfac3205fd8' 'nonce-c7c285a00167d085c11f18a14089e3b2' 'nonce-b30e10d6a6141e32693a960886ada39f' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.deutschlandsim.de https://umfrage.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-690bcf471f270b4885206de828b79194' 'nonce-5527922efa7742b9a6baf0e288105750' 'nonce-0a73e244ec783bb23fb71ae743baae7a' 'nonce-ce5646e480ebc93e70c04dfac3205fd8' 'nonce-c7c285a00167d085c11f18a14089e3b2' 'nonce-b30e10d6a6141e32693a960886ada39f' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com 1
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.fortinet.com/ https://www.wroclaw.pl/topbar/ https://hydropolis.pl/ https://maps.googleapis.com/ https://maps.gstatic.com/; img-src 'self' data: https://www.wroclaw.pl/topbar/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/; object-src 'self' data: https://www.wroclaw.pl/topbar/ https://maps.google.com/; frame-src 'self' data: https://www.wroclaw.pl/topbar/ https://maps.google.com/; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouser.com *.google-analytics.com *.google.com *.hubapi.com *.youtube.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.crazyegg.com *.jquery.com https://js.hs-scripts.com https://api.ipify.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://googleads.g.doubleclick.net https://snap.licdn.com https://ajax.googleapis.com https://js.hsforms.net/ https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com https://js.zi-scripts.com  https://*.zoominfo.com blob: https://js.adsrvr.org https://tags.clickagy.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://px.ads.linkedin.com https://track.hubspot.com data:; img-src 'self' https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://track.hubspot.com data: https://microstrainstg.prod.acquia-sites.com https://www.microstrain.com *.ads.linkedin.com https://js.hsforms.net https://forms-na1.hsforms.com https://forms.hsforms.com/ https://*.ads.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.ca https://perf-na1.hsforms.com https://*.clickagy.com https://pixel-sync.sitescout.com https://*.doubleclick.net https://*.agkn.com https://us-u.openx.net https://idsync.rlcdn.com https://dpm.demdex.net; frame-src https://www.youtube.com https://www.googletagmanager.com https://forms.hsforms.com/ https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com https://static.addtoany.com https://insight.adsrvr.org  https://*.clickagy.com https://match.adsrvr.org; frame-ancestors self https://www.google.com; font-src *.gstatic.com 'self' https://themes.googleusercontent.com; connect-src 'self' https://www.youtube.com https://ipapi.co https://microstrainstg.prod.acquia-sites.com https://api.mouser.com https://api.hubapi.com https://px.ads.linkedin.com https://forms.hubspot.com https://analytics.google.com https://code.jquery.com  *.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://maps.googleapis.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://google.com https://adservice.google.com https://cta-service-cms2.hubspot.com https://js.zi-scripts.com https://*.zoominfo.com https://*.clickagy.com http://*.hubspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; report-uri https://stats.uno.uk/ruri/r/d/csp/enforce 1
connect-src 'self'  'unsafe-inline'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.mouseflow.com *.linkedin.com *.hsforms.com *.hubspot.com *.hubapi.com *.hs-analytics.net *.hscollectedforms.net *.calconic.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; font-src 'self'  'unsafe-inline'  data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com ; frame-src 'self'  'unsafe-inline' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.vimeo.com td.doubleclick.net *.stripe.com *.hs-sites.com *.gartner.com *.termly.io facebook.com https://datainsights-cdn.dm.aws.gartner.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; img-src 'self'  'unsafe-inline' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.irssolutions.com irssolutions.com *.linkedin.com www.facebook.com *.reddit.com *.hsforms.com *.hubspot.com *.hsappstatic.net *.doubleclick.net  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self'  s.w.org; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net https://cdn.mouseflow.com https://ipinfo.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' cdn.jsdelivr.net cdn.mouseflow.com *.licdn.com *.hs-scripts.com *.facebook.net *.redditstatic.com *.hsforms.net *.hscollectedforms.net *.hubspot.com *.hs-analytics.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.stripe.com https://cdnjs.cloudflare.com *.calconic.com *.googleadservices.com *.vimeo.com *.termly.io https://ipinfo.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; style-src 'self'  'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr  'unsafe-inline' ; worker-src 'self'  blob:; 1
default-src 'self' data: api.mapbox.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval'             listerhill.ddev.site 			js.hs-scripts.com 			js.hsforms.net             js.hsadspixel.net             js.hs-analytics.net             js.hs-banner.com             a.opmnstr.com             *.hotjar.com             *.salemove.com             *.glia.com             redbook.listerhill.com             connect.facebook.net             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google.com             seal.digicert.com             *.typeform.com             *.newtonsoftware.com             *.google-analytics.com 			*.analytics.google.com             *.googletagmanager.com             *.stripe.com             ssl.gstatic.com             *.omappapi.com 			snap.licdn.com 			*.buzzsprout.com             *.banzai.org             banzai.org             cdn.tailwindcss.com             unpkg.com 			polyfill.io;         object-src 'self' data:;         style-src 'self' data: 'unsafe-inline'             listerhill.ddev.site 			a.omappapi.com 			www.gstatic.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             *.groovecar.com             *.salemove.com             *.glia.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.banzai.org             banzai.org;         img-src 'self' data: 			forms.hsforms.com 			forms-na1.hsforms.com 		    *.craft-cdn.com             www.facebook.com             *.googletagmanager.com             maps.gstatic.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google.com             seal.digicert.com             i.ytimg.com             i.vimeocdn.com             *.mapbox.com             *.doubleclick.net             *.google.com             *.google-analytics.com 			*.analytics.google.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			px.ads.linkedin.com 			www.linkedin.com 			p.adsymptotic.com 			track.hubspot.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         media-src 'self' data: 			vimeo.com             youtube.com             *.youtube.com             vimeocdn.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         frame-src data:             *.hotjar.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             listerhill.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             *.stripe.com             ssl.gstatic.com             *.omappapi.com             *.vimeo.com             youtube.com             *.youtube.com             newton.newtonsoftware.com 			*.buzzsprout.com             *.typeform.com             *.salemove.com             zlcuma.secure.fundsxpress.com             banking.apiture.com             zlcuma.banking.apiture.com;             font-src 'self' data:             *.salemove.com             *.glia.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             fonts.gstatic.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             learnbanzai.com             *.banzai.org             banzai.org             *.googleapis.com;         connect-src 'self' wss:            listerhill.ddev.site 			analytics.google.com 			forms.hsforms.com 			hubspot-forms-static-embed.s3.amazonaws.com 			*.craftcms.com             *.salemove.com             *.glia.com             *.twilio.com             vc.hotjar.io             api.opmnstr.com             ssl.gstatic.com             *.omappapi.com             *.hotjar.com             *.google-analytics.com 			*.analytics.google.com             stats.g.doubleclick.net 			api.hubapi.com 			api.craftcms.com 			translate.googleapis.com             maps.googleapis.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://github.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://cosmetics.lk https://www.googletagmanager.com https://stats.wp.com https://www.paypalobjects.com https://s3.amazonaws.com https://*.stripe.com https://*.list-manage.com https://*.ggpht.com https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; img-src 'self' data: https://sw-themes.com https://www.paypalobjects.com https://cosmetics.lk https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/ https://www.gstatic.com/; 1
frame-ancestors 'self' *.intelligentcontacts.net; 1
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1
frame-ancestors DENY 1
frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fcmanrique.org https://*.fcmanrique.org https://maps.googleapis.co https://*.fontawesome.com https://*.google.com https://code.jquery.com https://*.gstatic.com/ https://pagead2.googlesyndication.com/ blob:; img-src 'self' data: blob: https://fcmanrique.org https://*.fcmanrique.org blob: https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.comlh6.ggpht.com https://cbk0.googleapis.com https://cbks0.googleapis.com https://khm0.googleapis.com https://khm1.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com; object-src 'self' data: blob: https://www.google.com; frame-src 'self' data: blob: https://www.google.com; 1
frame-src * 1
default-src 'self'; img-src 'self$ 1
default-src 'self'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org; img-src * data:; connect-src https://cdn.cookielaw.org https://privacyportal.onetrust.com; report-uri https://www.lexistracker.co.za/core/csp/report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
frame-ancestors 'self' *.giornaledellalibreria.it ; 1
default-src 'self' 'unsafe-inline' wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* ;style-src * 'unsafe-inline'  https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:*; 1
default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com  *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1
allow *; options inline-script eval-script; 1
upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba; 1
default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.timify.com https://*.timify.com/; img-src 'self' data: https://*.timify.com https://*.timify.com/; object-src 'self' data: https://*.timify.com https://*.timify.com/; frame-src 'self' data: https://*.timify.com https://*.timify.com/; 1
default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-_tqDRaWuSjDKRa9JB6AFgA'; style-src 'self' https://apis.google.com/* 'nonce-_tqDRaWuSjDKRa9JB6AFgA'; img-src * data: 1
frame-ancestors https://pannonkincstar.hu 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' sarthac.gov.in 10.3.0.45 127.0.0.1 localhost www.google.com www.youtube.com 10.244.91.80 172.25.142.93 sarthac.wb.gov.in ; 1
default-src 'self'; img-src ; media-src data:; 1
base-uri 'self'; child-src 'self' gap:; frame-src 'self' gap:; connect-src 'self'; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ZmKoabo1gazYltypKxsegKeOXkRS6m%2FJ8p687kItnRIH3k20WemZ5Y3NSXD21xVrSCHP5VnF3dgouezzoiB1oQ%3D%3D; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com; font-src 'self'; frame-src *.tradetracker.net; img-src 'self' data: unpkg.com api.mapbox.com code.jquery.com *.buienradar.nl *.datatables.net *.google-analytics.com *.tradetracker.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com cdn.ckeditor.com code.jquery.com *.datatables.net *.fontawesome.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' code.jquery.com unpkg.com *.datatables.net *.tradetracker.net; upgrade-insecure-requests 1
default-src 'self'; script-src https://*.google-analytics.com https://*.googletagmanager.com https://gdd.aks.santanderbr.dev.corp https://gdd.aks.santanderbr.pre.corp https://gdd.aks.santanderbr.corp 'self' blob:; img-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br https://stats.g.doubleclick.net 'self' blob: data:; style-src 'self' 'unsafe-inline';child-src 'self'; frame-src 'self'; connect-src 'self' https://*.azure.paas.santanderbr.dev.corp https://*.azure.paas.santanderbr.pre.corp https://*.santanderbr.dev.corp https://*.santanderbr.pre.corp https://*.santander.com.br https://*.api.santanderbr.dev.corp https://*.api.santanderbr.pre.corp https://*.api.santanderbr.corp https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br data:; object-src 'self' blob: data:; media-src 'self' blob:; worker-src 'self'; frame-ancestors 'none'; 1
frame-ancestors https://*.innovatrics.com 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; worker-src 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1
* 1
default-src  'self' data:;font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz;object-src  'self' 1
frame-ancestors 'self' p.isdgroup.com 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com  *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; connect-src 'self' *.commerce-connector.com https://privacyportal-de.onetrust.com https://www.google.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1
default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.powerbi.com 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://static.b4healthonline.com https://static2.b4healthonline.com https://b4-wus2-powerbi-funcapp-p01.azurewebsites.net https://app.powerbi.com  1
default-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.be https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://*.youtube.be https://*.youtube.com https://*.vimeo.com https://*.snapchat.com https://*.spotify.com https://*.instagram.com; block-all-mixed-content; font-src data: 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.be https://placeholder.inventis.be https://*.ytimg.com https://img.youtube.com/ https://i.vimeocdn.com/ https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.scdn.co https://*.youtube.com https://*.snapchat.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.ytimg.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.vimeo.com 'nonce-B2cPE2yUtIj4joMWRreX6g=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://*.google.com  https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://stats.g.doubleclick.net https://snap.licdn.com https://*.linkedin.com https://*.clarity.ms; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com; font-src 'self' https://pro.fontawesome.com; frame-src https://www.facebook.com https://www.google.com https://www.youtube.com; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://www.google-analytics.com/ https://*.google.com/ https://www.google.co.za https://www.facebook.com https://snap.licdn.com https://*.linkedin.com https://www.google.es; 1
default-src 'self'; img-src 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.paypalobjects.com/ https://gstatic.com/ https://www.gstatic.com https://maps.google.com/ https://www.google.com/maps/ https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api2/; img-src 'self' data: https://www.paypalobjects.com/ https://secure.gravatar.com/avatar/ https://www.google-analytics.com/*; object-src 'self' data: https://*.paypal.com/ https://maps.google.com/ https://www.google.com/maps/ https://www.google.com/recaptcha/api2/; frame-src 'self' data: https://*.paypal.com/ https://maps.google.com/ https://www.google.com/maps/ https://www.google.com/recaptcha/api2/; 1
base-uri 'self'; child-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; frame-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; connect-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au analytics.google.com; default-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: * blob:; script-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com dev.visualwebsiteoptimizer.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; frame-ancestors 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=pOSMFEs1L4jY9BHA%2Bm97uwOLGFfQ0%2BlWmW438WUNZI30lFUWx67LP51wxvZcNwt6D72oCJcF7HLEqCLBDmswZA%3D%3D; 1
default-src 'self' www.googletagmanager.com fonts.gstatic.com www.google-analytics.com *.microad.jp *.twitter.com www.facebook.com dmp.im-apps.net www.googleadservices.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net audiencedata.im-apps.net; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.microad.jp www.google-analytics.com *.twitter.com dmp.im-apps.net www.googleadservices.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net audiencedata.im-apps.net; img-src 'self' data: acerjapan.com *.microad.jp www.google-analytics.com *.twitter.com *.google.co.jp *.google.com; 1
base-uri 'none'; default-src 'self'; child-src https://www.youtube.com https://heyzine.com https://*.heyzine.com  https://*.google.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com  https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src 'self' https://*.seznam.cz https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com https://*.gstatic.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com  https://*.gstatic.com  https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1