Values for x-content-security-policy:
155
allow 'self'; 111
frame-ancestors 'self' 49
default-src 'self'; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 34
default-src 'self' 29
report-uri /report-csp-violation 20
upgrade-insecure-requests 17
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 12
default-src 'self'; script-src 'self' 'unsafe-inline' 12
frame-ancestors 'none' 11
report-uri //report-csp-violation 11
report-uri /report-csp-violation; upgrade-insecure-requests 8
frame-ancestors https://*.marketo.com 8
allow 'self' 8
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 8
default-src 'self' 'unsafe-inline' 8
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us 7
default-src 'self'; 7
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 6
default-src 'self'; base-uri 'self'; 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 6
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://*.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 6
frame-ancestors 'self' https://*.adventhealth.com 6
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 6
default-src 'self'; script-src 'self'; 6
frame-ancestors 'self' ; 5
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 5
frame-ancestors 'self'; report-uri //report-csp-violation 5
referrer origin 5
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 5
frame-ancestors 'self'; 5
frame-ancestors 'self' weleda.sabio.de 5
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 5
upgrade-insecure-requests; 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
base-uri 'self'; frame-ancestors 'self' 4
frame-ancestors https://*.ptc.com https://tenantname.seismic.com 4
frame-ancestors https://*.canalplus.com https://*.cnews.fr 4
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 4
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl *.google-analytics.com;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl;object-src 'self' cdn-vsh.prague.eu 4
default-src 'self'; connect-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; font-src 'self' http://script.hotjar.com https://script.hotjar.com; frame-src https://vars.hotjar.com; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com *.hotjar.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 4
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 4
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 4
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://js.hs-banner.com https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3
script-src 'self' 3
frame-ancestors 'self' tvn24.pl *.tvn24.pl 3
connect-src * 'self' 3
block-all-mixed-content 3
default-src 'self'; img-src 'self' data: ; 3
frame-ancestors 'self' https://*.head.com https://*.head-test.com https://head.testing-varnish.symmetrics.de https://*.mares.com https://*.mares-test.com https://*.tyrolia.com https://*.tyrolia-test.com https://*.divessi.com https://*.divessi-test.com https://*.fischersports.com https://*.zoggs.com https://*.zoggs-test.com 3
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 3
default-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/; img-src 'self' data: * ssl.gstatic.com/; frame-src 'self' *.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net *.hotjar.com *.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org *.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.addthis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com; font-src 'self' *.typekit.net fonts.gstatic.com *.hotjar.com data:; media-src 'self' data: blob: embedwistia-a.akamaihd.net *.podbean.com 3
frame-ancestors 'self' https://shopproxy.p-s-s.de 3
default-src 'self'; \
	script-src 'self' https://ssl.google-analytics.com; \
	img-src 'self' https://ssl.google-analytics.com 3
default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl www.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl celebrus.fbto.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com www.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl www.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content; 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
frame-ancestors 'self' http://customer--hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 3
allow 'self'; media-src *; img-src *; script-src *; style-src *; 3
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 3
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com apollo.investopedia.com apollo.local.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellhealth.com *.qa.aws.verywellhealth.com apollo.verywellhealth.com apollo.local.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 2
frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfit.com *.qa.aws.verywellfit.com apollo.verywellfit.com apollo.local.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.brides.com *.qa.aws.brides.com apollo.brides.com apollo.local.brides.com atlas.brides.com atlas.local.brides.com 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2
frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com *.ariba.com 2
frame-ancestors www.red-gate.com; 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report 2
default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 2
frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 2
default-src 'self' https://*.tv1.eu http://*.tv1.eu 2
nosniff 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.typekit.net *.mycreditunion.gov *.silvercloudinc.com *.mpeasylink.com; img-src 'self' data: *.mycreditunion.gov *.google-analytics.com *.typekit.net *.amazonaws.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self' s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.silvercloudinc.com; connect-src 'self' performance.typekit.net *.google-analytics.com; frame-src 'self' *.youtube.com *.mpeasylink.com 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' jobs.b-ite.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 2
frame-ancestors https://*.dondominio.com/ https://*.mrdomain.com; 2
script-src  'self' 'unsafe-inline' 'unsafe-eval' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
frame-ancestors *.windstream.net 2
frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 2
child-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://heapanalytics.com https://maps.googleapis.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com wss://*.hotjar.com https://*.cambridgesavings.com; default-src 'self' https://*.sigfig.com https://*.cambridgesavings.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com https://*.cambridgesavings.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com https://*.cambridgesavings.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com https://*.cambridgesavings.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com https://*.cambridgesavings.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com https://*.cambridgesavings.com; 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com  *.linkedin.com *.cvent.com  *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com  *.linkedin.com *.google-analytics.com *.googleapis.com  *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com  *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net  *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com  *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com  *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval'  *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
frame-ancestors https://www.karl.com/ https://www.karl.com/ http://www.optimizely.com https://www.optimizely.com; 2
policy-uri /'self' 2
default-src 'self'; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com bam.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  *.prod.acquia-sites.com *.appliedmaterials.com:* data:; frame-src 'self' www.google.com www.youtube.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net data:; connect-src 'self' www.google-analytics.com bam.nr-data.net stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; font-src * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-inline'; style-src 'self' 'unsafe-inline' frame-src https://*.youtube.com/ https://*.oxy.com  https://*.youtube-nocookie.com http://*.corporate-ir.net https://occidentalpetroleum.gcs-web.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 2
frame-ancestors 'self' localhost:* *.tason.com 2
frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://wordpress-54524-1231354.cloudwaysapps.com; 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 2
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2
frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 2
frame-ancestors 'self' https://www.bharatpetroleum.com https://*.bpcl.in 2
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com; img-src * blob: data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com c.contentsquare.net *.abtasty.com *.contentsquare.net *.app.khoros.com *.smooch.io; report-uri /admin/config/system/seckit/csp-report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 2
prefetch-src *.metartnetwork.com; default-src 'self' blob: *.metartnetwork.com; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metartnetwork.com *.metart.network *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 2
img-src 'self'; 2
script-src * 'unsafe-inline' 'unsafe-eval' 2
child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; 2
default-src 'self' script-src 'self' google-analytics.com 2
default-src 'unsafe-inline'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2
frame-ancestors http://* 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ *.blogspot.com; 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ;  2
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com apollo.mydomaine.com apollo.local.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
script-src 'self'; 2
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src 'self' data: *; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 2
parent-src none 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 2
child-src 'self' blob:; connect-src 'self' https://cdn.polyfill.io facebook.com google-analytics.com cdn.islandsbanki.is https://640islandsbanki.boost.ai; default-src 'self'; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io t.co; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://cdn.islandsbanki.is/; object-src 'none'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.prismic.io maps.googleapis.com https://www.google.com https://www.youtube.com https://s.ytimg.com https://640islandsbanki.boost.ai https://www.gstatic.com https://siteimproveanalytics.com https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-eval' https://fill.dropandsign.is https://*.infogram.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com https://fill.dropandsign.is; frame-src https://*.islandsbanki.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://fill.dropandsign.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com https://isb-website.prismic.io/; worker-src 'self' blob: 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self' *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.youtube.com *.progress.ie 46.137.108.103 *.onlinebanking.progress.ie *.onlinebankingws.progress.ie 2
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it  mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
default-src 'self' https://www.bam.eu01.nr-data.net edge.api.brightcove.com viz.tools.investis.com *.brightcove.com *.jsdelivr.net www.facebook.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net stats.g.doubleclick.net https://brightcove.hs.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net cdn.rawgit.com cdnjs.cloudflare.com https://www.bam.eu01.nr-data.net ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com boards.greenhouse.io https://js-agent.newrelic.com https://bam.eu01.nr-data.net  https://www.youtube.com https://s.ytimg.com tagmanager.google.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net greenhouse-integration-demo.herokuapp.com tagmanager.google.com; img-src 'self' 'unsafe-inline' *; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com boards.greenhouse.io www.ocado.com www.youtube.com jobsfeed.ocado.com https://players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' https://www.bam.eu01.nr-data.net https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://edge.api.brightcove.com https://viz.tools.investis.com https://stats.g.doubleclick.net https://www.facebook.com 2
script-src 'self'; object-src 'self' 2
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org *.crazyegg.com; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/  https://service.bzga.de/ 2
default-src 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 2
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 2
default-src 'self' 'unsafe-inline'; 2
upgrade-insecure-requests; form-action: http://go.aclara.com/*; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thoughtco.com *.qa.aws.thoughtco.com apollo.thoughtco.com apollo.local.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1
allow 'self' 'self' https://lastpass.com wss://*.lastpass.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com ; img-src 'self' https://lastpass.com data: https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com https://a.company-target.com/ https://www07.clicktale.net/; object-src 'self' http://*.googlevideo.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; frame-src 'self' https://ssl.gstatic.com https://www.google.com https://www.youtube.com https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com; options inline-script eval-script; worker-src https://*.lastpass.com blob: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.treehugger.com *.qa.aws.treehugger.com apollo.treehugger.com apollo.local.treehugger.com atlas.treehugger.com atlas.local.treehugger.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancecareers.com *.qa.aws.thebalancecareers.com apollo.thebalancecareers.com apollo.local.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellmind.com *.qa.aws.verywellmind.com apollo.verywellmind.com apollo.local.verywellmind.com atlas.verywellmind.com atlas.local.verywellmind.com https://specials.verywellmind.com 1
policy-uri /parivahan//'self' 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com *.servenobid.com sdk.streamrail.com api.vidiom.net *.streamrail.net *.spotxchange.com *.advertising.com *.yieldoptimizer.com *.doubleclick.net *.buysellads.net *.1rx.io *.rtb-seller.com catchjs.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com *.hwcdn.net *.acuityplatform.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.tripsavvy.com *.qa.aws.tripsavvy.com apollo.tripsavvy.com apollo.local.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.liveabout.com *.qa.aws.liveabout.com apollo.liveabout.com apollo.local.liveabout.com atlas.liveabout.com atlas.local.liveabout.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de blob: data:; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors rki-editor.preview.gsb.intranet.bund.de piwik.itzbund.de *.facebook.com 1
frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfamily.com *.qa.aws.verywellfamily.com apollo.verywellfamily.com apollo.local.verywellfamily.com atlas.verywellfamily.com atlas.local.verywellfamily.com https://specials.verywellfamily.com 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.euro-area-statistics.org *.ims-cms.net data: ; 1
default-src https:; script-src https:  'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src https: data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://www.maisonmargiela.com/ https://www.maisonmargiela.com/ ; 1
default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
img-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: www.booking.com *.holland.com *.bstatic.com *.mailplus.nl *.videodelivery.net *.cloudflarestream.com wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: cdn.blueconic.net *.holland.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com *.google-analytics.com www.booking.com *.crowdriff.com *.bstatic.com; img-src 'self' data: blob: *.leisure-group.net *.holland.com *.bstatic.com *.cloudfront.net *.google-analytics.com tag.yieldoptimizer.com www.googletagmanager.com img.youtube.com secure.adnxs.com *.doubleclick.net *.facebook.com idsync.ricdn.com *.blueconic.com *.twimg.com *.twitter.com script.hotjar.com *.blueconic.net *.videodelivery.net *.google.com *.google.nl; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucepets.com *.qa.aws.thesprucepets.com apollo.thesprucepets.com apollo.local.thesprucepets.com atlas.thesprucepets.com atlas.local.thesprucepets.com 1
frame-ancestors https://www.tableau.com https://staging-tfs.tsi.lan https://tfs.tsi.lan https://dev-tfs.tsi.lan https://buy.tableau.com https://s27-events-ui-staging.azurewebsites.net https://events1.social27.com https://prerelease.tableau.com 1
frame-ancestors *.stc.com.sa; 1
default-src 'self' static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob: *.avm.de;frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com 1
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 1
frame-src *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://c.go-mpulse.net https://www.googletagmanager.com https://www.facebook.com/ *.akstat.io/ https://s.go-mpulse.net https://www.google-analytics.com https://connect.facebook.net https://cl.qualaroo.com https://stats.g.doubleclick.net https://www.google.com cl.qualaroo.com https://dntcl.qualaroo.com https://www.google.co.uk https://w.sharethis.com https://cdn.ckeditor.com https://c.go-mpulse.net http://w.sharethis.com  *.hotjar.com https://vjs.zencdn.net *.viddler.com https://www.google.ie ; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.googleapis.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.saarland.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.openlayers.org openlayers.org *.openstreetmap.org; worker-src 'self'; frame-ancestors 'self'; 1
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1
self *.24hourfitness.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalanceeveryday.com *.qa.aws.thebalanceeveryday.com apollo.thebalanceeveryday.com apollo.local.thebalanceeveryday.com atlas.thebalanceeveryday.com atlas.local.thebalanceeveryday.com 1
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/api.js https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com cache.bureauveritas.com pr.globenewswire.com www.globenewswire.com https://www.google.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1
frame-ancestors https://www.armaniexchange.com/ https://www.armaniexchange.com/ ; 1
script-src 'self' cs.money dev.csgo.trade gleam.io www.am4charts.com translate.google.com translate.googleapis.com www.googletagmanager.com www.googleoptimize.com www.google-analytics.com connect.facebook.net https://vk.com 'unsafe-inline' top-fwz1.mail.ru 'unsafe-eval' api.usersnap.com cdn.usersnap.com cs.money mc.yandex.ru diffuser-cdn.app-us1.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net api.basisid.com https://cdn.amplitude.com sc-static.net support.cs.money embed-sandbox.bridgerpay.com embed.bridgerpay.com cs.money; worker-src 'self' data: blob: cs.money; object-src cs.money dota.money; media-src cs.money dota.money; frame-src cs.money dota.money onesignal.com https://*.com https://*.ru https://*.ua http://www.youtube.com 1
frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat2.nic.cz https://test-ipv6.nic.cz https://*.test-ipv6.nic.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.test-ipv6.nic.cz https://*.labs.nic.cz https://widget.nic.cz https://ipv4-widget.nic.cz https://ipv6-widget.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://csp.nic.cz/report/ 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org https://360.articulate.com https://articulateusercontent.com https://sj-cdn.net 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com  https://translate.google.com https://cdn.syndication.twimg.com/ https://docs.google.com https://www.jobapscloud.com https://api.uptimerobot.com https://bam.nr-data.net ; script-src  'self' 'unsafe-eval' 'unsafe-inline' https://maps.floridadisaster.org https://*.windows.net https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net  https://translate.google.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.surveymonkey.com https://polyfill.io; style-src 'unsafe-inline' *; img-src 'self' data: https: https://*.google-analytics.com http://www.tampagov.net; frame-src 'self' https://*.tampagov.net https://www.youtube.com https://*.google.com https://spark.adobe.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://*.vimeo.com/ https://app.powerbigov.us/; child-src 'self' https://*.tampagov.net https://www.youtube.com https://*.google.com https://spark.adobe.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com; font-src 'self' data: https: ; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1
default-src c.wgr.de 'self'; script-src c.wgr.de https://track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de https://track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://secure.schulbuchzentrum-online.de https://track.westermann.de http://www.econda-monitor.de 'self'; report-uri /backend/csp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de; frame-ancestors 'self' https://analytics.spd.de; default-src 'self'; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de; connect-src 'self' https://altruja.de https://dataservices.spd.de; object-src 'self' data:; media-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://lh3.googleusercontent.com https://dc.services.visualstudio.com https://dl.episerver.net/ https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://rum-static.pingdom.net http://rum-static.pingdom.net https://8316073.fls.doubleclick.net https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://js.hs-scripts.com https://js.hs-analytics.net http://js.hs-analytics.net https://snap.licdn.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://static.ads-twitter.com http://static.ads-twitter.com https://analytics.twitter.com https://az416426.vo.msecnd.net https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://cdn.cookielaw.org https://js.hsforms.net https://forms.hsforms.com https://js.hsleadflows.net/leadflows.js https://*.onetrust.com https://cdn.cookielaw.org https://js.hs-banner.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://maps.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.google.com https://apis.google.com https://crcchat.umpquabank.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://lh3.googleusercontent.com https://dc.services.visualstudio.com https://crcchat.umpquabank.com https://dl.episerver.net/ https://js.hs-scripts.com https://js.hs-analytics.net https://d.impactradius-event.com https://umpqua-bank.sjv.io https://cdn-akamai.mookie1.com https://us-gmtdmp.mookie1.com https://x2.mookie1.com https://t.mookie1.com https://tags.tiqcdn.com https://adnxs.com https://pxl.jivox.com https://snap.licdn.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://static.ads-twitter.com https://analytics.twitter.com https://az416426.vo.msecnd.net https://static.hotjar.com https://connect.facebook.net https://bat.bing.com https://cdn.cookielaw.org https://8316073.fls.doubleclick.net https://js.hsforms.net https://forms.hsforms.com https://js.hs-banner.com https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' 'unsafe-inline' https://www.gstatic.com https://lh3.googleusercontent.com https://dc.services.visualstudio.com https://crcchat.umpquabank.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://stats.g.doubleclick.net https://bat.bing.com https://px.ads.linkedin.com https://track.hubspot.com https://forms.hubspot.com https://p.adsymptotic.com https://gateway.zscalerthree.net https://cdn.cookielaw.org/ https://pages.umpquabank.com https://www.googletagmanager.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' https://www.gstatic.com https://lh3.googleusercontent.com https://dc.services.visualstudio.com https://crcchat.umpquabank.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://cdn.cookielaw.org https://forms.hubspot.com https://forms.hsforms.com http://rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' https://www.theroishop.com https://www.gstatic.com https://lh3.googleusercontent.com https://dc.services.visualstudio.com https://forms.hsforms.com https://crcchat.umpquabank.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bid.g.doubleclick.net https://player.megaphone.fm/ http://9395210.fls.doubleclick.net https://platform.mi.spglobal.com/ https://*.youtube.com https://*.onetrust.com https://cdn.cookielaw.org https://player.ooyala.com; font-src 'self' 'unsafe-inline' https://crcchat.umpquabank.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com data:; 1
default-src  'self';font-src  'self' fonts.gstatic.com;connect-src  'self';script-src  'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz www.google.com;form-action  'self';frame-src  'self' www.youtube.com www.facebook.com;child-src  'self' www.youtube.com www.facebook.com;frame-ancestors  'self';img-src  'self' data: blob: www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net;style-src  'self' 'unsafe-inline' fonts.googleapis.com;object-src  'self' 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net http://zoom.us zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension:; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi; img-src 'self' data: occhat.elisa.fi vero.piwik.pro master.boost.ai data.reactandshare.com; media-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro veroskatt.boost.ai vero.boost.ai cdn.reactandshare.com data.reactandshare.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi veroskatt.boost.ai vero.boost.ai networkmigri.boost.ai prh.boost.ai data.reactandshare.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.zionsbank.com https://*.zionsbank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.zionsbank.com https://*.zionsbank.com https://*.zionsbank.com https://*.cludo.com  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://googleads.g.doubleclick.net https://*.pages05.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.zionsbank.com https://*.zionsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self'; frame-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.zionsbank.com https://*.sndcdn.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content 1
allow 'self'; options inline-script; img-src 'self' data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.usercentrics.eu data: *.motel-one.com *.usercentrics.eu; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com; 1
default-src 'self'; img-src 'self'; style-src 'self'; 'unsafe-inline'; font-src 'self'; script-src 'self'; 'unsafe-inline';  connect-src 'self'; 1
default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.twyn.com https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://rest.visitlead.com https://stats.g.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://*.pagestrip.com https://pagestrip.com; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://www.podbean.com; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://i1.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://*.twyn.com https://app.visitlead.com https://cdn.twyn-group.com https://www.filmspektakel.at https://*.pagestrip.com; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://*.twyn.com https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://js.pagestrip.com https://browser-update.org https://unpkg.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://js.pagestrip.com; 1
default-src 'self'; connect-src 'self' www.google-analytics.com *.googlesyndication.com https://www.google-analytics.com; frame-src * 'unsafe-inline'; img-src 'self' floraassets.com *.florastatic.com www.google-analytics.com *.googlesyndication.com https://www.google-analytics.com data: https://cookie-cdn.cookiepro.com; media-src 'none'; object-src 'none'; script-src *.googlesyndication.com * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.browsealoud.com *; style-src 'self' 'unsafe-inline' https://plus.browsealoud.com https://fonts.googleapis.com *; child-src 'self' *; font-src 'self' https://fonts.gstatic.com data: *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src https://browsealoud-webservices-8.texthelp.com/ https://plus.browsealoud.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com/ *; media-src 'self' blob: https://*.speechstream.net; script-src-elem  'unsafe-inline' data: *; 1
child-src 'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com; report-uri /api/v1/csp_violation 1
frame-ancestors 'self' piwik.currence.nl; 1
default-src 'self' *.swp-berlin.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com  https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co https://rc.sageintacct.com https://js.driftt.com; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com https://www-w28.intacct.com https://www-p02.intacct.com https://www-p03.intacct.com https://www-p04.intacct.com https://beta.intacct.com https://www.intacct-adv.com https://www-w27.intacct.com https://www-p03-w028.intacct.com https://www-p02-w028.intacct.com https://www-p04-w028.intacct.com https://www-dr.intacct.com https://stg-hk.intacct.com https://dev45.intacct.com https://dev31.intacct.com https://dev24.intacct.com https://dev33.intacct.com; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' *.boost.ai *.episerver.net *.sits.no https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com'unsafe-inline'; connect-src 'self' https://*.boost.ai https://chat.puzzel.com wss:;form-action 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' data: www.google-analytics.com *.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://mts.googleapis.com https://dl.episerver.net *.sits.no; object-src 'self'; frame-ancestors 'self'; frame-src https: kompensasjonsordning.no *.kompensasjonsordning.no 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.aboutespanol.com *.qa.aws.aboutespanol.com apollo.aboutespanol.com apollo.local.aboutespanol.com atlas.aboutespanol.com atlas.local.aboutespanol.com 1
connect-src 'self' 1
frame-ancestors 'self' hhs.gov *.hhs.gov 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com  https://*.surveymonkey.com https://walls.io   https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com; 1
default-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com https://www.ims-cms.net; script-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com https://www.ims-cms.net 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
frame-ancestors https://www.missoni.com/ https://www.missoni.com/ ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://www.google.com https://www.google-analytics.com/analytics.js data: https://www.youtube.com https://www.google-analytics.com https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://js-agent.newrelic.com https://ajax.cloudflare.com cdn.ckeditor.com https://unpkg.com https://maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data:  https://fonts.gstatic.com https: 1
allow *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: https://cbr.innocraft.cloud https://siteimproveanalytics.com/js/siteanalyze_6010289.js https://sentry.io https://view.publitas.com https://www.cbr.nl/* https://translate.googleapis.com https://translate.google.com https://cdn.innocraft.cloud/cbr.innocraft.cloud/container_s8SepUP4.js https://collect.mopinion.com/assets/surveys/2.0/js/survey.min.js?d=30032020; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/js/siteanalyze_6010289.js https://translate.googleapis.com https://translate.google.com https://cbr.innocraft.cloud https://view.publitas.com https://www.googletagmanager.com https://www.socialdesk-campagne.nl/partout/share/share.js https://deploy.mopinion.com/js/pastease.js https://www.youtube.com https://cdn.innocraft.cloud/cbr.innocraft.cloud/container_s8SepUP4.js https://collect.mopinion.com/assets/surveys/2.0/js/survey.min.js?d=30032020; script-src-attr 'self' 'unsafe-inline'; connect-src 'self' https: https://cbr.innocraft.cloud https://sentry.io https://geodata.nationaalgeoregister.nl https://faq.cbr.nl https://digid.nl https://translate.googleapis.com https://deploy.mopinion.com/js/pastease.js https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https: https://faq.cbr.nl https://view.publitas.com https://digid.nl https://mijn.digid.nl https://www.cbr.nl https://www.youtube.com; img-src 'self' data: blob: https: https://*.siteimprove.com https://cbr.innocraft.cloud https://geodata.nationaalgeoregister.nl https://*.global.siteimproveanalytics.io; manifest-src 'self' https: https://www.cbr.nl/rijbewijstips/manifest.json; media-src 'none'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; style-src-elem 'self' 'unsafe-inline' https: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,400i,700,900; style-src-attr 'self' 'unsafe-inline'; object-src 'self'; worker-src 'none'; frame-ancestors 'self'; base-uri https://www.cbr.nl https://faq.cbr.nl; block-all-mixed-content; referrer  none-when-downgrade; report-uri https://sentry.io/api/1238555/security/?sentry_key=a735f1c22981469d9668c1bdacbc155f&sentry_environment=production; 1
default-src 'none'; style-src 'self'; img-src 'self' images.ctfassets.net https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; media-src videos.ctfassets.net; frame-src https://www.google.com https://www.youtube.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sitescout.com *.pixel.ad *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.sharethis.com secure-ds.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com tribl.io static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com *.cloudflare.com *.linkedin.com bm.adentifi.com *.tremorhub.com *.agkn.com *.advertising.com *.intentiq.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.doubleclick.net *.spotxchange.com *.adnxs.com *.contextweb.com *.rubiconproject.com *.openx.net *.simpli.fi p.alcmpn.com pbid.pro-market.net sync.tidaltv.com *.reson8.com fei.pro-market.net jelly.mdhv.io thrtle.com in.xspadvertising.com *.addthis.com u.acuityplatform.com pixel.mathtag.com pt.ispot.tv *.rkdms.com *.dotomi.com dpm.demdex.net *.newrelic.com *.facebook.net *.licdn.com *.adsymptotic.com *.nr-data.net *.jquery.com *.bootstrapcdn.com *.pippio.com *.addthis.com; 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
 default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg blob: *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://dev-gpc-1.sg.va.sabio.cloud https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg; script-src blob: www.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; report-uri /csp-report 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' cdn.httparchive.org www.google-analytics.com use.fontawesome.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net lux.speedcurve.com 'nonce-s2ckYiIrW1JeEycMgG5e2w'; font-src 'self' fonts.gstatic.com; connect-src 'self' cdn.httparchive.org discuss.httparchive.org dev.to cdn.rawgit.com www.webpagetest.org www.google-analytics.com stats.g.doubleclick.net; img-src 'self' almanac.httparchive.org discuss.httparchive.org avatars.discourse.org www.google-analytics.com www.google.com s.g.doubleclick.net stats.g.doubleclick.net sjc3.discourse-cdn.com res.cloudinary.com 1
;frame-ancestors 'self' 1
connect-src * 'unsafe-inline' 'unsafe-eval'; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' blob: http: https: www.krebshilfe.de dkh-stage.dwprev.com; img-src 'self' blob: data: http: https: www.krebshilfe.de dkh-stage.dwprev.com; script-src  'self' 'unsafe-eval' 'unsafe-inline' blob: http: https: www.krebshilfe.de dkh-stage.dwprev.com; style-src 'self' 'unsafe-inline' http: https: www.krebshilfe.de dkh-stage.dwprev.com; font-src 'self' data: http: https: www.krebshilfe.de dkh-stage.dwprev.com; 1
frame-ancestors 'self' eon.de *.eon.de 1
frame-src *; 1
default-src 'self'; media-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com res.cloudinary.com; frame-ancestors 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com res.cloudinary.com *.richrelevance.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.pingdom.net *.facebook.com connect.facebook.net *.twitter.com *.google.com *.jobylon.com *.abtasty.com *.veinteractive.com www.nordicchoicehotels.com extads.net m.addthisedge.com m.addthis.com s7.addthis.com assets.juicer.io *.cloudfront.net track.adform.net *.fls.doubleclick.net nowinteract-nowinteractnordi.netdna-ssl.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io ve1storasstst.blob.core.windows.net *.zdassets.com cdnjs.cloudflare.com www.sj.se adtr.io *.hotjar.com 'unsafe-eval' quiz.millionmind.com snap.licdn.com px.ads.linkedin.com www.linkedin.com *.wisepops.com chimpstatic.com *.millionmind.com *.ebilobster.ai js.klarna.com; connect-src 'self' wss://*.coop.se:* wss://*.kf.local:*  emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.veinteractive.com *.abtasty.com ve1appseventssb.servicebus.windows.net apil1.spinnaker-js.com m.addthis.com s7.addthis.com www.juicer.io assets.juicer.io *.108proxy.se *.54proxy.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.facebook.com connect.facebook.net *.zdassets.com cdnjs.cloudflare.com *.richrelevance.com api.coop.se *.hotjar.com:* wss://*.hotjar.com track.adtraction.com popup.wisepops.com tracking.wisepops.com vc.hotjar.io eu.klarnaevt.com; style-src 'self' 'unsafe-inline' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.abtasty.com *.pingdom.net *.veinteractive.com assets.juicer.io tagmanager.google.com fonts.googleapis.com optimize.google.com *.easyresearch.se *.zendesk.com *.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.ebilobster.ai; img-src 'self' data: *.jobylon.com *.pingdom.net *.zendesk.com *.abtasty.com *.gstatic.com api.hitta.se scontent.cdninstagram.com www.google.com www.google.se *.google-analytics.com *.googletagmanager.com tagmanager.google.com res.cloudinary.com *.cloudfront.net *.facebook.com stats.g.doubleclick.net track.adform.net *.fls.doubleclick.net *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.googleapis.com assets.juicer.io scontent.cdninstagram.com *.hotjar.com *.ggpht.com track.adtraction.com drs2.veinteractive.com app.wisepops.com cx.atdmt.com eu.klarnaevt.com; font-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com static.juicer.io fonts.gstatic.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com *.hotjar.com; frame-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.veinteractive.com accounts.google.com optimize.google.com *.flysas.com app.ecoonline.com www.nordicchoicehotels.com recruit.visma.com www.recruit.visma.com www.aditrorecruit.com *.twitter.com www.youtube.com *.facebook.com c1.adform.net s7.addthis.com track.adform.net *.fls.doubleclick.net *.easyresearch.se *.abtasty.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io www.google.com ve1storasstst.blob.core.windows.net *.veinteractive.com *.zdassets.com cdnjs.cloudflare.com www.sj.se *.hotjar.com *.tradedoubler.com quiz.millionmind.com *.millionmind.com payment.medmera.se *.ebilobster.ai js.klarna.com; base-uri 'self' *.coop.se *.kf.local optimize.google.com; report-uri https://coop.report-uri.io/r/default/csp/enforce 1
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 1
frame-ancestors https://www.isabelmarant.com/ https://www.isabelmarant.com/ ; 1
frame-ancestors http://*.yahoosmallbusiness.com 1
frame-ancestors 'self' https://*.hapara.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com https://*.embedly.com https://*.cloudfront.net https://*.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.rackcdn.com http://*.rackcdn.com https://*.newrelic.com https://*.facebook.net https://*.addthis.com https://maps.google.com https://maps.gstatic.com https://*.googleapis.com https://*.openstreetmap.org https://*.virtualearth.net https://*.mozilla.org; style-src 'self' 'unsafe-inline' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://*.twitter.com https://*.embedly.com https://*.twitter.com https://*.facebook.com https://fonts.googleapis.com https://*.rackcdn.com http://*.rackcdn.com https://*.addthis.com https://*.openstreetmap.org https://*.virtualearth.net; img-src *; media-src *; frame-src *; connect-src *; object-src *; font-src 'self' data: https://*.typekit.com https://*.google.com https://themes.googleusercontent.com; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src *; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net yandex.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
default-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://d1bxh8uas1mnw7.cloudfront.net/assets/embed.js ; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.usclimatedata.com *.gstatic.com;font-src *.usclimatedata.com cdnjs.cloudflare.com data: 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; child-src pei-portal.rexx-systems.com piwik.itzbund.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.campoints.net https://*.visit-x.net http://*.visit-x.net *.google-analytics.com browser-update.org *.zopim.com https://*.getsentry.com https://*.disqus.com https://*.disquscdn.com https://*.bing.com https://*.googleadservices.com data: https://disqus.com https://*.wowza.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://static.zdassets.com https://trck.spoteffects.net; object-src 'self' *.vxcdn.org *.inethoster.org https://vjs.zencdn.net; style-src 'self' 'unsafe-inline' https://optimize.google.com fonts.googleapis.com https://*.disquscdn.com https://*.wowza.com https://*.google.com; img-src 'self' *.visit-x.net *.vxcdn.org *.inethoster.org *.campoints.net http://visitx.testunikat.com http://194.116.150.87/ https://*.maptilehoster.com *.google-analytics.com https://*.bing.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.google.ch https://*.google.at data: browser-update.org https://v2.zopim.com https://v2assets.zopim.io https://*.disquscdn.com https://*.disqus.com https://www.googletagmanager.com https://prod-railsapp.s3.amazonaws.com https://*.wowza.com https://*.gstatic.com https://trck.spoteffects.net; media-src 'self' *.vxcdn.org *.inethoster.org *.campoints.net stream.visit-x.tv blob: https://v2.zopim.com https://*.akamaihd.net https://bintu-h5live.nanocosmos.de; frame-src 'self' https://optimize.google.com https://*.visit-x.net http://*.visit-x.net *.campoints.net https://*.vxcdn.org https://*.inethoster.org https://*.youtube.com https://*.disqus.com https://disqus.com https://*.feedtures.com https://player.vimeo.com https://paytour.communipay.net; child-src 'self' https://*.visit-x.net http://*.visit-x.net *.campoints.net blob:; font-src 'self' *.visit-x.net fonts.gstatic.com data: https://*.zopim.com https://*.disquscdn.com; connect-src 'self' wss://websocket.campoints.net wss://*.farm1.campoints.net wss://*.farm1.campoints.net:443 *.campoints.net *.vxcdn.org https://*.visit-x.net https://*.visit-x.tv *.google-analytics.com wss://*.zopim.com https://*.getsentry.com https://*.akamaihd.net https://*.disqus.com https://*.wowza.com https://stream.vxcdn.org https://latencytimer.azurewebsites.net/api/HttpTriggerJS1 *.vx-services.net https://ekr.zdassets.com wss://bintu-h5live.nanocosmos.de; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de; connect-src 'self' tracking.netmind-cloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; child-src *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com; frame-ancestors 'self'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kcls.bibliocms.com *.kcls.bibliocms.com https://kcls.bibliocms.com kcls.bibliocms.com *.kcls.bibliocms.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de  www.juris.de 1
frame-ancestors 'self' *.charbroil.com 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-13030ca6cdb457230b0304d6d43090f8' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net; 1
frame-ancestors 'self' https://optimize.google.com/ https://forum.campsaver.com 1
default-src 'none'; child-src 'self' ez.no static.addtoany.com www.youtube.com; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com static.addtoany.com cdnjs.cloudflare.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' static.addtoany.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' blob: data: static.addtoany.com www.google-analytics.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; form-action 'self'; 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu font-src 'self' data:; 1
img-src https://* data: blob:; script-src https://* 'unsafe-eval' 'unsafe-inline'; frame-src https://*; report-uri /stats/csp-reports 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com;  1
default-src 'self'; script-src 'self' 'nonce-Bt8stHfemWCs5sAIt+zl8p+Z56ufr6PDx3j4sjp7bRM=' 'unsafe-inline' *.kc-wetgeving.nl *.internetconsultatie.nl *.becop.nl; connect-src 'self' 'nonce-Bt8stHfemWCs5sAIt+zl8p+Z56ufr6PDx3j4sjp7bRM=' 'unsafe-inline' *.kc-wetgeving.nl *.internetconsultatie.nl; img-src 'self' *.becop.nl; style-src 'self' 'nonce-Bt8stHfemWCs5sAIt+zl8p+Z56ufr6PDx3j4sjp7bRM=' 'unsafe-inline'; frame-src 'self' data: *.kc-wetgeving.nl *.internetconsultatie.nl *.becop.nl; frame-ancestors 'self'; 1
default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://rum-http-intake.logs.datadoghq.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://*.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com  https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.cookieinformation.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com https://*.akstat.io; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com/ https://*.salesforce.com/ https://*.force.com https://*.youku.com/; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.safmarine.com https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 1
default-src https://use.typekit.net 'self';script-src 'self' https://use.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://st.getsitecontrol.com https://widgets.getsitecontrol.com 'unsafe-eval' 'unsafe-inline';connect-src 'self';img-src 'self' https://ssl.gstatic.com https://www.gravatar.com https://www.google-analytics.com https://my.webhosting.be data: 'unsafe-inline';style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline';object-src 'none';font-src 'self' https://fonts.gstatic.com data:;frame-ancestors http://localhost:* https://localhost:* https://my.webhosting.be;sandbox allow-forms allow-same-origin allow-scripts allow-popups;base-uri 'self';upgrade-insecure-requests; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'self' https://mwlr.test:8080 https://uat.mwlr.msapp.co.nz https://prod.mwlr.msapp.co.nz https://www.landcareresearch.co.nz; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io data:; media-src https://www.youtube.com https://vimeo.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io 'sha384-YzQCrEgYx0YMHxd202bqWPvr081aHRPYRk490ivT+/i24ODjLtMfT/e0nhxcgRYf' 'sha384-vvKPa5NYU2LLIv6XV/vXPngBfMmq4ZlVrzv5zCKWQP5w7tHIpm5szXfnqt8JU8CM' 'nonce-Yjk0MjY3NWRmZmRkNzY1MTJjYmY3NWU3ZWFhNjlkYWZlMjA5NTQwYTMyZDBiMzM2OWVjOWNiMTllNjJhY2NkY2QzYjVhMDQ3ZjJiODJlNTQ1MDY3OTE4ODBlYTkzZDU4OTY2YzI5MTRiOTVkMWY2ZmVhY2Q4YTNkNzg0ZGIxM2U=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 1
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com https://www.elwitec.ch/ 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com *.googleapis.com *.gstatic.com www.google.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com platform.twitter.com *.twimg.com ifoa.precedenthost.co.uk *.actuaries.org.uk cdn.rawgit.com e.issuu.com www.youtube.com s.ytimg.com tagmanager.google.com khan.github.io squizlabs.github.io script.crazyegg.com *.eu-west-2.amazonaws.com s3.amazonaws.com  loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com d34l49dszxxnhj.cloudfront.net optimize.google.com optimize.google.com/* *.optimize.google.com pagead2.googlesyndication.com *.googlesyndication.com *.googletagservices.com adservice.google.co.uk adservice.google.com; object-src *.issuu.com flash.quantserve.com s3.amazonaws.com 'self' d34l49dszxxnhj.cloudfront.net *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/;; style-src 'self' 'unsafe-inline' *.googleapis.com platform.twitter.com *.actuaries.org.uk tagmanager.google.com squizlabs.github.io *.eu-west-2.amazonaws.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com svc.webspellchecker.net d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com ; img-src 'self' data: *.google-analytics.com www.googletagmanager.com maps.google.com *.gstatic.com *.googleapis.com rest.mollom.com rest-production.mollom.com bam.nr-data.net syndication.twitter.com platform.twitter.com *.twimg.com *.actuaries.org.uk live.sagepay.com *.doubleclick.net *.openathens.net squizlabs.github.io *.eu-west-2.amazonaws.com s3.amazonaws.com *.amazonaws.com svc.webspellchecker.net loader.webspellchecker.net  d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com *.google.com/ads/ga-audiences *.google.co.uk/ads/ga-audiences  *.googlesyndication.com; frame-src 'self' embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com *.loader.webspellchecker.net svc.webspellchecker.net optimize.google.com optimize.google.com/* *.optimize.google.com  embeds.audioboom.com googleads.g.doubleclick.net *.googlesyndication.com; font-src 'self' data: *.gstatic.com ifoa.precedenthost.co.uk *.actuaries.org.uk *.eu-west-2.amazonaws.com d34l49dszxxnhj.cloudfront.net; connect-src 'self' *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ pagead2.googlesyndication.com *.google-analytics.com *.doubleclick.net; report-uri //IFoA.report-uri.io/r/default/csp/enforce 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com assets.rockwerchter.be *.typekit.net;img-src 'self' data: *.gstatic.com maps.googleapis.com www.facebook.com scontent.cdninstagram.com pbs.twimg.com i.ytimg.com scontent.xx.fbcdn.net external.xx.fbcdn.net assets.rockwerchter.be *.google-analytics.com *.doubleclick.net *.betrad.com *.quantserve.com *.evidon.com rockwerchter.be *.x.bidswitch.net *.google.com *.google.be *.consensu.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com connect.facebook.net graph.facebook.com *.instagram.com js-agent.newrelic.com bam.nr-data.net assets.rockwerchter.be *.googletagmanager.com *.google-analytics.com *.evidon.com *.quantserve.com *.betrad.com *.quantcount.com tagmanager.google.com *.googleadservices.com *.doubleclick.net *.bh.contextweb.com www.google.com *.google.com *.google.com *.gstatic.com *.consensu.org;style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com assets.rockwerchter.be *.tagmanager.google.com tagmanager.google.com *.typekit.net *.typekit.net;report-uri /nelmio/csp/report;connect-src www.googleapis.com 'self' *.betrad.com *.google-analytics.com *.consensu.org;frame-src www.youtube.com www.vimeo.com staticxx.facebook.com www.facebook.com web.facebook.com www.google.com 'self' *.betrad.com *.evidon.com 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1
frame-ancestors https://*.omantel.om 1
default-src  'self';font-src  'self' data: fonts.gstatic.com;connect-src  'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.google-analytics.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.googleadservices.com *.glami.cz *.ebscohost.com *.facebook.net *.imedia.cz *.doubleclick.net *.gstatic.com;form-action  'self' *.facebook.com *.facebook.net;frame-src  'self' blob: www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com *.imedia.cz;worker-src  'self' blob: www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com *.imedia.cz;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.glami.cz *.fg.cz *.placeholder.com *.uhk.cz *.ebscohost.com *.facebook.com *.imedia.cz;style-src  'self' 'unsafe-inline' *.googleapis.com analytics.monkeytracker.cz *.google.com *.gstatic.com;object-src  'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data:*; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' http://*.amazonaws.com:* https://*.amazonaws.com:*; frame-src 'self' 'unsafe-inline' * blob:*; frame-ancestors 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' * blob:* blob:; font-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 1
default-src 'self' http: https: pages.addigy.com;frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http://sjrtp4-cdn.marketo.com http://munchkin.marketo.net http://sjrtp4-cdn.marketo.com http: https: pages.addigy.com;img-src 'self' data: https://app-dev.addigy.com https://app-prod.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com  http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob: 1
default-src=self 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://bat.bing.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com; img-src 'self' data: 'unsafe-inline' https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com beta-api.steemit.com beta-api-int.steemit.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org service.bzga.de piwik.bzga.de; style-src 'self' 'unsafe-inline' fast.fonts.net;img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de service.bzga.de; 1
default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://rum-http-intake.logs.datadoghq.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://c.go-mpulse.net https://s.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com  https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com https://*.adobedtm.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://www.rumiview.com https://twin-iq.kickfire.com https://tag.simpli.fi https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.cookieinformation.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com https://twin-iq.kickfire.com https://www.rumiview.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://*.doubleclick.net; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 1
form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://checkout.stripe.com https://www.paypal.com https://www.paypalobjects.com https://cdn.paddle.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'self' 1
default-src 'self' *.relay42.com vars.hotjar.com cba.nmrc.nl 6162542.fls.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.ampproject.org static.cloud.coveo.com *.doubleclick.net *.r42tag.com *.centraalbeheer.nl www.google-analytics.com *.facebook.net *.usabilla.com www.googleadservices.com googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com *.google.com *.svtrd.com onmarc.nl tags.nmrc.nl snap.licdn.com *.linkedin.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net *.relay42.com  js.hsleadflows.net js.usemessages.com surfly.com az416426.vo.msecnd.net *.klue.nl www.dwin1.com www.zenaps.com *.onmarc.nl centraalbeheer.speed-trap.nl maps.googleapis.com js.hs-banner.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com unpkg.com;img-src data: 'self' https://www.googletagmanager.com img.youtube.com *.svtrd.com www.google-analytics.com www.facebook.com *.doubleclick.net www.google.nl www.google.com adservice.google.nl d6tizftlrpuof.cloudfront.net centraalbeheer.speed-trap.nl *.usabilla.com *.svtrd.com n01d05.cumulus-cloud.com *.relay42.com bat.bing.com www.googleapis.com clients1.google.com track.hubspot.com cba.imgix.net *.onmarc.nl *.r42tag.com www.googletagmanager.com forms.hubspot.com optimize.google.com imp2.nowinteract.com www.awin1.com www.zenaps.com *.onmarc.nl server.arcgisonline.com *.centraalbeheer.nl www.independer.nl linkedin.com px.ads.linkedin.com maps.googleapis.com maps.gstatic.com adservice.google.com www.advieskeuze.nl;font-src 'self' fonts.gstatic.com script.hotjar.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.doubleclick.net *.facebook.net *.centraalbeheer.nl *.hubapi.com *.achmea.nl www.google-analytics.com bing.com t.svtrd.com dc.services.visualstudio.com surfly.com sentry.io api.hubspot.com forms.hubspot.com cba.imgix.net vc.hotjar.io api.usabilla.com geocode.arcgis.com formulier.centraalbeheer.nl atosi.nl maps.googleapis.com api.advieskeuze.nl api.hsforms.com calculations.figlo.com;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com *.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com imp2.nowinteract.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action * 'self' t.svtrd.com embeddedsts.dev.local *.achmea.nl;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1
default-src 'self' data: blob: *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.api.brightcove.com *.bcovlive.io *.sep.bcovlive.io *.zencdn.net *.boltdns.net *.truste.com *.llnw.net *.akafms.net *.akamaihd.net *.llnwd.net *.cloudfront.net *.media.brightcove.com *.adsymptotic.com bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.webspellchecker.net *.cetrk.com s3.amazonaws.com snap.licdn.com z.moatads.com dn1f1hmdujj40.cloudfront.net du4pg90j806ok.cloudfront.net browser-update.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.marketo.net *.marketo.com *.google.com *.webspellchecker.net *.typekit.net; frame-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com *.youtube.com *.wistia.net *.podbean.com; frame-ancestors 'self' *.guidewire.com; child-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; font-src * data:; connect-src 'self' *.mktoresp.com *.listenloop.com *.bugsnag.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.addthis.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.crazyegg.com *.webspellchecker.net *.llnwd.net *.akamaihd.net; report-uri /report-csp-violation 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
default-src 'self' api.openbank.es     api.stg.openbank.es api.qa.openbank.es;   script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com track.adform.net     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt     https://maps.googleapis.com simuladores-pre.afi.es simuladores.afi.es     *.nr-data.net https://browseranalytic.com https://www.google.com     *.gstatic.com https://tags.tiqcdn.com *.google-analytics.com *.tealiumiq.com     https://tealium.hs.llnwd.net https://*.g.doubleclick.net  *.amazonaws.com     *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net     *.ytimg.com api-ob.nd.nudatasecurity.com     *.googletagmanager.com *.we-stats.com static.browseranalytic.com     optimize.google.com bat.bing.com blob:;   style-src 'self' 'unsafe-inline' optimize.google.com     https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt     api-ob.nd.nudatasecurity.com https://maxcdn.bootstrapcdn.com;   img-src 'self' *.idealista.com px.ads.linkedin.com track.adform.net     www.financeads.net t.teads.tv data: 'unsafe-inline' *.amazonaws.com     *.googletagmanager.com https://maps.googleapis.com *.gstatic.com     data: *.google-analytics.com *.doubleclick.net *.openbank.es     *.openbank.de *.openbank.nl *.openbank.pt *.google.com *.google.es     *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com     https://aax-eu.amazon-adsystem.com bat.bing.com     tr.outbrain.com www.linkedin.com s-central1-madrid-investing.cloudfunctions.net     tbl.tradedoubler.com dmpue.el-mundo.net ;  media-src 'self' 'unsafe-inline' *.amazonaws.com *.openbank.es *.youtube.com;   frame-src 'self' optimize.google.com https://www.google.com *.gstatic.com     *.youtube.com simuladores-pre.afi.es simuladores.afi.es     *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es     *.clientes.openbank.es blob: api.openbank.es api.stg.openbank.es     api.qa.openbank.es;   child-src  https://www.google.com *.gstatic.com *.youtube.com     simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net     api-ob.nd.nudatasecurity.com https://openjobs.openbank.es     *.clientes.openbank.es blob: api.openbank.es api.stg.openbank.es     api.qa.openbank.es;   font-src 'self' *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt     maxcdn.bootstrapcdn.com data: https://fonts.gstatic.com     *.openbankwealth.com api-ob.nd.nudatasecurity.com maxcdn.bootstrapcdn.com;   connect-src 'self' www.google-analytics.com *.openbank.es *.nr-data.net     *.we-stats.com *.tealiumiq.com api-ob.nd.nudatasecurity.com     decollector.tealeaf.ibmcloud.com op.browseranalytic.com logs.openbank.com api.openbank.es     api.stg.openbank.es api.qa.openbank.es *.ok-cloud.net;   frame-ancestors 'self' *.openbank.de *.openbank.nl *.openbank.pt *.openbank.es     api.paycomet.com https://www.paytpv.com     https://openbank-mkt-dev1.campaign.adobe.com https://openbank-mkt-stage1.campaign.adobe.com https://openbank.campaign.adobe.com;   object-src 'self' api.openbank.es api.stg.openbank.es api.qa.openbank.es 1
sandbox allow-scripts allow-same-origin allow-forms ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.tag4arm.com dev.visualwebsiteoptimizer.com cdn.mouseflow.com vcc-eu2.8x8.com vcc-eu7.8x8.com connect.facebook.net app.vacancy-filler.co.uk secure.adnxs.com *.doubleclick.net services.postcodeanywhere.co.uk centrepointorguk-staging.azurewebsites.net centrepoint.org.uk platform.twitter.com cdn.syndication.twimg.com *.8x8.com *.dotomi.com *.consensu.org *.stripe.com www.google.com www.gstatic.com *.newmode.net *.shpg.org blog.apps.npr.org widget.raisenow.com; default-src 'self' data:; worker-src https://centrepointorguk-staging.azurewebsites.net centrepoint.org.uk; style-src 'self' 'unsafe-inline' hello.myfonts.net tagmanager.google.com fonts.googleapis.com services.postcodeanywhere.co.uk platform.twitter.com widget.raisenow.com; connect-src 'self' dev.visualwebsiteoptimizer.com www.tag4arm.com services.postcodeanywhere.co.uk rec1.visualwebsiteoptimizer.com www.google-analytics.com; font-src 'self' hello.myfonts.net fonts.gstatic.com fonts.googleapis.com widget.raisenow.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: www.google-analytics.com ssl.gstatic.com www.tag4arm.com centrepointorguk.azureedge.net dev.visualwebsiteoptimizer.com centrepointorguk.blob.core.windows.net www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net http://maps.googleapis.com www.google.com www.google.co.uk img.youtube.com rec1.visualwebsiteoptimizer.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com pbs.twimg.com abs.twimg.com *.8x8.com *.liadm.com *.contextweb.com *.vdopia.com *.pubmatic.com *.adnxs.com *.rubiconproject.com *.tremorhub.com *.mediaplex.com *.addkt.com *.doubleclick.net *.dotomi.com core.conversant.mgr.consensu.org; frame-src 'self' *.8x8.com *.doubleclick.net www.youtube.com www.google.com connect.facebook.net www.facebook.com services.postcodeanywhere.co.uk staticxx.facebook.com platform.twitter.com syndication.twitter.com *.stripe.com *.newmode.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.norma-online.de fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com blueimp.github.io *.api.here.com; 1
default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.trier-info.de https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.pegelonline.wsv.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/lightslider/1.1.6/js/lightslider.js https://www.dw.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';  style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: https://s.yimg.com http://cdn.printfriendly.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; media-src 'self'; frame-src 'self' data: https://static.addtoany.com https://fwb.malaysiaairports.com.my https://www.youtube.com https://www.google.com; frame-ancestors 'self' https://fwb.malaysiaairports.com.my; child-src 'self'; font-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com; report-uri //report-csp-violation 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com christchurch.bibliocms.com *.christchurch.bibliocms.com https://christchurch.bibliocms.com christchurch.bibliocms.com *.christchurch.bibliocms.com; 1
default-src 'unsafe-inline' 'unsafe-eval' *.kfcclub.com.tw www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.google.com *.google.com.tw *.googleapis.com *.facebook.net *.facebook.com *.gstatic.com *.3rdchannel.com.tw *.doubleclick.net pt.amnetgroup.com.tw pt.cymmetrics.com.tw match.adsrvr.org static.masterpass.com static.criteo.net gtm.js google-analytics.com s.yime.com bat.bing.com sslwidget.criteo.com dis.as.criteo.com; 1
default-src 'self';font-src 'self' data: fonts.gstatic.com cdn-vsh.runczech.com cdn-www3-runczech2013-test.fg.cz api.mapy.cz;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.google-analytics.com *.instagram.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.runczech.com cdn-www3-runczech2013-test.fg.cz *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.googleadservices.com *.glami.cz *.licdn.com *.linkedin.com api.instagram.com downloads.mailchimp.com *.facebook.net *.list-manage.com *.highcharts.com api.mapy.cz s3.amazonaws.com;form-action 'self' *.facebook.com *.facebook.net 3dsecure.gpwebpay.com *.list-manage.com;frame-src 'self' www.cognitoforms.com www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.facebook.com *.facebook.net public.pim.cz *.google.com e.issuu.com *.gpsguard.eu *.tds-live.com runczech.golibe.com player.vimeo.com *.activetimes.eu activetimes.eu;worker-src 'self' www.youtube.com *.iplatba.cz;frame-ancestors 'self' *.aktualne.cz aktualne.cz;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.glami.cz cdn-www3-runczech2013-test.fg.cz cdn-vsh.runczech.com *.facebook.com scontent.cdninstagram.com cdn-images.mailchimp.com *.atdmt.com http://*.staticflickr.com edee.runczech.com http://*.vimeocdn.com *.mapy.cz *.cdninstagram.com *.fbcdn.net;style-src 'self' 'unsafe-inline' cdn-vsh.runczech.com cdn-www3-runczech2013-test.fg.cz translate.googleapis.com fonts.googleapis.com analytics.monkeytracker.cz *.google.com downloads.mailchimp.com public.pim.cz api.mapy.cz;object-src 'self' 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-eval'; style-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-inline'; frame-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com; font-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; img-src 'self' www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; connect-src 'self' *.horacemann.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; 1
frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; 1
default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' analytics.monkeytracker.cz *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com https://googleads.g.doubleclick.net *.gstatic.com;form-action 'self';frame-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com *.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz www.google.com 1
: default-src * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com/nr-1099.min.js https://sjs.bizographics.com/insight.min.js px.ads.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://js-agent.newrelic.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com gl.hostcg.com/js/genlead.js; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com tagmanager.google.com sc.01.sana-apps.de player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com tagmanager.google.com sc.01.sana-apps.de *.zscaler.net; img-src *; style-src 'self' 'unsafe-inline'; media-src 'self'; connect-src 'self' vendorlist.consensu.org www.google-analytics.com stats.g.doubleclick.net; font-src 'self'; frame-ancestors 'self' www.sanadaily.de localhost:* sc.01.sana-apps.de; frame-src 'self' sc.01.sana-apps.de sanadigital.typeform.com maps.google.de *.google.com www.youtube.com 466b13bd.sibforms.com *.livecoder.com player.vimeo.com *.zscaler.net 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com app.humdash.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct app.humdash.com cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local *.luckyorange.net ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google.com *.consumercare.net *.econsumeraffairs.com *.addthis.com  *.ckeditor.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.ckeditor.com; img-src 'self' *.google-analytics.com *.google.com stats.g.doubleclick.net *.googleapis.com *.bbulibrary.com grupobimbo.com *.ckeditor.com; frame-src 'self' *.google.com; font-src font-src: 'self' fonts.gstatic.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; 1
frame-ancestors 'self' *.leoncountyfl.gov ; 1
frame-ancestors 'self' http://www.lugaro.com http://www.manfredijewels.com http://www.dutyfreediplomatic.com 1
frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kalibrr.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 1
default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self'; object-src 'none'; script-src 'nonce-J7R+Uk8n37GQT8fH+3h0aw==' 'strict-dynamic'; style-src 'self'; worker-src 'self'; 1
default-src 'self' https://player.vimeo.com https://9169248.fls.doubleclick.net https://burgess.theatro360.com https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://www.luxproimaging.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://email.burgessyachts.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.dnky.co https://fonts.googleapis.com https://tagmanager.google.com https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com; img-src 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com; connect-src 'self' wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com; worker-src 'self' blob:; media-src 'self' https://vod-progressive.akamaized.net https://gcs-vimeo.akamaized.net https://skyfire.vimeocdn.com https://fpdl.vimeocdn.com https://video-dev.github.io https://player.vimeo.com blob:; report-uri https://burgessyachts.report-uri.com/r/d/csp/reportOnly; frame-src 'self' https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com https://www.digitowl.vision https://my.matterport.com https://tourmkr.com https://www.golocal.hk https://www.coolwalkee.com https://www.google.com/maps https://www.luxproimaging.com; child-src blob: ; 1
default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://secure-mailgate.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
frame-ancestors 'self' http://*.webtradecenter.com https://*.webtradecenter.com https://eu-west-1a.online.tableau.com 1
default-src 'self';img-src *; script-src *; 1
allow 'self'; frame-ancestors http://asmart.inone.useinsider.com/ 1
allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.xport.glopalservice.com http://*.xport.glopalservice.com https://*.borderlinx.com http://*.borderlinx.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://aws.bximg.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com ; options inline-script eval-script 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src https://ipara.com;https://ipara.com.tr 1
frame-ancestors 'self', facebook.com, *.facebook.com 1
default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1
worker-src 'self' data: blob: *.arcgisonline.com js.arcgis.com *.arcgis.com;                          default-src 'self' data: localhost:* *.google.com *.mopinion.com *.arcgisonline.com js.arcgis.com *.arcgis.com *.googleapis.com media.licdn.com *.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com *.facebook.com;                          frame-src 'self' embed waterschappen.mijnstem.nl agv.mijnstem.nl app.mijnstem.nl mijnstem.sales.ivox.be waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com www.youtube.com www.google.nl www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com;                          script-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com  *.ytimg.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com connect.facebook.net 'unsafe-inline' 'unsafe-eval';                          style-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com  epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline';                          connect-src https: http: ws: wss:; 1
default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * ;frame-ancestors * ;form-action * ;manifest-src * ; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-wgVUCIz0KvYfcPupUC6cn0KY' 'nonce-pIfMbDrjT4zs2rIUf0xlIjbd' 'nonce-rSCwYrtshM2gyv5crrY+15Y0' 'nonce-fA0dif4jnHyRCpUBgAYFW6/9' 'nonce-kNaib2sxDOqDt8zvKmQC09wc' 'nonce-HrKa3MbstACuk1UjWl1weXfm' 'nonce-5idf9KTMzdMG6LrvDxz4Mfuw' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'none'; img-src *; media-src s3.amazonaws.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com script.hotjar.com static.hotjar.com d.impactradius-event.com; connect-src *.easyship.com in.hotjar.com vc.hotjar.io easyship.ilbqy6.net; frame-src vars.hotjar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: 1
default-src 'self';style-src 'self' 'unsafe-inline' www.youtube.com;font-src 'self' v2.zopim.com data:;script-src 'self' www.google-analytics.com www.googletagmanager.com www.google.com ssl.gstatic.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net www.bing.com bat.bing.com www.redditstatic.com v2.zopim.com static.zdassets.com widget-mediator.zopim.com kraken.zendesk.com https://ekr.zdassets.com https://kraken.zendesk.com wss://kraken.zendesk.com wss://*.zopim.com www.gstatic.com amplify.outbrain.com 'unsafe-eval' www.youtube.com s.ytimg.com https://cdnjs.cloudflare.com/ajax/libs/countly-sdk-web/;img-src 'self' www.google-analytics.com stats.g.doubleclick.net www.google.com www.googleadservices.com googleads.g.doubleclick.net www.bing.com bat.bing.com www.reddit.com alb.reddit.com v2.zopim.com data: v2.zopim.io v2assets.zopim.io https://static.zdassets.com www.gstatic.com ssl.gstatic.com tr.outbrain.com amplifypixel.outbrain.com www.youtube.com img.youtube.com https://hexagon-analytics.com https://fdt.kraken.com;frame-ancestors www.youtube.com;connect-src 'self' wss://ws.kraken.com www.google-analytics.com stats.g.doubleclick.net www.bing.com bat.bing.com https://v2.zopim.com wss://v2.zopim.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://ekr.zdassets.com https://ekr.zdassets.com https://static.zdassets.com https://kraken.zendesk.com wss://kraken.zendesk.com wss://*.zopim.com https://api.lever.co https://analytics.prod1.kraken.com/;frame-src bid.g.doubleclick.net v2.zopim.com www.google.com www.youtube-nocookie.com;media-src v2.zopim.com https://static.zdassets.com 'self'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com epl.bibliocms.com *.epl.bibliocms.com https://epl.bibliocms.com epl.bibliocms.com *.epl.bibliocms.com; 1
allow 'self'; script-src 'self'; img-src *; media-src *; object-src 'none'; frame-src 'none'; xhr-src 'none'; 1
default-src https:;media-src 'self' www.wellsfargomedia.com www.wellsfargo.com;font-src 'self' data: stm-connect.secure.evetest.wellsfargo.com:23621;frame-src 'self' ciaanalytics.wellsfargo.com connect.secure.wellsfargo.com www.bing.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com;style-src 'unsafe-inline' 'self' wca.sec.wellsfargo.com www.bing.com www.wellsfargo.com ceomedia.wf.com;base-uri 'self';report-uri /reporting/csp;frame-ancestors 'none';script-src 'self' 'nonce-3fe098fc0b79fcc8' www.wellsfargo.com www.bing.com dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com ceomedia.wf.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com six.cdn-net.com wcafs.wellsfargo.com;connect-src 'self' www.bing.com t0.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com wca.wellsfargo.com wcafs.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;img-src 'self' stats.g.doubleclick.net data: blob: t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.adobe.com www.wellsfargo.com www.google-analytics.com ssl.google-analytics.com ceomedia.wf.com www.bing.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;object-src 'self' wifp.wellsfargo.com wifp.ceo.wellsfargo.com; 1
frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.eu https://booking2.centerparcs.ch https://booking2.centerparcs.be 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://translate.google.com/ https://translate.googleapis.com/ https://www.gstatic.com/ https://www.google.com/ 1
font-src 'self' static.flatfy.com *.gstatic.com; frame-src 'self' www.google.com/recaptcha/ *.hotjar.com *.hotjar.io; script-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.google.com/ads/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com fonts.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.google-analytics.com *.hotjar.com *.hotjar.io wss:; default-src 'self' static.flatfy.com *.gstatic.com *.hotjar.com *.hotjar.io 1
base-uri 'self'; block-all-mixed-content; form-action 'self'; frame-ancestors 'self'; default-src 'none'; connect-src 'self'; frame-src 'self'; img-src 'self' data:; media-src 'self'; script-src 'self'; style-src 'self' 1
frame-ancestors 'self'  https://*.advisorservices.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com 1
frame-ancestors *.amboss.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: 'self' data:; img-src https: 'self' data:; 1
base-uri 'self' about:;block-all-mixed-content;child-src fallsviewer.ca 'self';connect-src 'self' data: *.youtube.com fonts.gstatic.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.readspeaker.com img.niagarafalls.ca cdn.monsido.com https://*.smartlook.com https://*.smartlook.cloud;default-src https: 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' null stackpath.bootstrapcdn.com fonts.gstatic.com niagarafalls.ca;form-action 'self' *.paypal.com *.readspeaker.com niagarafalls.ca;frame-ancestors 'self' fallsviewer.ca map.niagarafalls.ca niagarafalls.ca *.us.monsido.com; frame-src fallsviewer.ca map.niagarafalls.ca *.readspeaker.com www.google.com www.youtube.com youtube.com player.vimeo.com niagarafalls.ca *.transitapp.com ;img-src data: 'self' img.niagarafalls.ca *.readspeaker.com res.cloudinary.com https://www.google-analytics.com *.gstatic.com stats.g.doubleclick.net www.youtube.com *.monsido.com *.googleapis.com https://*.google.com https://*.google.ca;media-src *.readspeaker.com youtu.be *.youtube.com;object-src *.youtube.com 'self'; report-uri https://niagarafalls.ca/webservices/csp-enforce;script-src 'self' blob: *.google.com *.googleapis.com *.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.net extend.vimeocdn.com player.vimeo.com *.readspeaker.com cdn.monsido.com www.youtube.com api.transitapp.com *.ytimg.com https://*.smartlook.com https://*.smartlook.cloud 'unsafe-inline' 'unsafe-eval';style-src 'self' stackpath.bootstrapcdn.com *.googleapis.com *.google.com *.readspeaker.com 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob: 1
default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com  1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://connect.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
img-src blob: * android-webview-video-poster: data:; media-src * data:; connect-src 'self'; worker-src blob: 'self'; font-src * data:; default-src player.vimeo.com *.yourmoney.ch *.newsbox.ch *.cashgate.ch 'unsafe-eval' *.gstatic.com *.issuu.com *.tkb.ch 'self' tagmanager.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com e2.marco.ch *.adform.net 'unsafe-inline' 1
block-all-mixed-content; font-src 'self' fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org connect.facebook.net *.g.doubleclick.net *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.pinterest.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com ad.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 1
default-src 'self'; frame-src 'self' 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' translate.googleapis.com/ https://feeds.trac.jobs/ 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.byrdie.com *.qa.aws.byrdie.com apollo.byrdie.com apollo.local.byrdie.com atlas.byrdie.com atlas.local.byrdie.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js http://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://eni.bb.com.br/piwik.js https://connect.facebook.net/en_US/fbevents.js https://www.youtube.com/iframe_api https://www.googleapis.com/youtube/v3/videos http://cdn.navdmp.com/req http://usr.navdmp.com/usr https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/api2/ http://cse-consolida-comentario.labbs.com.br https://www100.desenv.bb.com.br https://www100.bb.com.br https://s.yimg.com/wi/ytc.js https://www.googleapis.com/youtube/v3/videos https://www.googleapis.com https://connect.facebook.net/signals/config/1616591318608338 https://connect.facebook.net https://www.googletagmanager.com/gtm.js https://sync.navdmp.com/sync https://cdn.navdmp.com/cus https://cus.navdmp.com/cus https://www100.bb.com.br https://www.gstatic.com/recaptcha/releases/ https://s.yimg.com/wi/ytc.js https://s.yimg.com https://sp.analytics.yahoo.com https://eni.bb.com.br/eni1/piwik.js https://snap.licdn.com/li.lms-analytics/insight.min.js http://static.ads-twitter.com/uwt.js https://pubads.g.doubleclick.net/activity;dc_iu=/95377733/DFPAudiencePixel;ord=1;dc_seg=986205785 http://tm.jsuol.com.br/uoltm.js?id=braj6o http://pkg.ydigitalmedia.com/conversion@4/yd-conversion.js 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data: 1
frame-ancestors 'self' http://preview.ceros.com http://view.ceros.com http://*.mccarthy.com http://*.digcastle.com https://preview.ceros.com https://view.ceros.com https://*.mccarthy.com https://*.digcastle.com 1
default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: stats.hft-stuttgart.de; connect-src 'self' *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-wwZ+olUvpeByAoVoQVLPmA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://fullstory.com https://*.fullstory.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net *.ngpvan.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com tagmanager.google.com; img-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com fonts.googleapis.com;connect-src 'self' https://*.fullstory.com https://fullstory.com; report-uri https://accounts.ngpvan.com/oidc/csp/report 1
: default-src *; frame-ancestors 'self' btcpop.co *.btcpop.co ; 1
default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.broadviewnet.com https://flex.msn.com https://ssl.google-analytics.com https://snapabug.appspot.com https://www.snapengage.com; style-src 'self' 'unsafe-inline' ; img-src *; font-src 'self' data:;frame-src 'self' 'self' https://www.youtube.com; report-uri https://identity.broadviewnet.com/IdentityProvider/csp/report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomasbreads.com connect.facebook.net cdn.socialtwist.com ajax.googleapis.com www.googletagmanager.com assets.pinterest.com js-agent.newrelic.com *.pinterest.com  https://www.google-analytics.com https://bam.nr-data.net https://chat.consumercare.net  https://h6.consumercare.net  https://ad.atdmt.com https://www.econsumeraffairs.com https://www.google.com https://www.gstatic.com https://widgets.socialtwist.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.econsumeraffairs.com *.consumercare.net *.socialtwist.com; connect-src 'self' *.revemarketing.com https://www.google-analytics.com  https://stats.g.doubleclick.net  wss://webchat.revemarketing.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' blob: 1
default-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self' http://online-training.projectwet.org; child-src 'self' *; font-src 'self' *; connect-src 'self' *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'unsafe-inline' 'self' *.googleapis.com *.newrelic.com *.nr-data.net *.google-analytics.com *.google.com *.getsitecontrol.com *.gstatic.com *.kxcdn.com 'strict-dynamic' 'nonce-0927d6c938c1b89499c5ccc0'; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com *.bootstrapcdn.com; img-src 'self' * data:; frame-src 'self' *.google.com; font-src *.googleusercontent.com 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.apigee.com *.getsitecontrol.com *.apigee.net; report-uri /admin/config/system/seckit/csp-report 1
connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
frame-ancestors *.scaledrone.com 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
frame-ancestors 'self' http://pudtoday 1
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src 'unsafe-inline' 'self' https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 'nonce-57edcd25-8b10-45ac-8941-3abc7a1e91f5'; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com; img-src 'self' data: *; frame-src * *.adform.net; object-src 'none'; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://www.youtube.com http://www.gstb-rlp.de https://www.kosdirekt.de https://kommunalradkongress-modules.xing-events.com; img-src 'self' https://img.youtube.com https://www.google-analytics.com https://vat.db-app.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://de.ioam.de https://s.ytimg.com https://script.ioam.de https://www.google-analytics.com https://www.youtube.com https://vat.db-app.de/; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://campaign.interamerican.gr/ https://askme.interamerican.gr/; 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
child-src 'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://rpc.blurt.world blurt.blog blurt.world 'self' rpc.blurt.world https://api.blurt.blog https://blurtd.privex.io *.blurt.buzz wss://notifications.blurt.world; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com img.3speakcontent.online lbry.tv *.wistia.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com; report-uri /api/v1/csp_violation 1
default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1
default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mailsentinel.net https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' wss://main.weku.io:8190 https://dallas.weku.io:8190 https://dallas.weku.io wss://dallas.weku.io:8190 translate.google.com translate.googleapis.com wss://news.weku.io:8190 https://images2.weku.io https://images2.weku.io:8234 wss://chain.weku.io api.weku.io https://images.weku.io https://images.weku.io:8234; default-src 'self' translate.google.com translate.googleapis.com www.youtube.com weku.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com  https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com  https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com  https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com  https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://www.yumpu.com  https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://yoast.com; media-src https://* 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.stripe.com; 1
default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net; font-src 'self' *.typekit.net fonts.gstatic.com data:; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'none'; form-action 'self' https://www.pcuonline2.org; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.pcu.org https://www.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://onlineaccess.pcu.org https://www.pcuonline2.org https://pcu.staging.wpengine.com https://www.pcu.org https://pcu.dev https://secure.gravatar.com https://www.google-analytics.com https://www.pcu.org  https://www.googletagmanager.com https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://d.basemaps.cartocdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com https://www.google.com https://connect.facebook.net https://ajax.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.pcu.org https://fonts.googleapis.com https://code.ionicframework.com; img-src 'self' https://www.pcu.org https://www.google.com https://www.googletagmanager.com https://i0.wp.com https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; media-src 'none'; frame-src 'self' https://www.google.com/ https://pcu.mortgagewebcenter.com; font-src 'self' data: https://www.pcu.org https://fonts.gstatic.com https://code.ionicframework.com; connect-src 'self' https://stats.g.doubleclick.net 1
frame-ancestors https://*.mozio.com 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com ccclib.bibliocms.com *.ccclib.bibliocms.com ccclib.org *.ccclib.org http://ccclib.org; 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-8IFKZDhhpiTISN+5Zjckj2GGkOsGkKUUowOE0neCY7c=' 1
child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.youtube.com *.dailymotion.com *.vimeo.com *.youtube-nocookie.com *.europa.eu *.twitter.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.youtube.com *.dailymotion.com *.vimeo.com *.youtube-nocookie.com *.europa.eu *.twitter.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; 1
default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1
frame-ancestors www.flygresor.se secure.rentalcars.com brands.datahc.com hyrbil.flygresor.se 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com slpl.bibliocms.com *.slpl.bibliocms.com https://www.slpl.org www.slpl.org *.www.slpl.org; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src https: data: 'unsafe-inline'; object-src 'self'; script-src  'self' https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
default-src 'self' data: https:; object-src 'self'; script-src * data: 'unsafe-inline' https:; style-src 'self' data: 'unsafe-inline' https:; img-src * data: https:; 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://chat.userlike.com cdn.delight-vr.com data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com www.googleadservices.com *.googleapis.com marketing.gbgplc.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.pcapredict.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com *.loqate.com *.addressy.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com snid.snitcher.com secure.perk0mean.com ruler.nyltx.com analytics.nyltx.com tagmanager.google.com tag.demandbase.com *.opmnstr.com a.omappapi.com cdnjs.cloudflare.com; default-src 'self' data:; worker-src ; style-src 'self' 'unsafe-inline' *.googleapis.com addtocalendar.com api.addressy.com *.loqate.com cloudflare.com cdnjs.cloudflare.com tagmanager.google.com use.typekit.net; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com services.postcodeanywhere.co.uk *.addressy.com *.loqate.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.onetrust.com snid.snitcher.com analytics.nyltx.com api.company-target.com *.omappapi.com api.opmnstr.com wss:; font-src 'self' *.gstatic.com data:; img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.loqate.com t.co/i/adsct *.google.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com lh3.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com *.onetrust.com connect.facebook.net ssl.gstatic.com www.gstatic.com match.prod.bidr.io segments.company-target.com gbgstorage01.blob.core.windows.net a.opmnstr.com p.adsymptotic.com *.omappapi.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net www.glassdoor.co.uk www.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.loqate.com *.hubspot.com; 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1
frame-ancestors 'self' spoxy3.insipio.com 1
reflected-xss 'block' 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com vimeo.com; 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.lamapoll.de; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src 'self' data: lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de *.facebook.com; media-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de youtube.com youtube-nocookie.com; object-src 'self'; connect-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de; frame-src 'self' player.vimeo.com www.youtube.com www.youtube-nocookie.com 1
allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.dhleasyshop.com http://*.dhleasyshop.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com https://*.cloudfront.net ; options inline-script eval-script 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
frame-ancestors 'self' *.ecoproductsstore.com; frame-src 'self' find.storesnear.me *.ecoproducts.com squadblog.ecoproducts.com brandfolder.com *.brandfolder.com https://brandfolder.com https://*.brandfolder.com *.amazonaws.com ads.p.veruta.com t.p.mybuys.com s7.addthis.com https://www.youtube.com/ http://blog.ecoproducts.com/ http://squadblog.ecoproducts.com/ *.ecoproductsstore.com 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src 'self' storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.neti *.a1.group live.virtual-events.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1
default-src 'self'; block-all-mixed-content; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src *; img-src 'self' self data: 'unsafe-inline' 'unsafe-eval' https://pbs.twimg.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri /nelmio/csp/report 1
default-src *; 1
frame-ancestors 'self' www.pro-agent.com www.google.com; 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com data:; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
base-uri 'https://*.pchome.co.th'; 1
script-src 'self'  https://*.wistia.com https://embedwistia-a.akamaihd.net blob:  https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com  ajax.aspnetcdn.com  use.typekit.net  us1.siteimprove.com siteimproveanalytics.com  cdnjs.cloudflare.com  use.fontawesome.com  player.vimeo.com  clicky.com in.getclicky.com static.getclicky.com  code.jquery.com  'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.iwplay.com.tw *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:; 1
: default-src 'self' 1
frame-ancestors 'self' *.volusion.com 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com securesurf.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
frame-ancestors "self" "https://*.motor.com" "https://*.motoshop.com" 1
frame-ancestors 'self' https://*.etracker.com 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net; object-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://ecard.quipugroup.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.yourcloudlibrary.com; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://psr-www.bayard-jeunesse.com https://www.bayard-jeunesse.com; 1
default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info www.google.com www.gstatic.com https://rawgithub.com/phpepe/highcharts-regression/master/highcharts-regression.js?8 https://rawgit.com/phpepe/highcharts-regression/master/highcharts-regression.js; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr; report-uri /nelmio/csp/report 1
"default-src *" 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.skeyes.be http://*.belgocontrol.be https://www.openstreetmap.org http://opendatacommons.org https://www.google.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://www.linkedin.com https://platform.linkedin.com https://static.licdn.com https://www.youtube.com https://create.smart2vr.com https://ssl.google-analytics.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu cdn.pendo.io; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.truste.com *.newrelic.com *.nr-data.net *.pendo.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ; img-src 'self' data: *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' *.navexglobal.com *.policytech.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com; frame-ancestors 'self' *.pendo.io *.ethicspoint.eu; 1
default-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src  'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self'  https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-inline' 1
'nosniff'; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src * data: blob:; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self'; frame-ancestors 'none'; frame-src https://staticxx.facebook.com/ https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://yandex.ru https://broadcast.comdi.com; img-src 'self' data: https://*.yandex.ru https://login.vk.com https://sk.ru https://vk.com https://www.facebook.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://mc.yandex.ru https://s.ytimg.com https://vk.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://broadcast.comdi.com https://unpkg.com blob: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; report-uri /nelmio/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com/; font-src 'self' *.gstatic.com; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
img-src data: 'self' *; worker-src unsafe-inline 'self' blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self' mailto: https://piwik.bzga.de; 1
default-src 'unsafe-inline' https://fonts.googleapis.com  https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com  https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com  https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.kisd.de https://kisd.de https://*.typekit.net https://www.google-analytics.com https://*.googleapis.com; style-src https: 'unsafe-inline' https://*.kisd.de https://kisd.de https://*.typekit.net https://*.googleapis.com; 1
default-src 'self' chrome-extension disqus.com *.disqus.com *.disquscdn.com; child-src www.youtube.com player.vimeo.com www.gstatic.com www.facebook.com web.facebook.com www.googletagmanager.com disqus.com bikeworldpl.disqus.com a.disquscdn.com c.disquscdn.com referrer.disqus.com www.strava.com connect.garmin.com; connect-src 'self' www.facebook.com www.google-analytics.com stats.g.doubleclick.net links.services.disqus.com *.disqus.com; font-src 'self' data: chrome-extension fonts.gstatic.com use.fontawesome.com; frame-src www.youtube.com player.vimeo.com www.gstatic.com www.facebook.com web.facebook.com www.googletagmanager.com disqus.com bikeworldpl.disqus.com a.disquscdn.com c.disquscdn.com referrer.disqus.com www.strava.com connect.garmin.com; img-src * data: maps.gstatic.com *.googleapis.com *.ggpht; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.google-analytics.com https://www.google-analytics.com/analytics.js ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com maps.googleapis.com googleads.g.doubleclick.net tagmanager.google.com connect.facebook.net disqus.com bikeworldpl.disqus.com a.disquscdn.com c.disquscdn.com referrer.disqus.com reklama.bikeworld.pl portal.bikeworld.pl katalog.bikeworld.pl; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com disqus.com bikeworldpl.disqus.com a.disquscdn.com c.disquscdn.com referrer.disqus.com; report-uri /csp/report 1
default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src https://www.regionorebrolan.se:443;script-src *.google.com ssl.google-analytics.com ssl.webserviceaward.com *.orebroll.se www.regionorebrolan.se https://js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'  data:;style-src  'self' 'unsafe-inline' ssl.webserviceaward.com;img-src *.orebroll.se ssl.google-analytics.com ssl.webserviceaward.com www.regionorebrolan.se 'self' data:;media-src rstts.readspeaker.com app.readspeaker.com streamio.com video.orebroll.se;frame-src *.youtube.com app.readspeaker.com  rstts.readspeaker.com media.readspeaker.com www.regionorebrolan.se https://streamio.com https://video.orebroll.se https://solaris.orebroll.se https://app.powerbi.com;connect-src rstts.readspeaker.com;report-uri https://www.regionorebrolan.se/csp-report 1
default-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com https://*.googlevideo.com 'unsafe-inline' 'unsafe-eval'; media-src https://www.mediengruppe-rtl.de blob:; img-src 'self' data: https://yt3.ggpht.com https://i.ytimg.com; script-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; style-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com 'unsafe-inline' 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org	www.youtube.com s.ytimg.com www.vvs.de; 1
default-src 'self' *.cerved.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.cerved.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.it *.doubleclick.net; frame-src 'self'; font-src 'self' *.googleapis.com *.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://www.spamfilter.io https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1
frame-ancestors https://*.cpcworldwide.com 1
policy-uri /'unsafe-inline' 1
default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com avero.speed-trap.nl googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com  onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com celebrus.avero.nl static.hotjar.com script.hotjar.com  js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net collectie.avero.nl *.onmarc.nl js.hs-banner.com collectie.averoachmea.nl;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net avero.speed-trap.nl *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com track.hubspot.com forms.hubspot.com celebrus.avero.nl *.onmarc.nl;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.hubapi.com api.hubspot.com forms.hubspot.com vc.hotjar.io cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net *.onmarc.nl;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors https://*.posylka.de 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; report-uri //report-csp-violation 1
frame-ancestors 'self' https://www.allsmart.gr/; 1
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.force.com https://*.salesforceliveagent.com https://www.googletagmanager.com https://www.google-analytics.com https://static.site24x7rum.com https://*.cloudflare.com https://*.newrelic.com https://*.nr-data.net https://*.salesforce.com; frame-src *; object-src *; style-src 'self' 'unsafe-inline' https://*.salesforce.com https://*.force.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; connect-src 'self' https://*.salesforce.com https://*.force.com https://col.site24x7rum.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.nr-data.net https://api.iss.hkairportrewards.com; font-src 'self' data: https://*.force.com https://*.salesforce.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1
default-src https:; img-src https: 'self' data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' *.crazyegg.com https://www.google-analytics.com; child-src 'self' https://player.pippa.io https://player.acast.com  https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com jeffco.bibliocms.com *.jeffco.bibliocms.com https://jeffcolibrary.org jeffcolibrary.org *.jeffcolibrary.org; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' * 1
default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; object-src data: https:; style-src data: 'unsafe-inline' https:; img-src data: https:; media-src data: https:; frame-src data: https:; font-src 'self' data: https:; connect-src data: https:; base-uri 'self'; 1
script-src 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com halifax.bibliocms.com *.halifax.bibliocms.com https://www.halifaxpubliclibraries.ca www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca; 1
default-src 'self' data: *.halkbank.com.tr *.doubleclick.net t.co *.facebook.com *.facebook.com.tr *.gstatic.com *.google.com *.google.com.tr *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.creative-serving.com *.ads-twitter.com *.twitter.com; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net; connect-src 'self' https://sentry.io https://maps.google.com https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
: sandbox allow-scripts 1
default-src 'self' www.youtube-nocookie.com youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' www.vrk.nl static.mailplus.nl ssl.siteimprove.com cdn.siteimprove.net 'unsafe-eval' code.jquery.com svc.webspellchecker.net siteimproveanalytics.com youtu.be www.youtube-nocookie.com youtu.be connect.facebook.net m19.mailplus.nl data1.saliche.com translate.google.com s3-us-west-2.amazonaws.com wowww.nl siteimproveanalytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net static.mailplus.nl svc.webspellchecker.net translate.googleapis.com; img-src * data:; font-src 'self' fonts.gstatic.com svc.webspellchecker.net static3.avast.com cdn.faceworks.nl data:; connect-src 'self' my2.siteimprove.com svc.webspellchecker.net id.siteimprove.com static.mailplus.nl; report-uri /report-csp-violation 1
default-src 'self' *.googleapis.com *.mailchimp.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.amazon.com *.amazonaws.com *.cloudflare.com *.callrail.com *.googleadservices.com *.hotjar.com *.facebook.net *.trackcmp.net *.bing.net *.google.com *.facebook.com *.bing.com *.doubleclick.net 'unsafe-inline'; script-src 'self' *.googleapis.com *.mailchimp.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.amazon.com *.amazonaws.com *.cloudflare.com *.callrail.com *.list-manage.com *.googleadservices.com *.hotjar.com *.facebook.net *.facebook.com *.trackcmp.net trackcmp.net *.bing.net *.bing.com *.doubleclick.net 'unsafe-inline'; style-src 'self' *.googleapis.com *.mailchimp.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.amazon.com *.amazonaws.com *.cloudflare.com *.callrail.com 'unsafe-inline' 1
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
default-src 'self' localhost maps.googleapis.com themes.googleusercontent.com fonts.gstatic.com googleads.g.doubleclick.net ads.optad360.com http://ads.optad360.com csync.smartadserver.com secure-assets.rubiconproject.com ec-ns.sascdn.com track.adform.net api.deep.bi ls.hit.gemius.pl securepubads.g.doubleclick.net *.safeframe.googlesyndication.com safeframe.googlesyndication.com googlesyndication.com *.googlesyndication.com *.gstatic.com *.cloudflare.com; block-all-mixed-content; frame-src googlesyndication.com *.googlesyndication.com pagead2.googlesyndication.com *.hit.gemius.pl *.gemius.pl *.rubiconproject.com *.smartadserver.com *.sascdn.com googleads.g.doubleclick.net; img-src 'self' data: blob: google-analytics.com www.google-analytics.com fonts.googleapis.com maps.google.com *.gstatic.com maps.googleapis.com adx.adform.net www3.smartadserver.com creatives.sascdn.com ad.doubleclick.net pixel.adsafeprotected.com x.bidswitch.net cm.g.doubleclick.net d5p.de17a.com sync.clickonometrics.pl ib.adnxs.com ma.wp.pl cm.adgrx.com cm.adform.net c1.adform.net server.seadform.net sync-eu.exe.bid track.adform.net sync.bumlam.com s1.adform.net pre.glotgrx.com dt.adsafeprotected.com pro.hit.gemius.pl gremimedia.pl cdn.uwazamrze.pl stats.g.doubleclick.net ced-ns.sascdn.com www.google.com www.google.pl *.google.com *.google.pl googlesyndication.com *.googlesyndication.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.historia.uwazamrze.pl fonts.googleapis.com *.gstatic.com maps.google.com maps.googleapis.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com ced.sascdn.com ced-ns.sascdn.com s1.adform.net adx.adform.net pagead2.googlesyndication.com adservice.google.com googleads.g.doubleclick.net www3.smartadserver.com adservice.google.pl pixel.yabidos.com pixel.adsafeprotected.com track.adform.net static.adsafeprotected.com code.createjs.com radar.cedexis.com cdn.rp.pl cdn.uwazamrze.pl www.youtube.com s.ytimg.com api.deep.bi sync.smartadserver.com gapl.hit.gemius.pl securepubads.g.doubleclick.net googletagservices.com *.googletagservices.com googlesyndication.com *.googlesyndication.com ampproject.org *.ampproject.org *.2mdn.net *.evidon.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com blob: cdn.rp.pl cdn.uwazamrze.pl 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sppl.bibliocms.com *.sppl.bibliocms.com https://sppl.org sppl.org *.sppl.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleapis.com www.youtube.com *.ytimg.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net sdk.companywebcast.com https://ipapi.connectid.cloud *.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com sdk.companywebcast.com https://staticcontents.investisdigital.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com sdk.companywebcast.com streams.nfgd.nl; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
default-src 'self' https://equatio.texthelp.com/static/ wss://*.firebaseio.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/static/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/static/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/static/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/static/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1
upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safesurfs.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com yourconnectivity.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
default-src about: data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups; block-all-mixed-content; reflected-xss block; referrer strict-origin-when-cross-origin; 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
frame-ancestors www.bps.ac.uk 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safebrowsing.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de mailto: https://piwik.bzga.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/api.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com  https://www.google.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
frame-ancestors 'self' *.appearhere.co.uk *.appearhere.fr *.appearhere.us; 1
default-src 1
frame-ancestors http://my.rotary.org https://my.rotary.org http://my-cms.rotary.org https://my-cms.rotary.org 'self'; 1
default-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/; script-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/; style-src 'unsafe-inline' https://www.calypso.com/ https://helpdesk.calypso.com/ 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk; connect-src 'self' https://sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://*.tile.openstreetmap.org https://creator.hosted-pageflow.com 1
report-uri; 1
default-src * 'unsafe-inline' data: ; font-src * 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval' https:  1
frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://newapp.etracker.com/ https://www.google.com/ https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://blog.tuev-hessen.de/ https://staging-blog.tuev-hessen.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/ https://test.infraforce.de/; 1
default-src 'self' *.dohasooq.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://chat.freshdesk.com https://stats.pusher.com https://freegeoip.net https://t.omkt.co https://t3438570.icpro.co https://d36mpcpuzc4ztk.cloudfront.net query.yahooapis.com https://cdn.ckeditor.com code.highcharts.com code.jquery.com https://maps.google.com maps.googleapis.com https://bam.nr-data.net https://js-agent.newrelic.com cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com https://api.q-tickets.com https://apis.google.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://d36mpcpuzc4ztk.cloudfront.net https://cdn.ckeditor.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com; img-src 'self' data: https://t.omkt.co https://d36mpcpuzc4ztk.cloudfront.net http://www.q-tickets.com www.google.com https://maps.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net https://cdn.ckeditor.com  https://s3-ap-southeast-1.amazonaws.com  https://dohasooqproduction.s3.ap-south-1.amazonaws.com  https://d1ua6rfbo1g04v.cloudfront.net https://www.google-analytics.com https://www.google.co.in https://*.facebook.com https://www.googletagmanager.com;media-src 'self' www.youtube.com https://d36mpcpuzc4ztk.cloudfront.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com;frame-src 'self' https://www.google.com https://www.youtube.com https://accounts.google.com https://*.facebook.com https://*.facebook.net;connect-src 'self' wss://ws.pusherapp.com https://*.facebook.com https://chat.freshdesk.com https://maps.googleapis.com wss://chat.freshdesk.com 1
font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 1
child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com sdk.companywebcast.com livestream.com ec.livecasts.eu *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com sdk.companywebcast.com livestream.com ec.livecasts.eu *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; 1
default-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.clickdimensions.com *.vo.msecnd.net 1
https://client.libertydentalplan.com; https://libertydentalplan.com 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://www.youtube-nocookie.com/ 1
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1
frame-ancestors 'self' https://www.eventbrite.com 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
default-src https: 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bibliocms.com *.bibliocms.com bibliocms.com *.bibliocms.com http://bibliocms.com; 1
frame-ancestors 'self' *.kapow.com *.cvent.com http://*.cvent.com *.kapownp.com http://*.kapow.com:*; 1
frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.com mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://static.bggex.pro https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buttercms.com *.griddynamics.com *.sentry-cdn.com *.apis.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.ads-twitter.com cdn.jsdelivr.net www.feedrapp.info *.pardot.com *.yandex.ru; style-src 'self' 'unsafe-inline' *.buttercms.com *.googleapis.com *.sentry-cdn.com; img-src 'self' data: *.buttercms.com grid-dynamics-blog.ghost.io *.griddynamics.com *.gstatic.com *.apis.google.com *.googleapis.com *.google.com *.google.com.ua *.google-analytics.com *.doubleclick.net stats.g.doubleclick.net mc.webvisor.org *.yandex.ru; font-src 'self' data: *.googleapis.com *.gstatic.com 1
connect-src 'self' https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1
font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.curator.io;img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://stats.g.doubleclick.net https://dc.yieldify.com https://dwmvwp56lzq5t.cloudfront.net https://scontent.cdninstagram.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://bat.bing.com https://ad.doubleclick.net https://go.flx1.com https://secure.adnxs.com https://cookiea1.veinteractive.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://hey.hellobar.com http://cookiea1.veinteractive.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://cdsaus2.veinteractive.com https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://cm.g.doubleclick.net https://veads.veinteractive.com https://insight.adsrvr.org https://sync.adap.tv https://assets.yieldify.com https://ads.yahoo.com https://pixel.advertising.com https://curatorio.s3.amazonaws.com https://cdn.curator.io https://x.bidswitch.net https://adservice.google.com https://d2nq7dn4e4z508.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://match.adsrvr.org https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://cdn.livechatinc.com https://tags.w55c.net https://us-u.openx.net https://i.w55c.net https://t.mookie1.com https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://su.addthis.com https://ad.sxp.smartclip.net https://cdn-image.otherlevels.com https://www.google.com https://www.google.com.au https://cds.taboola.com https://secure.getprice.com.au;style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://dwmvwp56lzq5t.cloudfront.net https://cdn.curator.io https://platform.twitter.com https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://www.wufoo.eu https://configaus2.veinteractive.com https://bat.bing.com https://script.crazyegg.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://my.hellobar.com https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://d33wq5gej88ld6.cloudfront.net https://www.google.com https://www.gstatic.com https://dcc4iyjchzom0.cloudfront.net https://platform.instagram.com https://platform.twitter.com https://cdn.curator.io https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://d1l6p2sc9645hc.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://s.adroll.com https://d.adroll.com https://ib.adnxs.com https://www.wufoo.com https://secure.wufoo.com  https://apps.rokt.com https://roktcdn1.akamaized.net https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdn.taboola.com https://www.eventbrite.com.au https://woobox.com https://trc.taboola.com https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.wineselectors.com.au https://cfjump.wineselectors.com.au;default-src 'self' https://images.wineselectors.com.au https://configaus2.veinteractive.com https://vars.hotjar.com https://www.google.com https://www.facebook.com https://roktcdn1.akamaized.net;connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://api.curator.io https://appsapihk.veinteractive.com https://cookiea1.veinteractive.com https://c.flx1.com wss://ws1.hotjar.com https://cdsaus2.veinteractive.com https://bacon.section.io https://in.hotjar.com https://apps.rokt.com https://stats.g.doubleclick.net https://www.facebook.com https://trc.taboola.com https://sessionapihk.veinteractive.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://dtrchk.veinteractive.com https://ws1.hotjar.com;media-src 'self' https://images.wineselectors.com.au https://cdn.livechatinc.com;object-src 'self' https://images.wineselectors.com.au;child-src 'self' https://www.youtube.com https://www.google.com https://vars.hotjar.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://syndication.twitter.com https://www.instagram.com https://wineevents.wufoo.eu https://wineevents.wufoo.eu https://configaus2.veinteractive.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://apps.rokt.com https://www.google.com.au https://secure.livechatinc.com https://woobox.com https://wineselectors.ipscape.com.au https://bid.g.doubleclick.net https://www.ojrq.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com *.snap.licdn.com *.bing.com *.hotjar.com *.facebook.net *.hs-scripts.com *.hs-banner.com *.hotjar.com *.hs-banner.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hs-analytics.net *.licdn.com *.hsforms.net *.hsforms.com *.amazonaws.com https://js-agent.newrelic.com/ https://js.hs-scripts.com/4992274.js https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/api.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net https://px.ads.linkedin.com/collect https://bat.bing.com/ https://www.google.co.uk/ads/ga-audiences *.linkedin.com *.hubspot.com *.hubspot.net https://stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com *.hs-scripts.com *.hotjar.com *.hubspot.com https://www.google.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://vc.hotjar.io/views/1483048 *.hubspot.com *.hotjar.com https://bam.nr-data.net https://stats.g.doubleclick.net ; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' tagmanager.google.com www.google-analytics.com;font-src 'self' fonts.gstatic.com *.typekit.net *.typekit.com data: *.bootstrapcdn.com kariera.fg.cz;connect-src 'self' analytics.monkeytracker.cz *.typekit.net *.zeerat.com fullstory.com wss://collector.zeerat.com https://rs.fullstory.com/rec/page *.doubleclick.net *.google-analytics.com *.sociablekit.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz maps.google.com *.googleapis.com *.typekit.net *.typekit.com *.facebook.net *.twimg.com *.geoplugin.net *.zeerat.com *.fullstory.com fullstory.com *.rs.fullstory.com *.sociablekit.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com kariera.fg.cz sjs.bizographics.com *.gstatic.com c.imedia.cz;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' *.youtube.com *.facebook.com *.facebook.net www.googletagmanager.com *.sociablekit.com https://indd.adobe.com;worker-src 'self' *.youtube.com *.facebook.com *.facebook.net www.googletagmanager.com *.sociablekit.com https://indd.adobe.com;frame-ancestors 'self';img-src 'self' data: *.gstatic.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.gstatic.com *.googleapis.com *.typekit.net *.typekit.com *.facebook.com *.facebook.net *.twimg.com www.google.com *.google.cz *.youtube.com *.fg.cz *.google.ie *.sociablekit.com *.fbcdn.net kariera.fg.cz *.linkedin.com c.imedia.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.typekit.net *.typekit.com tagmanager.google.com *.sociablekit.com *.bootstrapcdn.com *.google.com *.googleapis.com kariera.fg.cz *.gstatic.com 1
default-src 'self';object-src 'none';object-src allow-forms allow-same-origin allow-scripts;base-uri 'self';upgrade-insecure-requests;frame-ancestors 'none';script-src 'self' 'unsafe-inline' ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' ajax.aspnetcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com;font-src font-src 'self' ajax.aspnetcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com data:;img-src data: 'self'; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/iframe_api https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self' http:  https: *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
allow *; options inline-script eval-script; frame-ancestors self 1
frame-ancestors https://www.justcavalli.com/ https://www.justcavalli.com/ ; 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
default-src 'self' *.atlas-elektronik.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.atlas-elektronik.com *.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com translate.google.com hello.myfonts.net platform.linkedin.com www.xing-share.com www.linkedin.com netdna.bootstrapcdn.com use.typekit.net; style-src 'self' 'unsafe-inline' *.atlas-elektronik.com fonts.googleapis.com use.typekit.net p.typekit.net translate.googleapis.com translate.google.com hello.myfonts.net www.xing-share.com; img-src 'self' data: *.atlas-elektronik.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com csi.gstatic.com maps.gstatic.com translate.google.com www.google.com/images/ www.gstatic.com/images/ static.licdn.com www.linkedin.com p.typekit.net; font-src 'self' data: use.typekit.net fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' *.atlas-elektronik.com *.googleapis.com www.youtube.comuse.typekit.net; object-src 'self' *.atlas-elektronik.com www.youtube.com; frame-src 'self' *.atlas-elektronik.com apis.google.com accounts.google.com www.youtube.com www.facebook.com platform.linkedin.com platform.twitter.com www.xing-share.com; upgrade-insecure-requests 1
default-src 'self' *.fg.cz *.fraus.cz *.fraus.com;font-src 'self' data: fonts.gstatic.com *.fg.cz *.google.com *.issuu.com;connect-src 'self' analytics.monkeytracker.cz *.gstatic.com *.google.com *.googleapis.com www.google-analytics.com *.fg.cz *.yandex.ru *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.googleadservices.com *.licdn.com *.linkedin.com *.cloudflare.com *.facebook.com *.facebook.net *.fg.cz *.fraus.cz *.fraus.com cdn.jsdelivr.net *.doubleclick.net *.yandex.ru c.imedia.cz *.issuu.com;form-action 'self' *.facebook.com *.facebook.net *.fg.cz *.google.com *.issuu.com;frame-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;child-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.placeholder.com *.fg.cz *.fraus.cz *.fraus.com *.facebook.com *.facebook.net *.yandex.ru c.imedia.cz *.issuu.com;style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.fg.cz *.fraus.cz *.fraus.com *.issuu.com;object-src 'self' *.fg.cz 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; connect-src 'self' https://vimeo.com https://*.resengo.com https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://www.resengo.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://www.resengo.com https://*.resengo.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://www.resengo.com 'unsafe-inline'; 1
default-src  'self';font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' analytics.monkeytracker.cz *.google.com *.googleapis.com www.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.doubleclick.net;form-action  'self' *.facebook.com *.facebook.net;frame-src  'self' blob: www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com;worker-src  'self' blob: www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie www.facebook.com kariera.rako.cz www.kariera.rako.cz c.imedia.cz;style-src  'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz;object-src  'self' 1
default-src 'self' https://api.deezer.com https://*.bernardo.fm; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://code.getmdl.io https://*.bernardo.fm; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.getmdl.io https://pagead2.googlesyndication.com https://adservice.google.ch https://*.bernardo.fm https://*.google.com https://*.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://*.bernardo.fm; media-src 'self' https://www.dropbox.com https://*.dl.dropboxusercontent.com https://*.bernardo.fm; img-src 'self' data: http://www.w3.org https://*.bernardo.fm; frame-src https://googleads.g.doubleclick.net https://www.google.com 1
frame-ancestors 'self' https://*.salesforce.com 1
frame-ancestors https://*.cjis20.org 1
frame-ancestors 'self' *.ratingruneta.ru ratingruneta.ru webvisor.com http://webvisor.com metrika.yandex.ru *.yandex.net 1
frame-ancestors 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com; frame-src 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com http://*.youtube.com https://*.youtube.com; 1
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com 'unsafe-eval'; style-src 'self' *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com simplybook.me lh3.googleusercontent.com data:; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com 1
default-src 'self' 'unsafe-inline' https://*.wistia.com https://*.wistia.net; frame-src *.vimeo.com *.hotjar.com *.google.com static.addtoany.com cdn.yoshki.com fast.wistia.com fast.wistia.net cloud.highcharts.com app.everviz.com *.libsyn.com *.soundcloud.com *.slideshare.net *.addthis.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.hotjar.io www.googletagmanager.com www.google-analytics.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com ajax.googleapis.com *.google.com cdn.ampproject.org instant.page *.wistia.com *.wistia.net https://src.litix.io static.addtoany.com assets.juicer.io cookiehub.net stats.g.doubleclick.net *.gstatic.com *.cloudflare.com *.apester.com *.addthis.com *.moatads.com *.cdnjs.cloudflare.com/ajax/libs/hammer.js/ cdn.jsdelivr.net/npm/handlebars@4.0.5/dist/; connect-src 'self' 'unsafe-inline' cookiehub.net analytics.nyltx.com embedwistia-a.akamaihd.net distillery.wistia.com pipedream.wistia.com embed-fastly.wistia.com embed-ssl.wistia.com *.litix.io fg8vvsvnieiv3ej16jby.litix.io www.juicer.io *.hotjar.com wss://*.hotjar.com *.hotjar.io analytics.google.com www.google-analytics.com *.doubleclick.net *.apester.com; style-src 'self' 'unsafe-inline' blob: cookiehub.net fonts.googleapis.com assets.juicer.io *.cloudflare.com https://fast.wistia.com; font-src 'self' data: 'unsafe-inline' weightmans.com *.weightmans.com fonts.gstatic.com static.juicer.io https://*.wistia.com; img-src 'self' data: assets.juicer.io *.wistia.com embedwistia-a.akamaihd.net pbs.twimg.com maps.gstatic.com maps.googleapis.com www.google-analytics.com uniform.azureedge.net *.doubleclick.net 'unsafe-inline' *.google.com *.google.co.uk *.cdninstagram.com *.fbcdn.net *.apester.com *.juicer.io; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; worker-src 'self' blob:; 1
default-src 'self' https://www.google.com; connect-src 'self' https://vimeo.com https://sentry.io https://app.zencoder.com https://js.stripe.com/v3/ https://www.google-analytics.com https://ssl.google-analytics.com https://rs.fullstory.com https://web.facebook.com https://www.facebook.com https://forms.hubspot.com https://1q-askvert-assets-dev.s3.amazonaws.com https://1q-video-input-dev.s3.amazonaws.com https://1q-askvert-assets-test.s3.amazonaws.com https://1q-video-input-test.s3.amazonaws.com https://1q-askvert-assets-prod.s3.amazonaws.com https://1q-video-input-prod.s3.amazonaws.com blob:; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.google.com https://player.vimeo.com https://vimeo.com http://player.vimeo.com https://platform.twitter.com https://js.stripe.com/v3/ https://staticxx.facebook.com fbrpc://call; img-src * data: blob:; media-src blob: https://d3g65oypf6prn3.cloudfront.net https://d1rhiywm6dcjyw.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://connect.facebook.net https://www.googletagmanager.com http://tagmanager.google.com https://www.google.com https://www.gstatic.com https://platform.twitter.com https://js.stripe.com/v3/ https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://fullstory.com https://edge.fullstory.com https://vimeo.com https://js.hs-scripts.com http://js.hs-analytics.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://forms.hubspot.com; style-src 'self' https://fonts.googleapis.com http://tagmanager.google.com 'unsafe-inline'; report-uri https://sentry.io/api/1263064/security/?sentry_key=8a5ec54260bb45868b737b446557eaa0 1
base-uri 'self' *.google.com; child-src 'self' gap: *.google.com *.googletagmanager.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src 'self' gap: *.google.com *.googletagmanager.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src ict.infinity-tracking.net script.google.com 'self' sitesearch360.com wss://*.hotjar.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google-analytics.com *.hotjar.com *.hotjar.io *.investis.com *.sitesearch360.com *.twimg.com *.twitter.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com; script-src gap: ict.infinity-tracking.net 'self' mpsnare.iesnare.com sitesearch360.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.google.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.hotjar.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com vars.hotjar.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=N3xp6QTBwn%2bSucxGdaNMkNA9OihmI6I%2bF96P65okV6OFPxV0uJslpXKzRTw3INhEIP%2fmuS0RN4nzknp%2fT91oUcupS6ddM3tG5M%2bzfCjeQXAMAI%2btjAwon8Lwl2o32hBZw%2b49BROHdmDEk1udkbLd5lPGIx1FSeHUe%2bztebvACq1vVBZD7eh4DZMdF1RRhWP2Lnu2EIFewFqfcCkOk29YBg%3d%3d; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.financescout24.ch https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://www.googleadservices.com http://*.krxd.net http://connect.facebook.net https://secure.adnxs.com https://*.doubleclick.net https://*.crossengage.io https://www.facebook.com https://tagmanager.google.com https://bat.bing.com https://*.intercom.io https://*.intercomcdn.com https://*.dwin1.com https://insitez.blob.core.windows.net https://*.matelso.de https://*.criteo.net https://*.criteo.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://tagmanager.google.com; img-src 'self' 'unsafe-inline' *.immoscout24.ch *.autoscout24.ch data: https://www.google-analytics.com https://www.facebook.com https://*.krxd.net https://www.google.com https://*.doubleclick.net https://www.google.ch https://*.admeira.ch https://ssl.gstatic.com/ https://www.gstatic.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://*.intercomcdn.com https://*.intercomassets.com https://*.criteo.com https://*.yahoo.com https://*.taboola.com https://*.pubmatic.com https://*.e-planning.net https://*.media.net https://*.sharethrough.com https://*.omnitagjs.com https://*.bidswitch.net https://*.yieldlab.net https://*.adform.net https://*.teads.tv https://*.adscale.de https://*.openx.net https://*.3lift.com https://*.advertising.com https://*.360yield.com https://*.casalemedia.com https://*.smartadserver.com https://*.adnxs.com https://*.rubiconproject.com https://*.smaato.net https://*.outbrain.com https://*.google.de https://*.twiago.com https://*.ivitrack.com https://*.yandex.ru https://*.cdglb.com https://*.addthis.com https://*.yieldmo.com https://*.tapad.com https://*.postrelease.com https://*.liadm.com https://*.tremorhub.com https://*.stickyadstv.com https://*.bluekai.com https://*.thebrighttag.com https://*.smartclip.net; media-src 'self' https://*.intercomcdn.com; frame-src 'self' https://www.youtube.com *.financescout24.ch *.fs24docker.ch https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://cdn.krxd.net https://www.facebook.com https://*.g.doubleclick.net https://*.awin1.com https://*.criteo.com; frame-ancestors 'self'; child-src 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.intercomcdn.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com; connect-src 'self' *.financescout24.ch *.fs24docker.ch http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.crossengage.io https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.informizely.com https://*.matelso.de https://www.google.com https://adservice.google.com https://*.criteo.com https://criteo-sync.teads.tv 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1
default-src 'self' https: *.junkers.es; media-src 'self' https: mycliplister.com; font-src 'self' *.junkers.es; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.junkers.es; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors itzbund.preview.prod.gsb.bund.zivb.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com data: 1
default-src 'none'; script-src 'self' https://code.jquery.com https://www.google-analytics.com; img-src ' self 'https://www.google-analytics.com; connect-src' self '; font-src' self '; style-src' self ';  1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://nhs.attendanywhere.com https://feeds.trac.jobs/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.1/cropper.min.js *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.iubenda.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.1/cropper.min.css *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com; img-src 'self' data: *.atdmt.com *.facebook.com *.youtube.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jquery.com *.iubenda.com; frame-src 'self' *.facebook.com *.google.com *.iubenda.com *.youtube-nocookie.com; font-src 'self' *.gstatic.com *.fontawesome.com *.bootstrapcdn.com; connect-src 'self' *.iubenda.com *.google-analytics.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1
default-src 'none'; img-src 'self' *.oettinger-physics.de data: cdnjs.cloudflare.com unpkg.com  ; script-src 'self' *.oettinger-physics.de 'nonce-39z6Jy6DmznZx8+dimccK1eMVuM=' cdnjs.cloudflare.com unpkg.com ; style-src 'self' *.oettinger-physics.de cdnjs.cloudflare.com unpkg.com ; font-src 'self' cdnjs.cloudflare.com www.oettinger-physics.de;  base-uri 'self'; form-action 'self'  ; frame-ancestors 'self' www.oettinger-physics.de 1
default-src 'self'; block-all-mixed-content; connect-src 'self' syndication.twitter.com www.google-analytics.com assets.pinterest.com; font-src 'self' cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src *; img-src 'self' s3-eu-west-1.amazonaws.com platform.twitter.com www.facebook.com data: web.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.uk www.paypalobjects.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.pinterest.com log.pinterest.com connect.facebook.net platform.twitter.com syndication.twitter.com tfw-current.s3.amazonaws.com www.google.com www.gstatic.com cdnjs.cloudflare.com stevenlevithan.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.stripe.com https://*.windriverfinancialgateway.com 1
default-src 'self'; img-src 'self' data: assetfiles.com *.pbwstatic.com www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com arapahoe.bibliocms.com *.arapahoe.bibliocms.com https://arapahoelibraries.org arapahoelibraries.org *.arapahoelibraries.org; 1
frame-ancestors 'self' https://yobingo-static.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com  *.obi4wan.com *.pusher.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.obi4wan.com *.amazonaws.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost;  1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com https://www.jquery.com https://www.jqueryui.com;style-src 'self' *bootstrap.com; 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors https://secure.dodo.it/ http://www.dodo.it/ ; 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' blob: * https:; connect-src * blob:; 1
default-src 'self' 'unsafe-inline' https:; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: 1
default-src 'self' 'unsafe-eval' https://www.youtube.com:* 'unsafe-inline' https://bam.nr-data.net:* https://www.google.com:* https://www.googleapis.com:*  https://clients1.google.com:* https://code.jquery.com:* https://js-agent.newrelic.com:*  https://cdn.printfriendly.com:* https://cdn.jsdelivr.net:*  https://www.google-analytics.com:* https://cse.google.com:*  https://ds-4047.kxcdn.com:*; report-uri /admin/config/system/seckit/csp-report 1
font-src 'self' data: https://helleniccdn-hellenictechnolo.netdna-ssl.com *.googleusercontent.com  https://cdn.onesignal.com  *.google.com * 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.googleapis.com *.facebook.net *.doubleclick.net *.ads-twitter.com *.trackedlink.net *.licdn.com *.addthis.com *.paypalobjects.com *.mouseflow.com *.moatads.com *.addthisedge.com *.paypal.com *.twitter.com *.facebook.com *.postcodeanywhere.co.uk; default-src 'self' data:; worker-src ; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; connect-src 'self' rec1.visualwebsiteoptimizer.com www.google-analytics.com *.paypal.com *.addthis.com *.doubleclick.net *.mouseflow.com *.bracedigital.com; font-src 'self' hello.myfonts.net fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: *.linkedin.com *.google.com *.google.co.uk https://t.co/i/adsct *.paypal.com *.facebook.com https://umbraco.tv *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' vcc-eu2.8x8.com platform.twitter.com syndication.twitter.com *.8x8.com *.addthis.com *.youtube.com *.paypal.com *.facebook.com *.sagepay.com *.bracedigital.com; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.comhttps://code.jquery.com *.cloudfront.net ;  connect-src 'self' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net ;  img-src 'self' data: *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net ;  style-src 'self' 'unsafe-inline' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net ;  frame-ancestors 'self' ; frame-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ;  child-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ;  font-src 'self' fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edg tagmanager.google.come.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri /report-csp-violation 1
default-src 'self' https://piwik.bzga.de/ script-src 'unsafe-inline' img-src https://piwik.bzga.de/ 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com trustedsurf.com ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net 1
"default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';" 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://c.evidon.com https://munchkin.marketo.net https://stats.sa-as.com https://www.google-analytics.com https://zscalertwo.net https://*.zscalertwo.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: https://l.betrad.com https://c.evidon.com https://stats.sa-as.com; media-src 'self' https: data: blob:; frame-src 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; frame-ancestors 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; child-src 'self'; font-src 'self' https: data: blob: http://go.gewwmarketing.com/; connect-src 'self' https: https://324-zbg-118.mktoresp.com; report-uri /report-csp-violation 1
allow 'self'; frame-ancestors 'none' 1
script-src 'self' https://*.variance.hu/* https://variance.hu/* https://*.inlock.io/* https://inlock.io/* blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.google.com *.gstatic.com; connect-src 'self'; frame-src *.google.com 1
default-src platform.twitter.com www.facebook.com www.totallyhosted.net www.totallyhosted.nl 'self' 'unsafe-inline' www.google.com maps.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com; script-src connect.facebook.net platform.twitter.com platform.linkedin.com www.totallyhosted.net www.totallyhosted.nl 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com www.gstatic.com  www.google.com www.google-analytics.com www.totallyhosted.nl; img-src chart.googleapis.com www.facebook.com *.twitter.com maps.gstatic.com maps.googleapis.com www.google-analytics.com www.totallyhosted.net www.totallyhosted.nl 'self' data:; style-src-elem 'unsafe-inline' www.gstatic.com www.totallyhosted.net www.totallyhosted.nl 'self' www.google.com *.googleapis.com maxcdn.bootstrapcdn.com; font-src fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.totallyhosted.net www.totallyhosted.nl 'self'; connect-src wss://*.totallyhosted.nl:* https://www.totallyhosted.nl https://www.totallyhosted.net; 1
default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/  http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com https://alteryz.s3.amazonaws.com/copalove/ https://script.googleusercontent.com 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src 'self' *.justiz.nrw;    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.etracker.com *.etracker.de ;    style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com;    font-src *;    img-src data: *;    frame-ancestors 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    frame-src 'self' *.nrw.de *.justiz.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    object-src 'self';    media-src *; 1
default-src 'self' www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com; font-src 'self' data: https://*.smartsuppcdn.com; img-src 'self' data: https://*.smartsuppcdn.com https://twemoji.maxcdn.com; media-src 'self' https://*.smartsuppcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.smartsuppcdn.com https://*.smartsuppchat.com; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' webcode.telekom-dienste.de fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com *.wbtrk.net lo.v.liveperson.net accdn.lpsnmedia.net *.facebook.net *.intelliad.de *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.cloudflare.com empathy-portal.de lpcdn.lpsnmedia.net *.usabilla.com *.cloudfront.net *.adform.net; object-src 'self'; style-src 'self' 'unsafe-inline' webcode.telekom-dienste.de www.telekom.de fonts.googleapis.com *.cloudfront.net; img-src data: 'self' cdn.smarthome.de webcode.telekom-dienste.de *.doubleclick.net fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com lpcdn.lpsnmedia.net *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com empathy-portal.de *.brodos.com *.facebook.com *.intelliad.de tracking.mlsat02.de *.cloudfront.net *.usabilla.com; media-src 'self' fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com lpcdn.lpsnmedia.net; frame-src 'self' *.rfihub.com t23.intelliad.de *.youtube-nocookie.com *.youtube.com lptag.liveperson.net lpcdn.lpsnmedia.net *.lo.cobrowse.liveperson.net server.lon.liveperson.net email-telekom.de shopsuche.telekom.de *.facebook.com *.facebook.net/ ebs08-stg.telekom.de ebs08.telekom.de https://d6tizftlrpuof.cloudfront.net *.usabilla.com; font-src 'self' https://ebs10.telekom.de *.gstatic.com data: https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://fonts.googleapis.com; connect-src 'self' https://ebs10.telekom.de wss://gwe-dmz-cc.telekom.de https://gwe-dmz-cc.telekom.de https://rest.ice-search.de https://iss-staging-backend.ice-search.de https://ebs01-stg.telekom.de ebs01.telekom.de https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://ebs02.telekom.de; form-action 'self' shopsuche.telekomshop.de *.facebook.net *.facebook.com 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1
script-src sharedpro.in 1
allow 'self'; gtp.com.au 1
reflected-xss block 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src wss://ws.ttsep.com/ accounts.google.com 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 1
default-src 'self' data: *.avaus.io *.avaus.com *.avaus.fi *.avaus.se *.facebook.net *.google.fi *.bizographics.com *.linkedin.com *.facebook.com *.marketo.com *.mktoresp.com *.marketo.net *.juicer.io *.instagram.com *.google.com *.google.se *.googleanalytics.com *.appspot.com player.vimeo.com *.vimeocdn.com cdnjs.cloudflare.com use.fontawesome.com *.adform.net *.google-analytics.com *.googleadservices.com *.doubleclick.net *.gstatic.com *.google.pl *.youtube.com *.ytimg.com *.ggpht.com *.vendemore.com *.cookiebot.com *.cookiepro.com *.onetrust.com *.googleapis.com *.googletagmanager.com *.slideshare.net *.slidesharecdn.com app.interactiveads.ai leadfeeder.com *.leadfeeder.com *.lfeeder.com snap.licdn.com bot.leadoo.com *.adobedtm.com *.demdex.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' *.nspa.org.uk *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/ *.hotj blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleapis.com *.gstatic.com apis.google.com *.googleadservices.com *.doubleclick.net *.mouseflow.com *.youtube.com *.vimeo.com *.google.com *.google.nl *.mijnwefact.nl *.ytimg.com *.feedbackcompany.nl 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.wakwak.com seal.globalsign.com ssif1.globalsign.com www.googletagmanager.com www.google-analytics.com *.chatplus.jp www-wak-t.wakwak.com;allow 'self' 'unsafe-inline' 'unsafe-eval' data: www.wakwak.com seal.globalsign.com ssif1.globalsign.com www.googletagmanager.com www.google-analytics.com *.chatplus.jp www-wak-t.wakwak.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'none'; 1
default-src https://platform.elite-network.com https://marketplace.elite-network.com; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://apikeys.civiccomputing.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://borsaitaliana-view.thron.com https://borsaitaliana-device.thron.com https://borsaitaliana-view.4me.it https://borsaitaliana-cdn.thron.com https://borsaitaliana-4me.weebo.it https://api.elite-network.com https://platform.elite-network.com https://www.google-analytics.com https://www.elite-network.com https://borsaitaliana-cdn.thron.com https://borsaitaliana-view.thron.com https://api.elite.local data:; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://js.intercomcdn.com https://www.elite-network.com https://www.phase2.elite-network.com; form-action 'self' https://syndication.twitter.com https://platform.twitter.com/ https://www2.londonstockexchangegroup.com https://www.elite-network.com/; frame-ancestors 'self'; frame-src 'self' https://platform.twitter.com/ https://www.asset.tv http://fast.wistia.net https://fast.wistia.net https://borsaitaliana-cdn.thron.com https://borsaitaliana-4me.weebo.it https://fast.wistia.com https://syndication.twitter.com/ http://www2.londonstockexchangegroup.com https://www2.londonstockexchangegroup.com https://www.google.com/ https://www.gstatic.com/recaptcha/ https://walls.io/ https://livestream.com https://etinerary.elite-network.com https://www.infodata.ilsole24ore.com https://platform.elite-network.com; img-src 'self' data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://borsaitaliana-view.thron.com https://borsaitaliana-cdn.thron.com https://borsaitaliana-track.thron.com http://borsaitaliana-4me.weebo.it https://borsaitaliana-4me.weebo.it https://borsaitaliana-view.4me.it http://borsaitaliana-view.4me.it https://static.alturalabs.com http://static.alturalabs.com https://tagmanager.google.com https://www.gstatic.com https://ssl.gstatic.com https://www.google-analytics.com https://syndication.twitter.com https://abs.twimg.com/ https://platform.twitter.com/ https://pbs.twimg.com/ https://google-analytics.com https://stats.g.doubleclick.net https://www.lseg.com https://clubdeal.elite-network.com https://growth.elite-network.com https://connect.elite-network.com https://etinerary.elite-network.com https://api.elite-network.com https://platform.elite-network.com https://ssl.google-analytics.com; manifest-src 'self' https://elite-network.com; media-src 'self' blob: 'unsafe-inline' https://borsaitaliana-4me.weebo.it http://fast.wistia.net https://fast.wistia.net https://borsaitaliana-cdn.thron.com https://js.intercomcdn.com https://borsaitaliana-view.thron.com http://borsaitaliana-cdn.thron.com; object-src 'none'; script-src blob: 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://widget.intercom.io https://js.intercomcdn.com 'unsafe-eval' https://cdn.jsdelivr.net https://borsaitaliana-4me.weebo.it/static/player/4x/scripts/embedscript-min.js borsaitaliana-view.4me.it/api/xcontents/resources/delivery/getContentDetail https://borsaitaliana-cdn.thron.com https://borsaitaliana-4me.weebo.it https://ssl.google-analytics.com https://fast.wistia.net https://fast.wistia.com https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://www.google.com/ https://www.gstatic.com/recaptcha/ https://livestream.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://borsaitaliana-cdn.thron.com https://borsaitaliana-4me.weebo.it https://tagmanager.google.com https://fonts.googleapis.com https://platform.twitter.com/; upgrade-insecure-requests; report-uri /security/csp/report 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com; style-src 'unsafe-inline' 'self' https://tagmanager.google.com https://fonts.googleapis.com; 1
default-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com/ajax/libs/animate.css/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com/bootstrap-table@1.16.0/dist/ https://use.fontawesome.com/releases/ https://unpkg.com/bootstrap-table@1.16.0/dist https://ipinfo.io/ https://cdnjs.cloudflare.com/ajax/libs/tinysort/; img-src * 'self' data:; frame-src https://www.google.com/recaptcha/ 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.google.com https://*.typekit.net https://metrics.mehrwert.de https://www.google-analytics.com/; style-src https: 'unsafe-inline' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.typekit.net https://metrics.mehrwert.de; frame-ancestors https://www.fortuna-koeln.de https://verein.fortuna-koeln.de https://verein.www.fortuna-koeln.de https://www.fortuna-koeln.de https://twitter.com https://*.twitter.com 1
default-src 'self' *.googlesyndication.com; 1
frame-ancestors 'self' https://optimize.google.com/ https://forum.tactical-store.com 1
default-src 'self' https://checkbrowser.hin.ch  https://go.online-ident.ch  http://tag.myaspectra.ch  https://app.certifaction.io ; script-src https://www.islonline.net  http://tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com  'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.youtube.com  https://app.certifaction.io ; font-src 'self' https://fonts.gstatic.com ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com ; img-src 'self' http://tag.myaspectra.ch http://0.gravatar.com data:  1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1
frame-ancestors 'self'; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com; frame-src 'self' us.llama.ai https://www.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com; worker-src blob: 'self';frame-ancestors 'self'; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com; frame-src 'self' us.llama.ai https://www.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com; worker-src blob: 'self'; 1
default-src 'self' *.youtube.com *.google.com *.gravatar.com data: *.typekit.net *.google-analytics.com *.amazonaws.com *.googleapis.com *.gstatic.com; style-src 'self' *.googleapis.com *.cloudflare.com 'unsafe-inline' *.cloudfront.net *.cloudflare.com; script-src 'self' 'unsafe-inline' *.polyfill.io *.newrelic.com *.nr-data.net *.cloudfront.net *.typekit.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com; font-src 'self' *.gstatic.com data: *.typekit.net 1
default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: https://players.brightcove.net https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: https://a.idio.co/ https://i.idio.co; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ https://s.idio.co/ia.js https://js.idio.co/1473.js https://s.idio.co/ip.js https://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/; style-src * 'unsafe-inline'; frame-ancestors 'self' http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/; 1
frame-ancestors *; 1
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'self' 'unsafe-inline' ; img-src * data: 'self' ; font-src * data: 'self' ; connect-src * 'self' ; media-src * 'self' ; object-src * 'self' ; frame-ancestors * 'self' ; form-action * 'self' ; 1
child-src t.svtrd.com youtube.com www.youtube.com *.doubleclick.net app4.premieserverplus.nl connect.facebook.net *.24sessions.com www.youtube-nocookie.com youtube-nocookie.com;connect-src 'self' maps.googleapis.com api.advieskeuze.nl *.usabilla.com;default-src 'none';font-src 'self' data:  fonts.gstatic.com d6tizftlrpuof.cloudfront.net;form-action 'self' t.svtrd.com connect.facebook.net;frame-ancestors 'self' *.usabilla.com d6tizftlrpuof.cloudfront.net;img-src 'self' data:  www.google-analytics.com *.doubleclick.net www.google.com www.google.be www.google.nl *.svtrd.com *.facebook.com d6tizftlrpuof.cloudfront.net *.usabilla.com *.googleadservices.net *.gstatic.com maps.googleapis.com advieskeuzestorage.blob.core.windows.net *.advieskeuze.nl europe-west2-data-argenta-216109.cloudfunctions.net;manifest-src 'none';media-src *;object-src 'none';report-uri https://insurco.report-uri.io/r/default/csp/enforce;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com connect.facebook.net maps.googleapis.com *.usabilla.com d6tizftlrpuof.cloudfront.net *.svtrd.com *.24sessions.com www.googletagmanager.com tagmanager.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.usabilla.com d6tizftlrpuof.cloudfront.net tagmanager.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com https://www.dekust.be https://cdn.knightlab.com/ https://vars.hotjar.com/; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/; report-uri /admin/config/system/seckit/csp-report 1
default-src *; connect-src *; script-src *; object-src *; 1
frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 1
sandbox allow-forms allow-scripts allow-top-navigation allow-popups allow-popups-to-escape-sandbox; 1
frame-ancestors https://webvisor.com/; 1
default-src 'self' bam.eu01.nr-data.net cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com bam.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net p.typekit.net cloud.typography.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1
default-src 'self' https://www.surveymonkey.com *.feathr.co www.googletagmanager.com *.paypal.com *.youtube.com www.mag.org www.googletagmanager.com *.facebook.com *.spreaker.com secure.mag.org www.google-analytics.com https://www.google.com https://docs.google.com https://calendar.google.com https://accounts.google.com *.buzzsprout.com *.twitter.com;style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://widget.surveymonkey.com *.feathr.co *.paypal.com *.spreaker.com www.googletagmanager.com *.twimg.com platform.twitter.com *.facebook.com *.facebook.net secure.mag.org www.google-analytics.com *.buzzsprout.com;font-src 'self' fonts.gstatic.com;img-src 'self' data: about: https://secure.surveymonkey.com *.paypal.com https://stats.g.doubleclick.net *.feathr.co https://match.adsrvr.org https://www.paypalobjects.com http://www.coolfundraisingideas.net stats.g.doubleclick.net *.mag.org *.twimg.com *.twitter.com *.facebook.com www.google-analytics.com; 1
default-src 'none'; script-src 'self' https://*.googleadservices.com https://*.dynatrace.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://*.cxtrvl.com https://*.tstllc.net *.sas.com  *.aimatch.com *.gigya.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cloud.webtype.com https://hello.myfonts.net https://*.googleapis.com https://*.cxtrvl.com *.gigya.com 'unsafe-inline'; connect-src 'self' *.sas.com *.aimatch.com *.dynatrace.com  https://*.cxtrvl.com *.foresee.com https://*.tstllc.net *.cnxloyalty.com *.gigya.com *.cnxloyalty.com; font-src 'self' https://cloud.webtype.com https://*.gstatic.com https://*.googleapis.com https://*.cxtrvl.com; img-src 'self' data: https://*.vacationsdirect.com https://*.cloudfront.net https://*.viator.com *.budget.com *.avis.com *.thrifty.com *.dollar.com *.rcstatic.com *.gigya.com *.cartrawler.com *.enterprise.fr *.nationalcar.com *.alamo.com *.enterprise.com *.carhire-solutions.com https://*.cxtrvl.com *.cxloyalty.com https://*.tripadvisor.com https://pls.webtype.com *.orxenterprise.com https://www.google-analytics.com https://*.tripadvisor.com https://*.gstatic.com https://*.googleapis.com https://placehold.it https://placeholdit.imgix.net https://*.tacdn.com https://*.ehi.com reflected-xss block; form-action 'self' *.cxtrvl.com *.gigya.com https://cxlvacations.cdev.infra.tstllc.net/cruise/cruises/rewards; frame-ancestors *.sas.com *.aimatch.com *.cnxloyalty.com *.gigya.com; plugin-types application/pdf; frame-src ;object-src 'self'; 1
default-src 'self' *.ebola.cz; options inline-script eval-script; img-src 'self' *.ebola.cz 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com omaha.bibliocms.com *.omaha.bibliocms.com https://omahalibrary.org omahalibrary.org *.omahalibrary.org; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.devolksbank.nl https://*.googleapis.com https://srv.snsbank.nl https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube-nocookie.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://srv.snsbank.nl https://*.demdex.net; base-uri 'self'; img-src 'self' https://*.devolksbank.nl https://srv.snsbank.nl https://tagmanager.google.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google-analytics.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; connect-src 'self' https://*.devolksbank.nl https://srv.snsbank.nl https://www.google-analytics.com https://www.google-analytics.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com maps.googleapis.com developers.google.com *.3qsdn.com *.flickr.com tde-stats.spin-ag.de *.telefonica.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.3qsdn.com; connect-src 'self' *.3qsdn.com; media-src 'self' *.youtube-nocookie.com *.3qsdn.com *.flickr.com blob:; child-src 'self' *.telefonica.de *.udldigital.de *.youtube-nocookie.com *.3qsdn.com blob:; object-src 'self'; frame-src 'self' *.telefonica.de *.youtube-nocookie.com data:; form-action 'self'; img-src 'self' chart.apis.google.com  maps.gstatic.com *.googleapis.com developers.google.com *.udldigital.de *.telefonica.de *.flickr.com tde-stats.spin-ag.de *.3qsdn.com data: 1
frame-ancestors https://www.twoa.ac.nz 1
child-src https: 'self' https://enertrag.com/ https://*.enertrag.com/; default-src https: 'self' data: https://enertrag.com/ https://analytics.enertrag.com/ https://www.youtube.com/ https://maps.google.de/ https://*.gstatic.com/ https://*.googleapis.com/;script-src 'self' https://analytics.enertrag.com/ https://*.enertrag.com/ 'unsafe-inline' 'unsafe-eval' https://maps.google.de/ https://maps.googleapis.com/; font-src 'self' data: https://*.enertrag.com/ https://enertrag.com/ https://netdna.bootstrapcdn.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/; style-src 'unsafe-inline' 'self' https://*.enertrag.com/ https://enertrag.com/ https://hello.myfonts.net https://fonts.googleapis.com/; object-src https://*.enertrag.com/ 1
script-src 'self' 'unsafe-inline' https://fr.fbhackpass.com https://stats.g.doubleclick.net https://www.google-analytics.com; base-uri 'self'; img-src 'self' data: https://stats.g.doubleclick.net https://www.google-analytics.com 1
default-src https://www.cryptshare.com; script-src 'unsafe-inline' 'unsafe-eval' https://www.cryptshare.com https://landing.cryptshare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://api.hubspot.com https://api.hubapi.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hscta.net https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://www.google-analytics.com/ https://bat.bing.com/ https://snap.licdn.com https://js.usemessages.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'unsafe-inline' https://www.cryptshare.com https://landing.cryptshare.com; img-src data: https://www.cryptshare.com https://landing.cryptshare.com https://no-cache.hubspot.com https://www.google.com https://www.google.de https://www.google-analytics.com/ https://bat.bing.com/ https://track.hubspot.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://www.linkedin.com; media-src https://www.cryptshare.com; frame-src https://www.cryptshare.com https://consentcdn.cookiebot.com https://app.hubspot.com/ https://forms.hubspot.com/ https://www.youtube.com; font-src https://www.cryptshare.com https://landing.cryptshare.com; connect-src data: https://www.cryptshare.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://bat.bing.com 1
default-src https: 'self'; script-src https: 'unsafe-inline' 'self'; style-src https: 'unsafe-inline' 'self' 1
default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://vhostdns.net https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1
allow 'self' ssl.daumcdn.net; 1
base-uri 'none'; form-action 'self'; default-src 'none'; script-src 'self' https://piwik.wut.de; style-src 'self' https://piwik.wut.de; img-src 'self' https://piwik.wut.de; frame-src 'self' https://piwik.wut.de; font-src 'self'; connect-src 'self'; frame-ancestors 'self' https://piwik.wut.de; report-uri /util/e-wwwww-rp-smww-000.php; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1
default-src 'self' stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com form.lidl.com lidl.media01.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 1
font-src 'self' fonts.gstatic.com https://*.intercomcdn.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com data:; img-src * data:; script-src 'self' 'unsafe-inline' www.googleadservices.com www.googletagmanager.com www.google-analytics.com marketing.talmix.com marketing.mbaco.com https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ connect.facebook.net https://s.adroll.com https://d.adroll.com https://*.intercom.io https://*.intercomcdn.com https://pi.pardot.com https://fullstory.com https://*.fullstory.com https://d2yyd1h5u9mauk.cloudfront.net https://scout-cdn.salesloft.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com https://1922ad1ca24372498797-3b677d6bb99015de4b7df47cce09c3b8.ssl.cf3.rackcdn.com; style-src 'self' tagmanager.google.com fonts.googleapis.com 'unsafe-inline' https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com 1
frame-ancestors 'self' https://*.googletagmanager.com https://themes.googleusercontent.com https://*.cloudfront.net https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.sumome.com https://*.doubleclick.net https://*.msn.com https://*.google.com https://*.twitter.com https://t.co https://*.google.be https://*.facebook.com https://*.newrelic.com https://bam.nr-data.net https://sumome-140a.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.ytimg.com https://cdncache-a.akamaihd.net https://*.youtube.com https://s.ytimg.com https://*.googlevideo.com https://*.addthis.com https://pbs.twimg.com 1
default-src 'self'; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spam.com.sg https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; options inline-script eval-script 1
img-src * https://www.google-analytics.com/ data: ; default-src *; script-src www.globalballooning.com.au cn.globalballooning.com.au 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.facebook.com *.fbcdn.net *.fbcdn.net *.facebook.net *.youtube.com *.gstatic.com *.google-analytics.com/ *.googletagmanager.com *.doubleclick.net https://www.google.com/ads/user-list https://www.google.XYX/ads/user-list *.googleadservices.com *.gstatic.com   *.akamaihd.net *.tawk.to cdn.jsdelivr.net data: ; frame-src https://www.googletagmanager.com/ns.html *.youtube.com *.vimeo.com *.securepay.com.au *.weatherlink.com; style-src * 'unsafe-inline' ; connect-src www.globalballooning.com.au cn.globalballooning.com.au   *.facebook.com *.fbcdn.net *.facebook.net  *.akamaihd.net ws://*.facebook.com:* *.tawk.to wss://*.tawk.to https://www.google-analytics.com/; 1
object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1
default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' embed.culturalspot.org www.tripadvisor.com.hk *.google-analytics.com www.google.com www.gstatic.com *.googleapis.com live.staticflickr.com; font-src 'self' data:; style-src 'self' 'unsafe-inline';img-src 'self' www.tripadvisor.com.hk *.google-analytics.com live.staticflickr.com data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' a.opmnstr.com *.hotjar.com redbook.listerhill.com connect.facebook.net  *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com  *.typeform.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.stripe.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' *.google-analytics.com *.google.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; img-src 'self' data: www.facebook.com *.googletagmanager.com maps.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com  *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com; frame-src data: *.hotjar.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.google-analytics.com *.google.com *.stripe.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.typeform.com zlcuma.secure.fundsxpress.com; font-src 'self' data: *.google-analytics.com *.google.com fonts.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; connect-src 'self' vc.hotjar.io  api.opmnstr.com api.omappapi.com *.hotjar.com *.google-analytics.com maps.googleapis.com 1
frame-ancestors https://*.barcodefactory.com 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
default-src https: ;         form-action https: ;         script-src https://optimize.google.com 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com/ https://uusi.kespro.fi https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com ;         style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' https://uusi.kespro.fi 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com ;         img-src https://optimize.google.com https://www.googletagmanager.com https://www.google.fi https://public.keskofiles.com https://bam.nr-data.net https://www.google.com https://www.google.com https://uusi.kespro.fi data: https://stats.g.doubleclick.net https://www.kespro.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://www.facebook.com ;         font-src https://fonts.gstatic.com https://uusi.kespro.fi https://fonts.gstatic.com https://*.hotjar.com ;         connect-src https://stats.g.doubleclick.net https://bam.nr-data.net https://uusi.kespro.fi https://www.kespro.com https://www.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com https://www.facebook.com https://dvkesp.deepvision.cloud.solteq.com  https://*.hotjar.io ;         frame-src https://optimize.google.com https://*.hotjar.com https://www.facebook.com ;         block-all-mixed-content; upgrade-insecure-requests; report-uri https://kespro.report-uri.com/r/default/csp/enforce; 1
frame-ancestors 'self' https://www.bluebiz.com 1
default-src 'self'; manifest-src resources.staging.obie.ai resources.obie.ai 'self'; connect-src 'self' va.tawk.to static-v.tawk.to static-v7.tawk.to *.tawk.to wss://*.tawk.to api.taplytics.com ping.taplytics.com obie.ai staging.obie.ai integrations.obie.ai integrations.staging.obie.ai tasytt.com staging.tasytt.com app.getsitecontrol.com api.amplitude.com www.google-analytics.com *.doubleclick.net api.intercom.io api-iam.intercom.io api-ping.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com; frame-src 'self' va.tawk.to calendly.com optimize.google.com www.loom.com bid.g.doubleclick.net extension.staging.obie.ai extension.obie.ai www.google.com; font-src 'self' data: use.typekit.net fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com static-v.tawk.to js.intercomcdn.com; style-src 'self' optimize.google.com fonts.gstatic.com fonts.googleapis.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net maxcdn.bootstrapcdn.com obie.ai staging.obie.ai extension.staging.obie.ai extension.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com cdn.jsdelivr.net cdnjs.cloudflare.com p.typekit.net 'unsafe-inline'; script-src 'self' data: code.jquery.com maxcdn.bootstrapcdn.com obie.ai staging.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.heapanalytics.com maps.googleapis.com aivalabs.com my.hellobar.com js.taplytics.com www.googleoptimize.com www.google-analytics.com connect.facebook.net embed.tawk.to ct.capterra.com www.googleadservices.com assets.calendly.com www.google.com www.gstatic.com tracking.g2crowd.com ajax.googleapis.com d3e54v103j8qbb.cloudfront.net extension.staging.obie.ai extension.obie.ai widgets.getsitecontrol.com st.getsitecontrol.com app.getsitecontrol.com cdn.amplitude.com optimize.google.com sjs.bizographics.com app.intercom.io widget.intercom.io js.intercomcdn.com snap.licdn.com googleads.g.doubleclick.net checkout.stripe.com google.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' optimize.google.com www.google.com www.google.ca obie.ai staging.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net cdn.jsdelivr.net cdnjs.cloudflare.com www.facebook.com www.google-analytics.com data: static-v.tawk.to stats.g.doubleclick.net www.googletagmanager.com *.doubleclick.net *.linkedin.com *.adsymptotic.com extension.staging.obie.ai extension.obie.ai js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com messenger-apps.intercom.io *.intercom-attachments.com hi.hellobar.com uploads-ssl.webflow.com app.getsitecontrol.com 1
default-src 'self' *.dollplanet.ru dollplanet.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dollplanet.ru dollplanet.ru my2.imgsmail.ru http://www.gstatic.com yandex.st pagead2.googlesyndication.com vk.com cdn.connect.mail.ru mc.yandex.ru *.yandex.ru *.youtube.com https://www.youtube.com http://www.google-analytics.com https://www.google-analytics.com https://*.staticflickr.com https://flic.kr https://www.flickr.com ; object-src 'self' *.dollplanet.ru dollplanet.ru http://www.gstatic.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.macromedia.com *.ytimg.com ytimg.com *.googlevideo.com googlevideo.com *.yandex.ru ; style-src 'self' 'unsafe-inline' *.dollplanet.ru dollplanet.ru *.yandex.ru ; img-src 'self' *.dollplanet.ru dollplanet.ru http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com barbieplanet.ru www.dollyshouse.ru http://*.photobucket.com https://fotki.yandex.ru https://img-fotki.yandex.ru http://counter.yadro.ru  *.yandex.ru ; data: vk.com yastatic.net http://www.liveinternet.ru counter.yadro.ru mc.yandex.ru http://www.google-analytics.com https://www.google-analytics.com http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com https://www.youtube.com  *.yandex.ru ; media-src 'self' *.dollplanet.ru dollplanet.ru https://www.youtube.com http://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.googlevideo.com; frame-src 'self' *.dollplanet.ru dollplanet.ru connect.mail.ru googleads.g.doubleclick.net vk.com http://www.youtube.com https://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com  *.yandex.ru ; font-src 'self' *.dollplanet.ru dollplanet.ru *.yandex.ru ; connect-src 'self' *.dollplanet.ru dollplanet.ru mc.yandex.ru *.gstatic.com *.yandex.ru  1
frame-ancestors * 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.youtube.com *.gravatar.com *.twitter.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com *.twitter.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.gstatic.com data:; frame-src *.youtube.com *.twitter.com; 1
default-src 'self'; connect-src 'self' https:; font-src 'self' chrome-extension: https:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://disqus.com http://disqus.com disqus.com; img-src 'self' data: http: https:; script-src 'self' https://cdn.ampproject.org https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com https://*.twimg.com https://platform.twitter.com data:; style-src 'self' https://fonts.googleapis.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://*.twimg.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com 'unsafe-inline'; 1
default-src www.pranfoods.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com *.google.com *.gstatic.com  cdn.rawgit.com cdn.bootcss.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.rawgit.com maxcdn.bootstrapcdn.com cdn.bootcss.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com csi.gstatic.com maps.gstatic.com maps.google.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com *.google.com *.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' http://mash-5101648.hs-sites.com https://app.hubspot.com https://www.mash.com 1
default-src 'self' *.intercom.io wss://nexus-websocket-a.intercom.io *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* wss://trisproxy.charles-stanley-direct.co.uk *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.sharethis.com *.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.sharethis.com *.consensu.org; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.consensu.org 1
frame-ancestors scvr.co *.scvr.co 1
frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 1
allow 'self'; options inline-script eval-script; frame-ancestors 'self' 1