Values for x-content-security-policy:
allow 'self'; 134
frame-ancestors 'self' 84
default-src 'self' 45
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 40
default-src 'self' 'unsafe-inline' 38
report-uri /report-csp-violation 37
35
default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 31
frame-ancestors 'none' 28
default-src 'self'; 24
upgrade-insecure-requests 23
default-src 'self'; script-src 'self'; 19
report-uri /report-csp-violation; upgrade-insecure-requests 17
default-src 'self'; script-src 'self' 'unsafe-inline' 13
frame-ancestors https://*.marketo.com 12
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 12
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation 11
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net dpm.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net 11
default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 11
referrer origin 10
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 10
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 10
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 9
allow 'self'; media-src *; img-src *; script-src *; style-src *; 9
frame-ancestors https://*.canalplus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 8
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 8
allow 'self' 8
frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 7
frame-ancestors 'self' weleda.sabio.de 7
connect-src * 'self' 6
frame-ancestors 'self' https://optimize.google.com/ 6
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 6
sandbox allow-scripts allow-popups allow-same-origin; 6
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 6
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https: 6
default-src 'self' 'unsafe-inline'; 6
frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 6
upgrade-insecure-requests; 5
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; 5
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 5
report-uri //report-csp-violation 5
nosniff 5
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 5
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 5
default-src https: 'unsafe-inline' 5
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 5
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 5
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com https://act.nrdc.org; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
frame-ancestors 'self' ; 4
frame-ancestors 'self' *.oui.sncf; report-uri /report-csp-violation; upgrade-insecure-requests 4
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 4
block-all-mixed-content 4
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com  brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud; report-uri //report-csp-violation 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self'; base-uri 'self'; 4
default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl www.praguecitytourism.cz www.praguecitytourism.com;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com *.doubleclick.net *.google-analytics.com www.praguecitytourism.cz www.praguecitytourism.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com cdn.tiny.cloud *.gstatic.com www.praguecitytourism.cz www.praguecitytourism.com;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl *.google-analytics.com tickets.colosseum.eu;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz app.powerbi.com;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz app.powerbi.com;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl *.tinymce.com *.seznam.cz www.praguecitytourism.cz www.praguecitytourism.com;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl cdn.tiny.cloud www.praguecitytourism.cz www.praguecitytourism.com;object-src 'self' cdn-vsh.prague.eu 4
frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 4
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 4
frame-ancestors http://* 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 4
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; frame-src *.google.com *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv cdn.jwplayer.com; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io cms.sqat.eu; frame-ancestors 'self'; 4
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 4
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com 'unsafe-eval'; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au mipubapistorageprod.blob.core.windows.net; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com 4
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 4
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://static.accountdock.com https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3
script-src 'self' 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 3
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 3
frame-ancestors 'self' tvn24.pl *.tvn24.pl 3
base-uri 'self'; frame-ancestors 'self' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 3
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com app.veertly.com; report-uri /report-csp-violation 3
frame-ancestors www.red-gate.com; 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 3
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dnbweb-editor.preview.kkn.zd.intranet.bund.de *.cloudfront.net jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 3
frame-ancestors *.windstream.net 3
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co banman.providermagazine.com banman.ahcancal.org; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com ahcancal.wufoo.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com polo.feathr.co analytics.tiktok.com 3
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 3
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 3
frame-ancestors liveshareeast3.seismic.com huron.seismic.com 3
frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online  https://ecommerctst.tatasteel.online  https://ecmc01qa.tatasteel.online  https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online; report-uri /ts/report-csp-violation 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 3
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data:; report-uri /report-csp-violation 3
self 3
frame-ancestors https://*.smartrecruiters.com 3
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 3
frame-ancestors none; 3
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 3
frame-ancestors 'self' piwik.betaalvereniging.nl; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 3
script-src 'self'; object-src 'self' 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2
allow 'self' 'self' https://lastpass.com wss://*.lastpass.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com ; img-src 'self' https://lastpass.com data: https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com https://a.company-target.com/ https://www07.clicktale.net/; object-src 'self' http://*.googlevideo.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; frame-src 'self' https://ssl.gstatic.com https://www.google.com https://www.youtube.com https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com; options inline-script eval-script; worker-src https://*.lastpass.com blob: 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2
default-src 'self' https: *.daimler.com *.slidesync.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.daimler.com *.slidesync.com *.usercentrics.eu js.api.here.com narando.com cdn.podigee.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.daimler.com *.slidesync.com js.api.here.com cdn.podigee.com player.podigee-cdn.net; img-src 'self' https: blob: data: *.daimler.com *.slidesync.com *.usercentrics.eu *.api.here.com player.podigee-cdn.net; frame-src *.daimler.com slidesync.com www.youtube-nocookie.com live.comsatmedia.com embed.gomexlive.com daimler.gomexlive.com my.matterport.com service.mercedes-benz-classic.com app.usercentrics.eu *.narando.com cdn.podigee.com player.podigee-cdn.net; font-src 'self' *.daimler.com assets.slidesync.com cdn.podigee.com player.podigee-cdn.net js.api.here.com fonts.gstatic.com; connect-src 'self' https: wss: blob: *.daimler.com *.slidesync.com *.podigee.com *.podigee.io player.podigee-cdn.net *.api.here.com *.hereapi.com; worker-src 'self' blob: 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'  2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 2
frame-ancestors 'self' https://documentation.sisense.com/; 2
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 2
frame-ancestors https://www.squarespace.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.stripe.com *.braintreegateway.com *.braintree-api.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net www.google.com  *.podium.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.stripe.com *.braintreegateway.com *.chase.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com optimize.google.com maps.googleapis.com  *.podium.com static.cloudflareinsights.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.fbsbx.com *.gravatar.com i0.wp.com i1.wp.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com www.gstatic.com maps.gstatic.com *.doubleclick.net *.googletagmanager.com; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com optimize.google.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com *.chase.com www.facebook.com optimize.google.com connect.facebook.net www.google.com *.kaptcha.com; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com *.ariba.com 2
frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 2
default-src 'self' ; style-src 'self' ; script-src 'self' ; img-src 'self' ; font-src 'self' data: ; media-src 'self' https://download.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de https://lxelma5c.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report; frame-ancestors https://glitch.com https://glitch.development 2
default-src 'self' *.bmas.de www.etracker.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.twitter.com *.twimg.com *.google-analytics.com *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org static.etracker.com code.etracker.com www.etracker.de https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/tables.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/landmarks.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/images.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lists.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lang.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/focus.js *.highcharts.com; object-src 'self'; font-src 'self' data: *.podigee.com; media-src 'self' blob: *.youtube.com *.bmas.de; child-src *.google.com *.gstatic.com *.youtube.com *.pixelpark.com *.twitter.com *.twimg.com *.podigee.com *.bmbf.de cdn.jwplayer.com vimeo.com *.video-stream-hosting.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.twitter.com *.twimg.com  *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; frame-ancestors 'self' *.facebook.com 2
default-src 'self'; img-src 'self' data: ; 2
default-src 'self' https://*.tv1.eu http://*.tv1.eu 2
frame-src atlas.geomer-maps.de app.powerbi.com *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de *.youtube.com 2
report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 2
default-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com cdn.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com; connect-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.newrelic.com *.nr-data.net *.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com ; img-src 'self' data: *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' *.navexglobal.com *.policytech.com *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com *.typekit.net; font-src 'self' fonts.gstatic.com ajax.googleapis.com *.typekit.net; frame-ancestors 'self' *.pendo.io *.ethicspointvp.com; 2
frame-ancestors * 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 2
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 2
base-uri 'self'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;block-all-mixed-content;object-src 'none';frame-src *.photonengine.com *.google.com youtube.com www.youtube.com player.vimeo.com;frame-ancestors 'none'; 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/ cdn.evgnet.com cdn.getsmartcontent.com s.getsmartcontent.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com www.youtube.com view.ceros.com fast.wistia.com; img-src 'self' data: ssl.gstatic.com/ embed.wistia.com fast.wistia.com fast.wistia.net embed-fastly.wistia.com/ secure.adnxs.com ib.adnxs.com/ www.google.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com pixel.mathtag.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com embedwistia-a.akamaihd.net *.amazonaws.com cx.atdmt.com www.linkedin.com/ *.fls.doubleclick.net; frame-src 'self' m.addthis.com s7.addthis.com *.youtube.com *.vimeo.com script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com cdn.getsmartcontent.com *.bound360.com tagmanager.google.com www.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net pi.pardot.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz *.fls.doubleclick.net; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embed-fastly.wistia.com embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian guardianlife.us-1.evergage.com bat.bing.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz; font-src 'self' data: fonts.gstatic.com; media-src 'self' blob: embedwistia-a.akamaihd.net www.podbean.com fast.wistia.net 2
default-src 'self' https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com  https://translate.google.com https://cdn.syndication.twimg.com/ https://docs.google.com https://www.jobapscloud.com https://api.uptimerobot.com https://bam.nr-data.net https://*.curator.io https://kit.fontawesome.com https://ka-p.fontawesome.com browser-update.org browser-update.org https://*.reflector.workers.dev https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://unpkg.com https://tampagov.us12.list-manage.com https://*.cot.workers.dev https://extreme-ip-lookup.com https://app.meltwater.com https://api.municode.com https://*.ads.cot; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kit.fontawesome.com https://*.windows.net https://cdn.curator.io https://maps.floridadisaster.org https://*.windows.net https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net  https://translate.google.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.surveymonkey.com https://polyfill.io browser-update.org https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://unpkg.com https://tampagov.us12.list-manage.com; style-src 'unsafe-inline' *; img-src 'self' data: https: https://*.google-analytics.com http://www.tampa.gov http://www.tampagov.net; media-src 'self' https://video.twimg.com https://www.youtube.com; frame-src 'self' https://*.tampa.gov https://*.tampagov.net https://www.youtube.com https://www.youtube-nocookie.com https://*.google.com https://spark.adobe.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://*.vimeo.com/ https://app.powerbigov.us https://web.microsoftstream.com https://visualping.io; font-src 'self' data: https: ; report-uri /report-csp-violation 2
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg blob: www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io; report-uri /csp-report; script-src blob: www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv https://cdn01.spd.de ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de https://socialwall.spd.de https://cdn01.spd.de http://*.spd.de https://*.openstreetmap.de ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net https://sipg.micropayment.de ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de ; connect-src 'self' https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de ; 2
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus foerderrechner.bosch-thermotechnology.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
frame-ancestors https://*.dondominio.com/ https://*.mrdomain.com; 2
frame-src 'self' blob: *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net; font-src 'self' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com; style-src 'unsafe-inline' 'self' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
default-src 'self' https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com *.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net https://*.go-mpulse.net https://origin-www.appliedmaterials.com 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.kr www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  http://*.prod.acquia-sites.com https://*.prod.acquia-sites.com  http://*.appliedmaterials.com https://*.appliedmaterials.com data:; frame-src 'self' www.google.com www.youtube.com www.recaptcha.net; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com data:; connect-src 'self' www.google-analytics.com *.nr-data.net stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self' eon.de *.eon.de 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://wordpress-54524-1231354.cloudwaysapps.com; 2
default-src 'self'; connect-src 'self' www.google-analytics.com https://www.google-analytics.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.pbwstatic.com www.google-analytics.com https://www.google-analytics.com https://optimize.google.com optimize.google.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 2
default-src matomo.iserv.eu 'self'; script-src matomo.iserv.eu 'self'; style-src 'self'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu; font-src 'self' data:; 2
frame-ancestors 'none'; 2
frame-ancestors 'self' intertops.eu www.intertops.eu sblp.intertops.eu sports.intertops.eu poker.intertops.eu casino.intertops.eu classic.intertops.eu lobby.intertops.eu:2072 account.intertops.eu client.horizonpokernetwork.eu 2
default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com 2
default-src 'none'; child-src 'self' ez.no static.addtoany.com www.youtube.com; connect-src 'self' www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com static.addtoany.com cdnjs.cloudflare.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' static.addtoany.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' blob: data: static.addtoany.com www.google-analytics.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; form-action 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 2
default-src 'self' *.yandex.ru *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: blob: data:; style-src 'self' *.buderus.com buderus.com 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net  buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net 2
frame-scr 'self' 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com s15923.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co s15923.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.gstatic.com *.newrelic.com; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.twitter.com *.twimg.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com twemoji.maxcdn.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net; 2
default-src https: 'unsafe-eval' 'unsafe-inline';child-src * blob:; object-src 'none';img-src * blob: data:  ws: wss: gap:;frame-ancestors 'self';connect-src * data: blob: 'unsafe-inline'; worker-src data: blob: 'unsafe-inline';font-src 'self' data: *;script-src * 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jquery.com *.mouseflow.com *.surveymonkey.com *.google.com *.gstatic.com *.icancharity.org.uk *.vimeo.com *.youtube.com chimpstatic.com *.mailchimp.com *.list-manage.com; default-src 'self' data:; worker-src ; style-src 'self' 'unsafe-inline' *.mailchimp.com *.googleapis.com *.icancharity.org.uk; connect-src 'self' *.google-analytics.com *.doubleclick.net *.icancharity.org.uk *.articulate.com *.mouseflow.com *.vimeo.com vimeo.com; font-src 'self' *.gstatic.com *.icancharity.org.uk data:; img-src 'self' 'unsafe-inline' data: *.gravatar.com *.ssl.com https://1yy9wa31b3t44cjxmd1hvxqb-wpengine.netdna-ssl.com *.gstatic.com *.googleapis.com *.icancharity.org.uk *.surveymonkey.com *.smassets.net *.ytimg.com *.vimeocdn.com mcusercontent.com; frame-src 'self' *.google.com *.vimeo.com *.icancharity.org.uk *.youtube.com *.office.com *.surveymonkey.com; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ;  2
frame-ancestors 'self' *.force.com *.salesforce.com; 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ cdn.knightlab.com *.blogspot.com secure.givelively.org; 2
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.ytimg.com/ https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org 2
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 2
default-src 'self'; block-all-mixed-content; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net; font-src 'self' self data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src *; img-src 'self' self data: 'unsafe-inline' 'unsafe-eval' https://pbs.twimg.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri /nelmio/csp/report 2
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com az551914.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com; img-src data: 'self' www.burkert.com www.google-analytics.com event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com fast.fonts.net *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com; font-src 'self' www.burkert.com *.buerkert.de fast.fonts.net data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com; frame-src 'self' *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.olark.com *.issuu.com; worker-src 'self' blob: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; frame-src 'self' webcampub.multivista.com https:; frame-ancestors 'self' data: blob:; 2
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 2
allow 'self'; script-src 'self'; img-src *; media-src *; object-src 'none'; frame-src 'none'; xhr-src 'none'; 2
default-src * 2
default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 2
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 2
frame-ancestors 'self' https://*.felgenoutlet.de 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 2
frame-ancestors 'self' https://weltladen-fachtage.expo-ip.com http://weltladen-fachtage.expo-ip.com https://weltladen-fachtageadmin.expo-ip.com ; 2
frame-ancestors 'self' https://*.etracker.com 2
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: http://www.cockovnik.cz http://www.vasecocky.cz http://www.lentiamo.cz; frame-ancestors 'self' 2
frame-ancestors 'self'; 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/  https://service.bzga.de/ 2
frame-ancestors https://*.rs.no 2
object-src 'self' 2
frame-ancestors 'self' http://remit.gkpge.pl http://www.remit.gkpge.pl https://remit.gkpge.pl https://www.remit.gkpge.pl 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2
allow 'self'; frame-ancestors 'none' 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ 2
frame-ancestors scvr.co *.scvr.co 2
frame-ancestors 'self' https://mycourses.w3schools.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalance.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancecareers.com 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com *.servenobid.com sdk.streamrail.com api.vidiom.net *.streamrail.net *.spotxchange.com *.advertising.com *.yieldoptimizer.com *.doubleclick.net *.buysellads.net *.1rx.io *.rtb-seller.com catchjs.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com *.hwcdn.net *.acuityplatform.com; font-src data: fonts.gstatic.com steemitdev.com steemit.com steemitwallet.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancesmb.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://www.google-analytics.com/; font-src 'self' https://fonts.gstatic.com/; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://www.google-analytics.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1
frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1
policy-uri /parivahan//'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de blob: data:; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors rki-editor.preview.gsb.intranet.bund.de piwik.itzbund.de *.facebook.com 1
default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: blob:; font-src https: data:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 1
allow 'self' http://*.googlesyndication.com https://*.googlesyndication.com; options inline-script eval-script; img-src *; script-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com http://*.googlesyndication.com http://*.doubleclick.net https://*.simplemachines.org https://*.simplemachinesweb.com https://*.googlesyndication.com https://*.doubleclick.net; style-src 'self' http://*.simplemachines.org http://*.simplemachinesweb.com https://*.simplemachines.org https://*.simplemachinesweb.com; frame-ancestors none; 1
frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfamily.com 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net chatbot.it.bund.de ;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de chatbot.it.bund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de chatbot.it.bund.de ; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ chatbot.it.bund.de data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com  *.destatis.de piwik.itzbund.de chatbot.it.bund.de ; frame-ancestors 'self'; 1
frame-ancestors 'self' *.griffith.edu.au 1
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 1
default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1
allow-scripts allow-popups allow-same-origin; 1
frame-ancestors 'self' *.iza.org; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
default-src 'self'; object-src 'none'; block-all-mixed-content; script-src 'self' 'nonce-159ed306-67b0-43c4-a1ff-04740db6ff11' https://*.groww.in/ wss://*.groww.in/ https://*.freshchat.com/ https://*.webengage.com/ http://cdn.widgets.webengage.com/ https://connect.facebook.net/ https://*.razorpay.com/ https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://storage.googleapis.com/ https://www.googletagmanager.com/ https://tagmanager.google.com https://www.google-analytics.com/ https://ssl.google-analytics.com https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.google.com/ https://www.google.co.in/ https://fonts.googleapis.com/; img-src 'self' data: blob: https://groww.in/ https://*.groww.in/ https://img.youtube.com/ https://s3.amazonaws.com/cdn.freshdesk.com/ https://viewlogo.s3.amazonaws.com/ https://wchat.freshchat.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.googleusercontent.com/ https://www.google.com/ https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect https://www.google.co.in/ads/ga-audiences; style-src 'self' https://*.groww.in/ 'unsafe-inline' https://accounts.google.com https://wchat.freshchat.com/; font-src 'self' https://*.groww.in/ data:; connect-src 'self' data: https://*.groww.in/ wss://*.groww.in/ https://*.webengage.com/ https://*.bugsnag.com/ https://*.razorpay.com/ https://*.delighted.com/ https://accounts.google.com https://www.google-analytics.com/ https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://*.googleapis.com/; frame-src 'self' https://*.webengage.co https://*.google.com/ https://www.youtube.com/ https://www.facebook.com https://*.groww.in/ wss://*.groww.in/ https://wchat.freshchat.com/ https://growwapi.firebaseapp.com/; media-src https://*.groww.in/ blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: *.holland.com *.mailplus.nl wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: cdn.blueconic.net *.holland.com maps.googleapis.com www.googletagmanager.com *.google-analytics.com *.crowdriff.com; img-src 'self' data: blob: *.holland.com *.google-analytics.com www.googletagmanager.com img.youtube.com *.doubleclick.net *.facebook.com *.blueconic.com script.hotjar.com *.blueconic.net *.google.com *.google.nl *.vimeocdn.com *.cloudfront.net; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
default-src 'self' fast.wistia.net noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de data: blob: ; frame-ancestors 'self'  1
frame-ancestors 'self' *.yatra.com 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com googletagmanager.com cdn.ravenjs.com ssl.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com js.stripe.com 'nonce-LJugJfrg8FIQipkJl1hNPLyWk0Q7sB49lDT2T1KlNYByxmyh'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'none'; style-src 'self' use.typekit.net p.typekit.net cdn.embedly.com cdn.integromat.com fonts.googleapis.com 'unsafe-inline' cdn.integromat.com www.integromat.com static.integromat.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: use.typekit.net script.hotjar.com cdn.embedly.com fonts.gstatic.com cdn.integromat.com fonts.gstatic.com; img-src 'self' data: *.integromat.com secure.gravatar.com usage.trackjs.com stats.g.doubleclick.net www.google-analytics.com img.youtube.com www.youtube.com www.facebook.com t.co script.hotjar.com twitter.com self cdn.integromat.com static.integromat.com www.google.com api.producthunt.com; connect-src 'self' *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com *.mixpanel.com www.google-analytics.com stats.g.doubleclick.net api-cdn.embed.ly api.segment.io *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src 'self' www.facebook.com www.youtube.com vars.hotjar.com cdn.embedly.com frame.hotjar.com vars.hotjar.com; script-src 'self' www.google-analytics.com connect.facebook.net static.ads-twitter.com analytics.twitter.com static.hotjar.com script.hotjar.com cdn.mxpnl.com cdn.embedly.com cdn.segment.com cdn.integromat.com cdn.integromat.com static.integromat.com code.jquery.com static.hotjar.com script.hotjar.com www.googletagmanager.com 'unsafe-inline'; object-src 'self'; media-src 'self' cdn.integromat.com; manifest-src 'self' cdn.integromat.com; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors https://*.mybigcommerce.com 1
frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.learnreligions.com 1
frame-ancestors *.stc.com.sa; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' wss://*.mypurecloud.de/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://*.cloudfront.net/ https://api.mypurecloud.com/ https://*.mypurecloud.com/ https://apps.mypurecloud.com/ https://fonts.googleapis.com/ https://storage.googleapis.com/ https://www.gstatic.com/ https://dc.services.visualstudio.com/ https://gensweb.moj.gov.sa/ https://www.google.com/ https://apps.mypurecloud.com/ https://cobrowse.mypurecloud.de/ https://najizcdn.moj.gov.sa/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://taqadhi.moj.gov.sa/ https://qaim.moj.gov.sa:5555/ https://qaim.moj.gov.sa/  data:; object-src 'self'; frame-ancestors 'none'; sandbox allow-downloads allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox; base-uri 'self'; style-src 'self' 'unsafe-inline' https://*.cloudfront.net/ https://api.mypurecloud.com/ https://*.mypurecloud.com/ https://apps.mypurecloud.com/ https://fonts.googleapis.com/ https://najizcdn.moj.gov.sa/ https://cdnjs.cloudflare.com/; font-src 'self' https://*.cloudfront.net/ https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://najizcdn.moj.gov.sa/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://*.mypurecloud.de/ https://api.mypurecloud.com/ https://*.mypurecloud.com/ https://apps.mypurecloud.com/ data:; 1
frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn  'self'; 1
script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com https://virtualtour.csbsju.edu 1
default-src 'self' *.googleapis.com cdnjs.cloudflare.com danord.gdi-sh.de *.schleswig-holstein.de *.materna.de *.openstreetmap.org cdn.podigee.com *.bootstrapcdn.com; base-uri 'self'; style-src 'self' 'unsafe-inline' cdn.podigee.com *.openlayers.org openlayers.org *.openstreetmap.org cdnjs.cloudflare.com danord.gdi-sh.de *.schleswig-holstein.de *.materna.de *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.podigee.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org danord.gdi-sh.de cdnjs.cloudflare.com *.schleswig-holstein.de *.materna.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com; frame-src *.schleswig-holstein.de cdn.podigee.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.readspeaker.com danord.gdi-sh.de *.openstreetmap.fr; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.openlayers.org openlayers.org *.openstreetmap.org danord.gdi-sh.de sg.geodatenzentrum.de *.die-netzwerkstatt.de *.termine-regional.de *.schleswig-holstein.de *.schleswig-holstein.de preview-shportal-dev-gsbos.materna.de *.cdninstagram.com *.fbcdn.net *.bootstrapcdn.com *.fastly.net *.landsh.de; worker-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1
;frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
connect-src 'self' *.mux.com; default-src 'self' *.googleapis.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org siteimproveanalytics.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.mux.com;; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.saarland.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.openlayers.org openlayers.org *.openstreetmap.org *.siteimproveanalytics.io; worker-src 'self' blob:; frame-ancestors 'self'; 1
img-src *; 1
frame-ancestors 'self' https://scstatehouse.sharepoint.com https://scstatehouse.gov http://scstatehouse.gov https://*.scstatehouse.gov http://*.scstatehouse.gov https://*.schouse.gov http://*.schouse.gov https://*.scsenate.gov http://*.scsenate.gov; 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
frame-ancestors https://www.marni.com/ https://www.marni.com/ https://www.optimizely.com test; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://*.amazonpay.com https://apac.account.amazon.com https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; default-src 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalanceeveryday.com 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net stats.g.doubleclick.net *.stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net *.hotjar.com ad.doubleclick.net; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' 'unsafe-inline' *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com *.hotjar.com; connect-src 'self' *.onetrust.com wss://*.hotjar.com/api/v2/client/ws analytics.google.com www.google.gr optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org *.hotjar.com *.hotjar.io; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 1
default-src 'self' portal.dimdi.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org https://360.articulate.com https://articulateusercontent.com https://sj-cdn.net 1
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.pinterest.com *.research.appinio.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net ; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dap.digitalgov.gov *.google-analytics.com *.typekit.net *.mycreditunion.gov *.silvercloudinc.com *.mpeasylink.com *.googletagmanager.com; img-src 'self' data: *.mycreditunion.gov *.google-analytics.com *.typekit.net *.amazonaws.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self' s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.silvercloudinc.com; connect-src 'self' performance.typekit.net *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.mpeasylink.com 1
self *.24hourfitness.com 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat2.nic.cz https://test-ipv6.nic.cz https://*.test-ipv6.nic.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.test-ipv6.nic.cz https://*.labs.nic.cz https://widget.nic.cz https://ipv4-widget.nic.cz https://ipv6-widget.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://dns53.check.odvr.cz https://dot.check.odvr.cz https://doh.check.odvr.cz https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://csp.nic.cz/report/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com; frame-ancestors 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
frame-ancestors 'self' hhs.gov *.hhs.gov 1
default-src 'self'; connect-src 'self' https://*.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.browsealoud.com https://speech.speechstream.net blob: https://en.wikipedia.org https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; script-src 'self' https://*.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.browsealoud.com https://*.speechstream.net 'sha256-XwQT/PsFMy+rKSB4vlW93i5lrzIRaGmPC3M2D0C3ZKU=' https://apis.google.com https://*.intercom.io https://js.intercomcdn.com https://analytics.twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ 'sha256-xa51hFBsKVs5oNbE781o57zeanVYlR2Fas1LOYkxyug=' 'sha256-rawHpf1P2aNdh6tn+KPlMS54GDrP3VvLCRholyMzSxc=' 'sha256-8OAeITVpiXw+5549h526FKKyW1v5kKdfVcAuo9vm4PQ=' 'sha256-55mJfG7qeFbg5MYhKlFtEnt7dchMg5Zgw7787nun6jA=' 'sha256-6g6g/1St1GbEzTIpeDRD6HvZRUEdLCpIl18bLpP3BfQ=' 'sha256-ottfgREKtTpHEjgV3bOLHqyKsVfvHWiSA1VgxvzPLL8=' 'sha256-S0uRMRh2Bj6im1RVrQB0CPlaDfiEha66qA4u5FXxjFw=' 'sha256-ilORk9YiiP++OHMTPBVAueJQM0Mg35oRj+yq3CJSbF0=' 'sha256-LJWTHYRBGrzLiL7qbzcWsQKGIg69yZOKI9XAono8pKI=' 'sha256-S2Vkh+7++wRSyicSBMtPbcyaxwXZbOZICxUJzh81hKM=' 'sha256-5tjEBAZDuThDj/m5zA/+fRYSXoxfEOF7gkJ985V2u6g=' 'nonce-162768799919100' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic.dev.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com; img-src * data: https://optimize.google.com https://script.hotjar.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic.dev.texthelp.com https://www.facebook.com; frame-src https://www.youtube.com https://mautic.dev.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
frame-ancestors 'self' *.vergic.com 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bpl.bibliocms.com *.bpl.bibliocms.com https://www.bpl.org www.bpl.org *.www.bpl.org; 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com 1
default-src *.pamyat-naroda.ru https://stat.pamyat-naroda.ru https://release.pamyat-naroda.ru https://fonts.googleapis.com https://fonts.gstatic.com; img-src *; script-src *.google.com https://mc.yandex.ru https://*.gstatic.com https://*.googleapis.com mc.yandex.ru *.google-analytics.com https://google.com/jsapi https://geocode-maps.yandex.ru https://api-maps.yandex.ru https://cdnjs.cloudflare.com 'self'; options eval-script inline-script; 1
script-src 'nonce-e46c762569db43318d217298c25740cd' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
script-src http://*.tbmm.gov.tr https://*.google.com https://*.google.com.tr https://www.googletagmanager.com https://*.tbmm.gov.tr https://*.googleapis.com https://*.google-analytics.com https://*.schema.org http://www.w3.org 'unsafe-inline' 'unsafe-eval'; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src  'self';font-src  'self' fonts.gstatic.com;connect-src  'self' *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net;script-src  'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com;form-action  'self';frame-src  'self' www.youtube.com www.facebook.com;child-src  'self' www.youtube.com www.facebook.com;frame-ancestors  'self';img-src  'self' data: blob: www.googletagmanager.com www.google-analytics.com *.doubleclick.net;style-src  'self' 'unsafe-inline' fonts.googleapis.com;object-src  'self' 1
default-src 'self'; connect-src 'self' www.google-analytics.com https://www.google-analytics.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' *.pbwstatic.com www.google-analytics.com https://www.google-analytics.com data: https://cookie-cdn.cookiepro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com https://www.googletagmanager.com https://cookie-cdn.cookiepro.com https://code.jquery.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai data.reactandshare.com; media-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai cdn.reactandshare.com data.reactandshare.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai networkmigri.boost.ai prh.boost.ai data.reactandshare.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
default-src 'self' *.swp-berlin.org; 1
default-src 'self' http: https: pages.addigy.com go.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: pages.addigy.com;img-src 'self' data: https://app-dev.addigy.com https://app-prod.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com  http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 wss://wallex.ir:8443 wss://www.wallex.ir:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.com https://*.heatmap.it https://coincap.io wss://ws.wallex.market wss://ws.coincap.io https://*.purechatcdn.com https://*.alexa.com https://cdn.polyfill.io https://www.gstatic.com https://*.crisp.chat wss://*.crisp.chat wss://stream.binance.com:9443 wss://wsc.wallex.ir wss://wsc.wallex.ir:8443 wss://ws.wallex.ir https://*.wallex.ir https://wallex.market https://*.yektanet.com https://*.hotjar.com wss://*.hotjar.com; 1
default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1
default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://api.openhive.network https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com https://hivebuzz.me https://peakd.com https://api.deathwing.me https://api.ha.deathwing.me; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com cdn.embedly.com; frame-ancestors 'none'; frame-src 'self' https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com; report-uri /api/v1/csp_violation 1
upgrade-insecure-requests;,frame-ancestors 'self' https://*.optimizely.com https://optimizely.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://sp.analytics.yahoo.com https://api.midtrans.com https://stats.g.doubleclick.net https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://websdk.appsflyer.com https://maps.googleapis.com blob: https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://cdnjs.cloudflare.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.google.co.in https://*.google.co.* https://maps.gstatic.com https://maps.googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com http://www.linkdokter.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com; connect-src 'self' https://pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://sentry.io https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com http://gcp.stage.halodoc.com http://gcp.prod.halodoc.com https://web.prod.halodoc.com http://localhost:14000 https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event; font-src 'self' https://fonts.gstatic.com data:; object-src 'self' https://*.cloudfront.net http://*.cloudfront.net; frame-src * 1
allow 'self'; options inline-script; img-src 'self' data: 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com chicago.bibliocms.com *.chicago.bibliocms.com https://chicago.bibliocms.com chicago.bibliocms.com *.chicago.bibliocms.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io; frame-src 'self' *.youtube.com *.addtoany.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io siteintercept.qualtrics.com bam.nr-data.net c.go-mpulse.net; report-uri /report-csp-violation 1
frame-src *.nio.com *.nio.cn *.meetanyway.com *.internal.nio.io *.us-west-2.elb.amazonaws.com *.vimeo.com *.polyv.com static.addtoany.com www.youtube.com *.google.com; frame-ancestors *.nio.com *.nio.cn *.internal.nio.io *.nioint.com *.meetanyway.com static.addtoany.com www.youtube.com *.google.com; child-src *.nio.com *.nio.cn *.meetanyway.com *.internal.nio.io *.us-west-2.elb.amazonaws.com *.vimeo.com *.polyv.com static.addtoany.com www.youtube.com *.google.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; default-src * data:; script-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com data: 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com; style-src 'self' data: 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com; img-src * 'self' data:; font-src 'self' data: https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com; frame-src 'self' https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.zionsbank.com https://*.zionsbank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.zionsbank.com https://*.zionsbank.com https://*.zionsbank.com https://*.cludo.com  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://googleads.g.doubleclick.net https://*.pages05.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.zionsbank.com https://*.zionsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self'; frame-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com https://*.online-metrix.net; frame-ancestors 'self' https://banking.zionsbank.com https://*.sndcdn.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content 1
child-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.optimizely.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://bns-iqa.us.auth0.com https://bns-sqa.us.auth0.com https://bns-sq2.us.auth0.com https://cdn.contentstack.io https://financial-company.us.auth0.com https://graphql.contentstack.com https://heapanalytics.com https://iqa1-bns.us.auth0.com https://iqa1-san.us.auth0.com https://maps.googleapis.com https://san-iqa.us.auth0.com https://san-sqa.us.auth0.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net https://sqa1-bns.us.auth0.com https://sqa1-san.us.auth0.com https://sqa2-bns.us.auth0.com https://www.snapengage.com wss://*.hotjar.com https://*.cambridgesavings.com; default-src 'self' https://*.sigfig.com https://*.cambridgesavings.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://bns-iqa.us.auth0.com https://bns-sqa.us.auth0.com https://bns-sq2.us.auth0.com https://financial-company.us.auth0.com https://go.oncehub.com https://iqa1-bns.us.auth0.com https://iqa1-san.us.auth0.com https://san-iqa.us.auth0.com https://san-sqa.us.auth0.com https://secure.scheduleonce.com https://sigfig.demdex.net https://sqa1-bns.us.auth0.com https://sqa1-san.us.auth0.com https://sqa2-bns.us.auth0.com https://www.snapengage.com https://*.cambridgesavings.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com https://*.cambridgesavings.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com https://images.contentstack.io https://*.cambridgesavings.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com https://*.cambridgesavings.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com https://*.cambridgesavings.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com https://*.cambridgesavings.com; 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
: default-src * 1
frame-ancestors 'self' piwik.currence.nl; 1
frame-ancestors http://*.yahoosmallbusiness.com 1
connect-src 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.usercentrics.eu data: *.motel-one.com *.usercentrics.eu; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com *.usercentrics.eu; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com; 1
default-src 'self'; media-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com res.cloudinary.com; frame-ancestors 'self' *.flysas.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.dynamicyield.eu *.dynamicyield.com res.cloudinary.com *.richrelevance.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.pingdom.net *.facebook.com connect.facebook.net *.twitter.com *.google.com *.jobylon.com *.abtasty.com *.veinteractive.com www.nordicchoicehotels.com *.flysas.com extads.net m.addthisedge.com m.addthis.com s7.addthis.com assets.juicer.io *.cloudfront.net track.adform.net *.fls.doubleclick.net nowinteract-nowinteractnordi.netdna-ssl.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io ve1storasstst.blob.core.windows.net *.zdassets.com cdnjs.cloudflare.com www.sj.se adtr.io *.hotjar.com 'unsafe-eval' quiz.millionmind.com snap.licdn.com px.ads.linkedin.com www.linkedin.com *.wisepops.com chimpstatic.com *.millionmind.com *.ebilobster.ai js.klarna.com *.upscope.io *.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org www.googleoptimize.com www.googleadservices.com; connect-src 'self' wss://*.coop.se:* wss://*.kf.local:*  api.ebilobster.ai wss://api.ebilobster.ai *.dynamicyield.eu *.dynamicyield.com emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.veinteractive.com *.abtasty.com ve1appseventssb.servicebus.windows.net apil1.spinnaker-js.com m.addthis.com s7.addthis.com www.juicer.io assets.juicer.io *.108proxy.se *.54proxy.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.facebook.com connect.facebook.net *.zdassets.com cdnjs.cloudflare.com *.richrelevance.com *.hotjar.com:* wss://*.hotjar.com track.adtraction.com popup.wisepops.com tracking.wisepops.com vc.hotjar.io eu.klarnaevt.com stats.g.doubleclick.net www.nordicchoicehotels.com dc.services.visualstudio.com *.upscope.io wss://*.upscope.io *.api.coop.se *.unboxai.org *.betala.coop.se *.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org www.google.com www.google.se googleads.g.doubleclick.net api.production.coop.onlobster.net; style-src 'self' 'unsafe-inline' *.dynamicyield.eu *.dynamicyield.com emp.jobylon.com cdn.jobylon.com *.jobylon.com *.abtasty.com *.pingdom.net *.veinteractive.com assets.juicer.io tagmanager.google.com fonts.googleapis.com optimize.google.com *.easyresearch.se *.zendesk.com *.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.ebilobster.ai consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org; img-src 'self' data: aicomms-themes.s3-eu-west-1.amazonaws.com  s3.eu-west-2.amazonaws.com aicomms-themes.s3.eu-west-1.amazonaws.com *.dynamicyield.eu *.dynamicyield.com *.jobylon.com *.pingdom.net *.zendesk.com *.abtasty.com *.gstatic.com api.hitta.se scontent.cdninstagram.com www.google.com www.google.se *.google-analytics.com *.googletagmanager.com tagmanager.google.com res.cloudinary.com *.cloudfront.net *.facebook.com stats.g.doubleclick.net track.adform.net *.fls.doubleclick.net *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com cdnjs.cloudflare.com *.googleapis.com assets.juicer.io scontent.cdninstagram.com *.hotjar.com *.ggpht.com track.adtraction.com drs2.veinteractive.com app.wisepops.com cx.atdmt.com eu.klarnaevt.com *.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org googleads.g.doubleclick.net www.googleadservices.com 'self' blob: s3-eu-west-1.amazonaws.com; font-src 'self' data: *.dynamicyield.eu *.dynamicyield.com emp.jobylon.com cdn.jobylon.com *.jobylon.com static.juicer.io fonts.gstatic.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.zdassets.com *.hotjar.com consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org; frame-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.veinteractive.com accounts.google.com optimize.google.com *.flysas.com app.ecoonline.com www.nordicchoicehotels.com recruit.visma.com www.recruit.visma.com www.aditrorecruit.com *.twitter.com www.youtube.com *.facebook.com c1.adform.net s7.addthis.com track.adform.net *.fls.doubleclick.net *.easyresearch.se *.abtasty.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io www.google.com ve1storasstst.blob.core.windows.net *.veinteractive.com *.zdassets.com cdnjs.cloudflare.com www.sj.se *.hotjar.com *.tradedoubler.com quiz.millionmind.com *.millionmind.com payment.medmera.se api-test.betala.coop.se *.ebilobster.ai js.klarna.com foodlab2b.appspot.com *.upscope.io memberpayment.betala.coop.se consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org medmerabank.coop.se stage.medmera.se sustainability.production.coop.onlobster.net; base-uri 'self' *.coop.se *.kf.local optimize.google.com; 1
: default-src 'self' 1
default-src 'self'; img-src 'self'; style-src 'self'; 'unsafe-inline'; font-src 'self'; script-src 'self'; 'unsafe-inline';  connect-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/ https://sdk.companywebcast.com/ https://portal.dataviz.ecb.europa.eu/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
 default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' harri.com bam.harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com live.harri.com; 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
default-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com https://www.ims-cms.net; script-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com ; style-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.youtube-nocookie.com https://www.ims-cms.net ; upgrade-insecure-requests 1
script-src 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
allow *; 1
frame-ancestors https://*.milwaukeetool.eu 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de  www.juris.de 1
frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 1
default-src 'self'; frame-src 'self'  http: https:; script-src 'self'  sha384-o/50JGkexNN+nF8Dlr/69A07YiE2zEDlAJlHjG3VT9K1PylWnCTkXymBJBYDSWXm https://www.youtube.com https://s.ytimg.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com 'unsafe-inline'; font-src 'self'  data:; img-src 'self'  https: http: blob: data:; style-src 'self'  'unsafe-inline'; connect-src 'self'  https://www.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://feed-proxy.craftcms.com https://api.craftcms.com https://www.facebook.com; media-src 'self'  http: https:; object-src 'self' ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com *.adsrvr.org *.cdc.gov *.ads-twitter.com *.bamboohr.com *.cmgdigital.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jeffersoncms.org *.livestream.com *.marchex.io *.scribd.com *.serving-sys.com *.sharethis.com *.slideshare.net *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.wufoo.com *.youtube.com *.yudu.com gis.fema.gov http://kff.org http://oig.hhs.gov http://rocket.nwood-kensett.k12.ia.us http://www.ncbi.nlm.nih.gov https://badge.facebook.com https://block.opendns.com https://capwiz.com https://cdn.tinymce.com https://centro.pixel.ad https://clickserv.pixel.ad https://clickserv.sitescout.com https://connect.facebook.net https://cqrcengage.com https://data.healthcare.gov https://dpm.demedex.net https://feedburner.google.com https://fonts.googleapis.com https://fusiontables.googleusercontent.com https://googleads.g.doubleclick.net https://hootsuite.com https://insight.adsrvr.org https://js.adsrvr.org https://match.adsrvr.org https://pixel.sitescout.com https://platform.twitter.com https://player.vimeo.com https://servedbyadbutler.com https://static.addtoany.com https://stats.g.doubleclick.net https://storify.com https://syndication.twitter.com https://t.co https://tags.bluekai.com https://texmed.medbuzz.com https://tma.custhelp.com https://uip.semasio.net https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.paypalobjects.com https://www.youtube.com pixel-geo.prfct.co public.slidesharecdn.com tag.marinsm.com tagmanager.google.com www.cms.gov www.powr.io *.votervoice.net *.quantserve.com *.quantcount.com *.wakelet.com adbutler-fermion.com https://livestream.com https://vimeo.com wss: *.texmed.org *.nnihcm.org *.infogram.com *.poll-maker.com *.qualtrics.com *.hsforms.net *.hsforms.com https://ql.tc https://www.podbean.com https://open.spotify.com *.informz.net 1
default-src 'self'; frame-src 'self' https://w.soundcloud.com/ https://spark.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://spark.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; connect-src 'self' https://nextgen.kajomigenerator.de https://*.ekir.de  https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self';  style-src 'self' 'unsafe-inline' https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1
default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
frame-ancestors *.motorsport-magazin.com 1
img-src https://* data: blob:; script-src https://* 'unsafe-eval' 'unsafe-inline'; frame-src https://*; report-uri /stats/csp-reports 1
upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-p04ICvhv5V9PJfG9AnM4+4t8eCcdnUhEP7BSwEKl+Es=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com; connect-src 'self' *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1
default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://cdn.fhstp.ac.at https://sentry.fhstp.ac.at/ https://my2.siteimprove.com https://rest.visitlead.com https://stats.g.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://*.pagestrip.com https://pagestrip.com; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://my2.siteimprove.com/ https://www.podbean.com https://*.doubleclick.net; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://i1.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://app.visitlead.com https://www.filmspektakel.at https://*.pagestrip.com https://bat.bing.com; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com https://*.pagestrip.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://cdn.siteimprove.net/cms/overlay.js https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://js.pagestrip.com https://browser-update.org https://unpkg.com https://bat.bing.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://js.pagestrip.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dap.digitalgov.gov *.google-analytics.com *.googletagmanager.com *.typekit.net *.mycreditunion.gov *.silvercloudinc.com *.mpeasylink.com; img-src 'self' *.mycreditunion.gov data: *.google-analytics.com *.googletagmanager.com *.typekit.net *.amazonaws.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self' s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.silvercloudinc.com; connect-src 'self' performance.typekit.net *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.mpeasylink.com 1
default-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss:; frame-src 'self' https:; frame-ancestors 'self' https://vmecharttest1 https://vmecharttest2 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com data: blob:; 1
default-src 'self'; img-src 'self'; style-src 'self' #'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self' 1
default-src 'self'; script-src 'self'; img-src 'self' 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com beta-api.steemit.com beta-api-int.steemit.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io sun.tronex.io steemitwallet.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com staticfiles.steemit.com localhost:8080; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1
default-src 'self' *.relay42.com vars.hotjar.com cba.nmrc.nl 6162542.fls.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.ampproject.org static.cloud.coveo.com *.doubleclick.net *.r42tag.com *.centraalbeheer.nl www.google-analytics.com *.facebook.net *.usabilla.com www.googleadservices.com googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com *.google.com *.svtrd.com onmarc.nl tags.nmrc.nl snap.licdn.com *.linkedin.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net *.relay42.com  js.hsleadflows.net js.usemessages.com surfly.com js.monitor.azure.com *.klue.nl www.dwin1.com www.zenaps.com *.onmarc.nl centraalbeheer.speed-trap.nl maps.googleapis.com js.hs-banner.com player.quadia.net cdn.harvest.graindata.com achmeadpm.achmea.nl:9999;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com unpkg.com;img-src data: 'self' https://www.googletagmanager.com img.youtube.com i.ytimg.com *.svtrd.com www.google-analytics.com www.facebook.com *.doubleclick.net www.google.nl www.google.com adservice.google.nl d6tizftlrpuof.cloudfront.net centraalbeheer.speed-trap.nl *.usabilla.com *.svtrd.com n01d05.cumulus-cloud.com *.relay42.com bat.bing.com www.googleapis.com clients1.google.com track.hubspot.com cba.imgix.net *.onmarc.nl *.r42tag.com www.googletagmanager.com forms.hubspot.com optimize.google.com imp2.nowinteract.com www.awin1.com www.zenaps.com *.onmarc.nl server.arcgisonline.com *.centraalbeheer.nl www.independer.nl linkedin.com px.ads.linkedin.com maps.googleapis.com maps.gstatic.com adservice.google.com www.advieskeuze.nl;font-src 'self' fonts.gstatic.com script.hotjar.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.doubleclick.net *.facebook.net *.centraalbeheer.nl *.hubapi.com *.achmea.nl www.google-analytics.com bing.com t.svtrd.com dc.services.visualstudio.com surfly.com sentry.io api.hubspot.com forms.hubspot.com cba.imgix.net vc.hotjar.io api.usabilla.com geocode.arcgis.com formulier.centraalbeheer.nl atosi.nl maps.googleapis.com api.advieskeuze.nl api.hsforms.com calculations.figlo.com *.nxtid.nl harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com *.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com imp2.nowinteract.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com embeddedsts.dev.local *.achmea.nl;block-all-mixed-content;report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
default-src 'self' https://*.gstatic.com; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yastat.net https://*.yastat.net https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net https://*.doubleclick.net; font-src data: https://*.gstatic.com https://s0.2mdn.net https://yandex.ru https://*.yandex.ru https://yastatic.net https://*.yastatic.net https://yastat.net https://*.yastat.net 'self'; frame-src 'self' https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net http://webvisor.com https://www.googletagmanager.com http://www.googletagmanager.com; img-src 'self' https://*.stripocdn.email https://*.tns-counter.ru https://*.medkongress.ru http://*.medkongress.ru https://*.nesterovskie-chteniya.ru http://nesterovskie-chteniya.ru https://*.tns-counter.ru https://*.weborama.fr http://*.weborama.fr https://www.vidal.ru https://vidal.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com https://*.honcode.ch http://*.honcode.ch https://yastatic.net https://*.yastatic.net; media-src 'self' data: https://*.google.com https://*.google.ru https://*.yandex.net https://*.strm.yandex.ru https://strm.yandex.ru https://yandex.ru https://yandex.st https://yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://*.yandex.ru https://*.admetrica.ru https://www.googletagmanager.com; script-src 'self' https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://an.yandex.ru https://yandex.st https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com nonce-RAND 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net https://code.createjs.com https://www.googletagmanager.com http://www.googletagmanager.com https://*.ampproject.org; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' nonce-RAND http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net 1
default-src 'none'; connect-src 'self' *.crowdriff.com *.ubiquity.co.nz *.windows.net *.doubleclick.net *.google-analytics.com *.hotjar.com *.monsido.com; frame-src 'self' staticcdn.co.nz *.dwcdn.net *.infogram.com radian.mintdesign.co.nz radianstaging.mintdemo.co.nz configurator.wcec.co.nz *.metservice.com *.vimeo.com *.youtube.com *.doubleclick.net *.hotjar.com *.google.com *.crowdriff.com *.monsido.com; frame-ancestors 'self'; font-src 'self' *.gstatic.com; img-src 'self' data: blob: staticcdn.co.nz shielded.co.nz *.cloudfront.net *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.nz *.monsido.com; media-src 'self' crowdriff-video-upload.s3.amazonaws.com; manifest-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' staticcdn.co.nz *.youtube.com *.vimeo.com code.highcharts.com browser-update.org *.crowdriff.com *.jquery.com *.gstatic.com *.googleadservices.com *.google.com *.googleapis.com *.googletagmanager.com *.monsido.com *.hotjar.com *.google-analytics.com *.facebook.net *.ubiquity.co.nz; style-src 'self' 'unsafe-inline' *.crowdriff.com *.googleapis.com *.google.com; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://p.adsymptotic.com https://px.ads.linkedin.com https://bat.bing.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' data: 'unsafe-inline' http://*.amegybank.com https://*.amegybank.com https://rise.articulate.com https://*.online-metrix.net https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.amegybank.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1
default-src 'self' *.openbank.es;   script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com *.openbank.com.ar     https://maps.googleapis.com simuladores-pre.afi.es simuladores.afi.es     *.nr-data.net https://browseranalytic.com https://www.google.com     *.gstatic.com https://tags.tiqcdn.com *.google-analytics.com *.tealiumiq.com     https://tealium.hs.llnwd.net https://*.g.doubleclick.net  *.amazonaws.com     *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net     *.ytimg.com     https://cdnjs.cloudflare.com static.criteo.net sslwidget.criteo.com     *.googletagmanager.com *.we-stats.com static.browseranalytic.com     optimize.google.com bat.bing.com blob: openbanksimuladores-pre.afi.es     openbanksimuladores.afi.es;   style-src 'self' 'unsafe-inline' optimize.google.com     https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com.ar     https://maxcdn.bootstrapcdn.com;   img-src 'self' *.idealista.com px.ads.linkedin.com     www.financeads.net data: 'unsafe-inline' *.amazonaws.com     *.googletagmanager.com https://maps.googleapis.com *.gstatic.com     data: *.google-analytics.com *.doubleclick.net *.openbank.es     *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com.ar *.google.com *.google.es     *.google.ie *.facebook.com     https://aax-eu.amazon-adsystem.com bat.bing.com     tr.outbrain.com www.linkedin.com s-central1-madrid-investing.cloudfunctions.net     tbl.tradedoubler.com dmpue.el-mundo.net action.metaffiliation.com;   media-src 'self' 'unsafe-inline' *.amazonaws.com *.openbank.es *.youtube.com;   frame-src 'self' optimize.google.com https://www.google.com *.gstatic.com     *.youtube.com simuladores-pre.afi.es simuladores.afi.es     *.doubleclick.net  gum.criteo.com *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   child-src  https://www.google.com *.gstatic.com *.youtube.com     simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net     *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   font-src 'self' *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt     maxcdn.bootstrapcdn.com data: https://fonts.gstatic.com     *.openbankwealth.com maxcdn.bootstrapcdn.com;   connect-src 'self' www.google-analytics.com *.openbank.es *.nr-data.net     *.we-stats.com *.tealiumiq.com     op.browseranalytic.com lib-eu-1.brilliantcollector.com     wup-othellotest.eu.v2.customers.biocatch.com log-othellotest.eu.v2.customers.biocatch.com     *.ok-cloud.net adservice.google.com www.google.com *.openbank.com;   frame-ancestors 'self' *.openbank.de *.openbank.nl *.openbank.pt *.openbank.es *.openbank.com.ar     api.paycomet.com https://www.paytpv.com     https://openbank-mkt-dev1-1.campaign.adobe.com https://openbank-mkt-stage1-1.campaign.adobe.com https://openbank-mkt-prod1-1.campaign.adobe.com     https://openbank-mkt-dev1.campaign.adobe.com https://openbank-mkt-stage1.campaign.adobe.com https://openbank.campaign.adobe.com;   object-src 'self' *.openbank.es 1
default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.campoints.net https://*.visit-x.net http://*.visit-x.net *.google-analytics.com browser-update.org *.zopim.com https://*.getsentry.com https://*.disqus.com https://*.disquscdn.com https://*.bing.com https://*.googleadservices.com data: https://disqus.com https://*.wowza.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://static.zdassets.com https://trck.spoteffects.net; object-src 'self' *.vxcdn.org *.cpmessenger.io *.inethoster.org https://vjs.zencdn.net; style-src 'self' 'unsafe-inline' https://optimize.google.com fonts.googleapis.com https://*.disquscdn.com https://*.wowza.com https://*.google.com; img-src 'self' *.visit-x.net *.vxcdn.org *.cpmessenger.io *.inethoster.org *.campoints.net http://visitx.testunikat.com http://194.116.150.87/ https://*.maptilehoster.com *.google-analytics.com https://*.bing.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.google.ch https://*.google.at data: browser-update.org https://v2.zopim.com https://v2assets.zopim.io https://*.disquscdn.com https://*.disqus.com https://www.googletagmanager.com https://prod-railsapp.s3.amazonaws.com https://*.wowza.com https://*.gstatic.com https://trck.spoteffects.net; media-src 'self' *.vxcdn.org *.cpmessenger.io *.inethoster.org *.campoints.net stream.visit-x.tv blob: https://v2.zopim.com https://*.akamaihd.net https://bintu-h5live.nanocosmos.de; frame-src 'self' https://optimize.google.com https://*.visit-x.net http://*.visit-x.net *.campoints.net https://*.vxcdn.org https://*.cpmessenger.io https://*.inethoster.org https://*.youtube.com https://*.disqus.com https://disqus.com https://*.feedtures.com https://player.vimeo.com https://paytour.communipay.net https://checkout.communipay.net; child-src 'self' https://*.visit-x.net http://*.visit-x.net *.campoints.net blob:; font-src 'self' *.visit-x.net fonts.gstatic.com data: https://*.zopim.com https://*.disquscdn.com; connect-src 'self' wss://websocket.campoints.net wss://*.farm1.campoints.net wss://*.farm1.campoints.net:443 *.campoints.net *.vxcdn.org *.cpmessenger.io https://*.visit-x.net https://*.visit-x.tv *.google-analytics.com wss://*.zopim.com https://*.getsentry.com https://*.akamaihd.net https://*.disqus.com https://*.wowza.com https://stream.vxcdn.org https://latencytimer.azurewebsites.net/api/HttpTriggerJS1 *.vx-services.net https://ekr.zdassets.com wss://bintu-h5live.nanocosmos.de https://stats.g.doubleclick.net; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com edge.api.brightcove.com viz.tools.investis.com; report-uri /report-csp-violation 1
default-src 'self' http: https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.linkedin.com https://www.youtube.com https://maps.googleapis.com https://polyfill.io; object-src 'self'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' data: http: https:; media-src 'self' 'unsafe-inline' https:; frame-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' 'unsafe-inline' https:; child-src 'self' 'unsafe-inline' https:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.s3.eu-west-2.amazonaws.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
default-src 'none'; img-src *; media-src s3.amazonaws.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google.com www.recaptcha.net www.gstatic.com script.hotjar.com static.hotjar.com d.impactradius-event.com bat.bing.com; connect-src *.easyship.com in.hotjar.com vc.hotjar.io easyship.ilbqy6.net; frame-src vars.hotjar.com www.google.com www.recaptcha.net; style-src 'self' 'unsafe-inline'; font-src 'self' data: 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kcls.bibliocms.com *.kcls.bibliocms.com https://kcls.bibliocms.com kcls.bibliocms.com *.kcls.bibliocms.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de; object-src 'self'; media-src  'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' https://bat.bing.com http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.google.com https://webto.salesforce.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.cludo.com https://*.adsrvr.org https://connect.facebook.net https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.facebook.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net https://*.nsbank.com https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
default-src 'self' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/  ; script-src 'unsafe-inline' 'unsafe-eval' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; object-src 'self' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; style-src 'unsafe-inline' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; img-src data: https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; media-src *; frame-src 'self' https://*.ticimax.com/ https://*.destekalani.com/ https://www.youtube.com/ https://*.vimeo.com/; font-src * 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://www.google.co.nz https://i.vimeocdn.com data:; media-src https://www.youtube.com https://vimeo.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io 'sha384-YzQCrEgYx0YMHxd202bqWPvr081aHRPYRk490ivT+/i24ODjLtMfT/e0nhxcgRYf' 'nonce-NGFhN2M2MmRjZWI2MDI1MzU1YTcxYzE1M2M2NDMxNmVlYmE0MmJmNTYzOGE5N2EzZDkyYmRmYjU5NzJiMGY2NDBhZTM5ZDk5NTQ3MDIzYzU0OWM2NDllNGFhZTIwYWZhMWIzOTBjZDk5YjFiMDc0OWI3YjVlOWQxNjJjN2VhMmY=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
frame-ancestors https://*.reflexisinc.com 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de; script-src 'strict-dynamic' 'nonce-6bb4ffb24d8700be369b7adf5e916121' 'nonce-6ed2d3ec22c7638e05bacea44acdfa26' 'nonce-493933931ccd9adc3b105eab12e216a9' 'nonce-583fc28027c391284a31d9941beda080' 'nonce-059b02f280b492045e40b7a89cafb55e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6bb4ffb24d8700be369b7adf5e916121' 'nonce-6ed2d3ec22c7638e05bacea44acdfa26' 'nonce-493933931ccd9adc3b105eab12e216a9' 'nonce-583fc28027c391284a31d9941beda080' 'nonce-059b02f280b492045e40b7a89cafb55e' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com https://www.youtube.com/; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net; report-uri //report-csp-violation 1
default-src 'self' localhost https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://inc.systran.net https://www.google-analytics.com; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://inc.systran.net; frame-src auth.systran.net https://inc.systran.net https://trs.systran.net 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:* *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com *.google.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' *.business.qld.gov.au 1
default-src 'self' https://api.rss2json.com/ https://d.adroll.com/ https://consentcdn.cookiebot.com/ https://maps.gstatic.com/ https://www.yellowmap.de/ https://www.google.com/  https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://knappschaft.zentrale-pruefstelle-praevention.de/ https://knappschaft.md-medicus.de/ https://bkk-vorteilsrechner.de/ https://rgb.crm.de/knappschaft-bahn-see https://www.youtube.com/ https://api.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://app.usercentrics.eu/ https://graphql.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/ https://d.adroll.com/ https://ct.pinterest.com/ https://www.youtube-nocookie.com/ https://www.facebook.com/ https://www.twitter.com/ https://www.twitter.com/ https://platform.twitter.com/ https://*.readspeaker.com/ ;font-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com  https://fonts.gstatic.com/ data:; style-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn1.readspeaker.com/ https://s.adroll.com/ https://d.adroll.com/ https://connect.facebook.net/ https://track.adform.net/  https://s2.adform.net/ https://www.google-analytics.com/ https://amplify.outbrain.com/ https://d.adroll.mgr.consensu.org/  https://googleads.g.doubleclick.net/   https://www.google.com/ https://www.google.de/ https://api.ipify.org/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.yellowmap.de/ https://www.googleadservices.com/ https://consent.cookiebot.com https://www.youtube.com/iframe_api/ https://googleads.g.doubleclick.net  https://d.adroll.mgr.consensu.org https://tr.outbrain.com/ https://s.pinimg.com/  https://privacy-proxy.usercentrics.eu https://app.usercentrics.eu/ https://www.youtube.com/ https://api.rss2json.com/ https://rss2json.com/ https://snap.licdn.com/ https://platform.twitter.com/  https://kbs-crm.de/ https://static.ads-twitter.com/ https://*.twitter.com/;img-src 'self' data: https://blog.knappschaft.de https://www.facebook.com https://www.google-analytics.com  https://googleads.g.doubleclick.net/ https://tr.outbrain.com/ https://www.yellowmap.de/  https://app.usercentrics.eu/ https://img.usercentrics.eu/ https://ct.pinterest.com/ https://d.adroll.com/ https://blog.minijob-zentrale.de/ https://px.ads.linkedin.com/; 1
default-src 'self' data: http://www.trier.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.trier-info.de https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.pegelonline.wsv.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/lightslider/1.1.6/js/lightslider.js https://www.dw.com 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self' http://*.lib.uiowa.edu https://*.lib.uiowa.edu 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com assets.rockwerchter.be *.typekit.net *.permutive.com;img-src 'self' data: *.gstatic.com maps.googleapis.com www.facebook.com scontent.cdninstagram.com pbs.twimg.com i.ytimg.com scontent.xx.fbcdn.net external.xx.fbcdn.net assets.rockwerchter.be *.google-analytics.com *.doubleclick.net *.betrad.com *.quantserve.com *.evidon.com rockwerchter.be *.x.bidswitch.net *.google.com *.google.be *.consensu.org googlesync.permutive.com api.permutive.com cdn.permutive.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com connect.facebook.net graph.facebook.com *.instagram.com js-agent.newrelic.com bam.nr-data.net assets.rockwerchter.be *.googletagmanager.com *.google-analytics.com *.evidon.com *.quantserve.com *.betrad.com *.quantcount.com tagmanager.google.com *.googleadservices.com *.doubleclick.net *.bh.contextweb.com www.google.com *.google.com *.google.com *.gstatic.com *.consensu.org *.permutive.com api.permutive.com cdn.permutive.com api.permutive.com cdn.permutive.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com assets.rockwerchter.be *.tagmanager.google.com tagmanager.google.com *.typekit.net *.typekit.net;report-uri /nelmio/csp/report;connect-src www.googleapis.com 'self' *.betrad.com *.google-analytics.com *.consensu.org *.permutive.com;frame-src www.youtube.com www.vimeo.com staticxx.facebook.com www.facebook.com web.facebook.com www.google.com 'self' *.betrad.com *.evidon.com 1
frame-ancestors 'self' cmsv2.zebrix.net 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self' data:; object-src 'none'; script-src 'nonce-9baMMjpuh0JXRxigTu29XQ==' 'strict-dynamic'; style-src 'self'; worker-src 'self'; 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; object-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://*.cityofvancouver.us https://*.cityofvancouver.us https://cityofvancouver.arcgis.maps.com https://signup.e2ma.net https://wd5.myworkday.com https://iframe.publicstuff.com https://vancouver.procureware.com https://vancouver.municipal.codes https://apm.activecommunities.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.cityofvancouver.us https://*.cityofvancouver.us https://cityofvancouver.arcgis.maps.com https://signup.e2ma.net https://wd5.myworkday.com https://iframe.publicstuff.com https://vancouver.procureware.com https://vancouver.municipal.codes https://apm.activecommunities.com https://svc.webspellchecker.net https://www.google-analytics.com https://signup-collector.e2ma.net https://connect.facebook.net https://www.facebook.com; report-uri /report-csp-violation 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data:  https://fonts.gstatic.com https: 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-5037967ab4973fe66db51d7518204bfa' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.google.com www.gstatic.com *.googleoptimize.com www.tag4arm.com dev.visualwebsiteoptimizer.com cdn.mouseflow.com connect.facebook.net app.vacancy-filler.co.uk secure.adnxs.com *.doubleclick.net services.postcodeanywhere.co.uk centrepointorguk-staging.azurewebsites.net centrepoint.org.uk platform.twitter.com cdn.syndication.twimg.com *.8x8.com *.dotomi.com *.consensu.org *.stripe.com *.newmode.net *.shpg.org blog.apps.npr.org widget.raisenow.com *.clarity.ms; default-src 'self' data:; worker-src https://centrepointorguk-staging.azurewebsites.net centrepoint.org.uk; style-src 'self' 'unsafe-inline' hello.myfonts.net tagmanager.google.com optimise.google.com fonts.googleapis.com services.postcodeanywhere.co.uk platform.twitter.com widget.raisenow.com *.google.com; connect-src 'self' dev.visualwebsiteoptimizer.com www.tag4arm.com services.postcodeanywhere.co.uk rec1.visualwebsiteoptimizer.com www.google-analytics.com *.doubleclick.net *.clarity.ms; font-src 'self' hello.myfonts.net fonts.gstatic.com fonts.googleapis.com widget.raisenow.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: www.tag4arm.com centrepointorguk.azureedge.net dev.visualwebsiteoptimizer.com centrepointorguk.blob.core.windows.net *.facebook.com *.facebook.net *.g.doubleclick.net http://maps.googleapis.com www.google.com www.google.co.uk www.google-analytics.com optimise.google.com *.googleadservices.com ssl.gstatic.com *.doubleclick.net img.youtube.com rec1.visualwebsiteoptimizer.com cdn.syndication.twimg.com *.twitter.com *.twimg.com *.8x8.com *.liadm.com *.contextweb.com *.vdopia.com *.pubmatic.com *.adnxs.com *.rubiconproject.com *.tremorhub.com *.mediaplex.com *.addkt.com *.dotomi.com core.conversant.mgr.consensu.org padlet.com padlet.net *.clarity.ms *.bing.com www.gstatic.com; frame-src 'self' *.8x8.com *.doubleclick.net www.youtube.com www.google.com optimise.google.com connect.facebook.net www.facebook.com staticxx.facebook.com services.postcodeanywhere.co.uk platform.twitter.com syndication.twitter.com *.stripe.com *.newmode.net padlet.com padlet.net panoramea.co.uk *.google.com; 1
font-src      data:     https://fonts.gstatic.com ; frame-src 'self' www.google.com www.youtube.com; script-src      'self'     https://www.google-analytics.com/analytics.js     https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v2.js ; style-src      'self'     'unsafe-inline'     https://fonts.googleapis.com ; default-src 'self' *.gstatic.com; object-src      'none' ; img-src      'self'     https://* ; manifest-src      'self' ; connect-src      'self'     https://www.google-analytics.com     https://*.doubleclick.net ; report-uri https://csp.withgoogle.com/csp/s~gweb-womentechmakers/1-5-1-1622208370 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com christchurch.bibliocms.com *.christchurch.bibliocms.com https://christchurch.bibliocms.com christchurch.bibliocms.com *.christchurch.bibliocms.com; 1
default-src 'self' https://cdn.census.gov.uk; font-src 'self' https://fonts.gstatic.com https://cdn.census.gov.uk; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://cdn.census.gov.uk; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://cdn.census.gov.uk; connect-src 'self' https://www.google-analytics.com https://cdn.census.gov.uk; frame-src https://www.youtube.com https://www.googletagmanager.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.census.gov.uk 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com; 1
img-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org; 1
base-uri *; child-src * data: blob: filesystem: mediastream:; form-action *; frame-ancestors *; connect-src * data: blob: filesystem: mediastream:; font-src * data: blob: filesystem: mediastream:; frame-src * data: blob: filesystem: mediastream:; img-src * data: blob: filesystem: mediastream:; media-src * data: blob: filesystem: mediastream:; object-src * data: blob: filesystem: mediastream:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:;  default-src *; report-uri https://listenercare.siriusxm.com/prweb/PRServletCustom/2mCjkZJmJzIb2YFZHOYfCw%5B%5B*/!STANDARD 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.gstatic.com;img-src * blob:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org service.bzga.de piwik.bzga.de; style-src 'self' 'unsafe-inline' fast.fonts.net;img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de service.bzga.de; 1
frame-ancestors https://*.deejay.de https://*.vinylfuture.com; 1
sandbox allow-scripts allow-same-origin allow-forms ; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com cincinnatilibrary.bibliocms.com *.cincinnatilibrary.bibliocms.com https://cincinnatilibrary.org cincinnatilibrary.org *.cincinnatilibrary.org; 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.prorail.nl *.spoordata.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'unsafe-inline'  'unsafe-eval'; connect-src https: ws: wss:; 1
frame-ancestors 'self' *.finq.com 1
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com https://www.elwitec.ch/ 1
default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.visa.com *.google-analytics.com www2.theticketfactory.com dpm.demdex.net thenationalexhib.tt.omtrdc.net *.salecycle.com ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net *.googleadservices.com *.google.co.uk *.google.com; object-src data: 'unsafe-eval' 'self' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.visa.com *.queue-it.net cookiesuksouth.blob.core.windows.net; img-src 'self' 'self' data: www.awin1.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk *.visa.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com d16fk4ms6rqz1v.cloudfront.net assets.adobedtm.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.salecycle.com *.tiktok.com *.twitter.com *.googleadservices.com *.doubleclick.net; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com *.visa.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com *.visa.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.salecycle.com *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1
default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://asia.tools.euroland.com https://tools.eurolandir.com https://gamma.euroland.com https://tools.euroland.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-src 'self' https://gamma.euroland.com https://asia.tools.euroland.com http://asia.tools.euroland.com https://tools.eurolandir.com http://tools.eurolandir.com https://tools.euroland.com http://tools.euroland.com https://www.google.com/ https://eurolandirestonia.eurolandir.com https://toolseurope.euroland.com/; font-src 'self' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; img-src 'self' data: https://gamma.euroland.com https://asia.tools.euroland.com http://asia.tools.euroland.com https://www.gravatar.com https://our.umbraco.org https://our.umbraco.com https://umbraco.tv https://dashboard.umbraco.org www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com; connect-src 'self' https://our.umbraco.org https://our.umbraco.com https://www.google-analytics.com; media-src 'self' https://player.vimeo.com; 1
default-src=self 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hmfoundation.com/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com; img-src 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io 'nonce-8b0qRMqU/L3p9wDJQlmcJw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://fonts.gstatic.com; upgrade-insecure-requests 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' *.usercentrics.eu aggregator.service.usercentrics.eu https://www.gstatic.com https://*.3qsdn.com https://*.jameda-elements.de www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com tagmanager.google.com sc.01.sana-apps.de player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.usercentrics.eu aggregator.service.usercentrics.eu https://*.3qsdn.com https://*.jameda-elements.de www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com tagmanager.google.com sc.01.sana-apps.de *.zscaler.net; img-src * data:; style-src 'self' 'unsafe-inline' https://*.3qsdn.com fonts.googleapis.com; media-src 'self' blob: https://*.3qsdn.com; connect-src 'self' *.usercentrics.eu https://*.3qsdn.com vendorlist.consensu.org www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: https://*.3qsdn.com fonts.gstatic.com; frame-ancestors 'self' www.sana.de www.sanadaily.de localhost:* sc.01.sana-apps.de; frame-src 'self' sc.01.sana-apps.de www.sana.de sanadigital.typeform.com maps.google.de *.google.com www.youtube.com www.youtube-nocookie.com 466b13bd.sibforms.com *.livecoder.com player.vimeo.com *.zscaler.net *.sana.de virtualpro360.com 1
default-src 'self' https://player.vimeo.com https://9169248.fls.doubleclick.net https://burgess.theatro360.com https://www.digitalimages.gr https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://www.luxproimaging.com; script-src	www.googletagmanager.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://email.burgessyachts.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net; style-src	translate.googleapis.com 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.dnky.co https://fonts.googleapis.com https://tagmanager.google.com https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com; img-src cm.teads.tv pixel.quantserve.com quantserve.com t.teads.tv teads.tv www.google.bs www.google.by www.google.cm www.google.co.cr www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uz www.google.co.ve www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.my www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vc www.google.com.vn www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hu www.google.im www.google.iq www.google.is www.google.lk www.google.lv www.google.me www.google.mu www.google.mv www.google.no www.google.pl www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.google.tt translate.google.com i.vimeocdn.com connect.facebook.net android-webview-video-poster	www.google.gr www.google.lu www.google.cz r1-t.trackedlink.net	www.google.az	www.google.bg www.google.ch	www.google.com.eg	www.google.com.mx www.google.com.ua	www.google.es	www.google.pt www.google.at www.google.com.mt www.google.com.tr www.google.ie www.google.ae www.google.it www.google.hr 	www.google.be www.google.co.id www.google.com.au www.google.com.br www.google.com.pk www.google.de www.google.dk www.google.fr www.google.je www.google.nl www.google.ro azweusaburdevqa.blob.core.windows.net beacon.krxd.net 	www.facebook.com www.google-analytics.com i.ytimg.com 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com; connect-src wss://ws6.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com 	wss://ws11.hotjar.com 	wss://ws3.hotjar.com 	wss://ws8.hotjar.com wss://ws9.hotjar.com 	www.google.com stats.addtoany.com wss://ws5.hotjar.com	www.google-analytics.com	wss://ws12.hotjar.com wss://ws4.hotjar.com wss://ws7.hotjar.com 'self' stats.g.doubleclick.net wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com; worker-src 'self' blob:; media-src 'self' https://vod-progressive.akamaized.net https://gcs-vimeo.akamaized.net https://skyfire.vimeocdn.com https://fpdl.vimeocdn.com https://video-dev.github.io https://player.vimeo.com blob:; frame-src https://kuula.co kuula.co digitalimages.gr www.digitalimages.gr docs.google.com theatro360.com www.googletagmanager.com 10388175.fls.doubleclick.net 'self' www.digitalimages.gr digitalimages.gr www.google.com https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com https://www.digitowl.vision https://my.matterport.com https://tourmkr.com https://www.golocal.hk https://www.coolwalkee.com https://www.google.com/maps https://www.luxproimaging.com http://vrtour.virtualsinc.com; child-src blob: ;script-src-elem googleads.g.doubleclick.net www.googleadservices.com googleadservices.com rules.quantcount.com gc.kis.v2.scr.kaspersky-labs.com r1-t.trackedlink.net www.googletagmanager.com 'self' 'unsafe-inline' connect.facebook.net r1.dotmailer-surveys.com static.addtoany.com static.hotjar.com www.google-analytics.com www.google.com www.youtube.com s.ytimg.com script.hotjar.com googletagmanager.com addtoany.com gstatic.com www.gstatic.com r1-t.trackedlink.net trackedlink.net p.teads.tv quantserve.com secure.quantserve.com ad.doubleclick.net doubleclick.net data: ; report-uri https://burgesscsp.report-uri.com/r/d/csp/wizard 1
frame-ancestors 'self', facebook.com, *.facebook.com 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net https://xilo.help; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net https://xilo.help; img-src 'self' blob: data: https://*.xilo.net https://xilo.help; media-src 'self' data: https://*.xilo.net https://xilo.help; frame-src *; font-src *; form-action 'self' https://*.xilo.net https://xilo.help; connect-src 'self' https://*.xilo.net https://xilo.help; prefetch-src 'self' https://*.xilo.net https://xilo.help; manifest-src 'self' https://*.xilo.net https://xilo.help; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce 1
default-src 'self' data: https: wss: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.allianz.pand.ai *.fontawesome.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; connect-src 'self' data: https: wss: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.allianz.pand.ai *.fontawesome.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://politemail.crm.dynamics.com/ https://dynamics.com/ https://www.google-analytics.com/ https://www.youtube.com/ https://13d14dc9ca3946fe8a2c0182df594373.svc.dynamics.com/ https://www.facebook.com/ https://secure.gravatar.com/ https://*.svc.dynamics.com/ https://support.politemail.com/ https://www.jotform.com/ https://submit.jotform.com/ https://form.jotform.com/ https://app.jazz.co/ https://sourceforge.net/ https://webchat.botframework.com/ https://cdn.botframework.com/ https://powerva.microsoft.com/ https://web.powerva.microsoft.com/ http://politemailsoftware.applytojob.com/; img-src 'self' data: https://politemail.crm.dynamics.com/ https://dynamics.com/ https://www.google-analytics.com/ https://www.youtube.com/ https://13d14dc9ca3946fe8a2c0182df594373.svc.dynamics.com/ https://www.facebook.com/ https://secure.gravatar.com/ https://*.svc.dynamics.com/ https://support.politemail.com/ https://www.jotform.com/ https://submit.jotform.com/ https://form.jotform.com/ https://app.jazz.co/ https://sourceforge.net/ https://webchat.botframework.com/ https://cdn.botframework.com/ https://powerva.microsoft.com/ https://web.powerva.microsoft.com/ http://politemailsoftware.applytojob.com/; object-src 'self' data: https://politemail.crm.dynamics.com/ https://dynamics.com/ https://www.google-analytics.com/ https://www.youtube.com/ https://13d14dc9ca3946fe8a2c0182df594373.svc.dynamics.com/ https://www.facebook.com/ https://secure.gravatar.com/ https://*.svc.dynamics.com/ https://support.politemail.com/ https://www.jotform.com/ https://submit.jotform.com/ https://form.jotform.com/ https://app.jazz.co/ https://sourceforge.net/ https://webchat.botframework.com/ https://cdn.botframework.com/ https://powerva.microsoft.com/ https://web.powerva.microsoft.com/ http://politemailsoftware.applytojob.com/; frame-src 'self' data: https://politemail.crm.dynamics.com/ https://dynamics.com/ https://www.google-analytics.com/ https://www.youtube.com/ https://13d14dc9ca3946fe8a2c0182df594373.svc.dynamics.com/ https://www.facebook.com/ https://secure.gravatar.com/ https://*.svc.dynamics.com/ https://support.politemail.com/ https://www.jotform.com/ https://submit.jotform.com/ https://form.jotform.com/ https://app.jazz.co/ https://sourceforge.net/ https://webchat.botframework.com/ https://cdn.botframework.com/ https://powerva.microsoft.com/ https://web.powerva.microsoft.com/ http://politemailsoftware.applytojob.com/; 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src 'self';  style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://rum-http-intake.logs.datadoghq.eu https://*.visualforce.com https://stats.g.doubleclick.net https://*.bing.com https://*.virtualearth.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com  https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com https://*.adobedtm.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://www.rumiview.com https://twin-iq.kickfire.com https://tag.simpli.fi https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://*.bing.com https://*.virtualearth.net https://js.stripe.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com https://twin-iq.kickfire.com https://www.rumiview.com https://*.bing.com https://*.virtualearth.net https://*.salesforce.com https://*.force.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://*.doubleclick.net https://js.stripe.com; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 1
connect-src * 'unsafe-inline' 'unsafe-eval'; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru yookassa.ru  *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com cfv4.com qoopler.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-rqWILahRux4Q2TWNXFQhVdDOPOTGZHCg' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com *.smartlook.cloud *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com *.smartlook.cloud https://googleads.g.doubleclick.net *.gstatic.com *.clarity.ms;form-action 'self';frame-src 'self' blob: www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' blob: www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com *.smartlook.cloud *.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com *.pricespider.com  *.salesforce.com *.force.com *.salesforceliveagent.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com *.pricespider.com  *.force.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au legal.bbulibrary.com *.googletagmanager.com *.pricespider.com; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com c.sharethis.mgr.consensu.org  *.force.com; font-src 'self' *.gstatic.com data:; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net *.google-analytics.com *.force.com; report-uri /'', default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
frame-ancestors 'self' shankswakefieldepermits.co.uk renewiwakefieldpermits.co.uk 1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 1
frame-ancestors https://www.redvalentino.com/ https://www.redvalentino.com/ ; 1
frame-ancestors http://*.grandvalira.com https://*.grandvalira.com http://*.ordinoarcalis.com https://*.ordinoarcalis.com http://*.grandvaliraresorts.com https://*.grandvaliraresorts.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; report-uri //report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-eval'; style-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-inline'; frame-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com; font-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; img-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; connect-src 'self' *.horacemann.com *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.yotpo.com https://fonts.googleapis.com https://*.twitter.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://*.yotpo.com https://yotpo-editor-production.s3.amazonaws.com/ https://www.google-analytics.com tmlewin.imgix.net shift-uat.imgix.net https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead/ https://www.google.com/pagead/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com https://www.google.com/ads/ https://www.google.co.uk/ads https://www.google.co.uk/ads/ https://prf.hn https://www.ist-track.com https://cx.atdmt.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.googleadservices.com https://*.afterpay.com https://uktc.fospha.com https://public-content-store.torque-platform.com https://r1.trackedweb.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://insights.algolia.io https://*.yotpo.com https://*.afterpay.com https://*.optimizely.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://www.ist-track.com https://bat.bing.com https://tpc.googlesyndication.com https://sc-static.net https://prf.hn/conversion https://tpc.googlesyndication.com/sodar https://aax-eu.amazon-adsystem.com https://tracking.myunidays.com https://www.googleadservices.com https://tag.mention-me.com http://www.google.com/pagead/ https://static.mention-me.com https://cdn.unidays.world https://api.myunidays.com https://snap.licdn.com https://assets.revlifter.io https://analytics.tiktok.com https://d2236hi0n02pja.cloudfront.net/1b36f6d6-438e-4525-9693-177c6f95ad4f.js https://www.googleadservices.com https://revlifter-js.s3-eu-west-1.amazonaws.com https://uktc.fospha.com https://static.trackedweb.net; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://*.optimizely.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://tr.snapchat.com https://aax-eu.amazon-adsystem.com https://tmlewin.official-coupons.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://insights.algolia.io https://*.yotpo.com https://*.afterpay.com https://*.optimizely.com https://*.instagram.com https://*.sciencebehindecommerce.com https://api.everythinglocation.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.facebook.com/tr/ https://*.sentry.io https://cp.official-deals.co.uk https://cp.official-coupons.com https://devt.revlifter.com; font-src data: www.tmlewin.co.uk https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.yotpo.com https://fonts.gstatic.com; media-src 'self' https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com; form-action 'self' https://*.twitter.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.twitter.com https://www.facebook.com/tr/ https://tr.snapchat.com; object-src 'self'; block-all-mixed-content; report-uri https://5ce9a457525b0c6b344093f4321341fa.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; prefetch-src 'self' *.boltdns.net *.googleapis.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com bat.bing.com/bat.js connect.facebook.net static.ads-twitter.com *.twitter.com snap.licdn.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net bat.bing.com static.ads-twitter.com t.co px.ads.linkedin.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com * *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com https://www.aicpa.org/bin/aicpaorg/uca?command=logout assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net o2.mouseflow.com players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com bat.bing.com *.facebook.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com bid.g.doubleclick.net *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 1
default-src  'self';font-src  'self' data: fonts.gstatic.com;connect-src  'self' *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.glami.cz *.ebscohost.com *.facebook.net *.imedia.cz *.seznam.cz *.doubleclick.net *.gstatic.com reenio.cz;form-action  'self' *.facebook.com *.facebook.net uhk.rezervace.online;frame-src  'self' blob: www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com *.imedia.cz *.seznam.cz uhk.rezervace.online tourmkr.com experts.ai;worker-src  'self' blob: www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com *.imedia.cz *.seznam.cz uhk.rezervace.online tourmkr.com experts.ai;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.glami.cz *.fg.cz *.placeholder.com *.uhk.cz *.ebscohost.com *.facebook.com *.imedia.cz *.seznam.cz;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com;object-src  'self' 1
connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://www.google-analytics.com https://www.google.com https://www.google.es https://stats.g.doubleclick.net https://www.facebook.com/ https://px.ads.linkedin.com/ data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1
frame-ancestors 'self' http://www.lugaro.com http://www.manfredijewels.com http://www.dutyfreediplomatic.com 1
default-src 'self';font-src 'self' data: fonts.gstatic.com cdn-vsh.runczech.com cdn-www3-runczech2013-test.fg.cz api.mapy.cz;connect-src 'self' *.doubleclick.net *.google.com *.googleapis.com www.google-analytics.com *.instagram.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.runczech.com cdn-www3-runczech2013-test.fg.cz *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.glami.cz *.licdn.com *.linkedin.com api.instagram.com downloads.mailchimp.com *.facebook.net *.list-manage.com *.highcharts.com api.mapy.cz s3.amazonaws.com;form-action 'self' *.facebook.com *.facebook.net 3dsecure.gpwebpay.com *.list-manage.com;frame-src 'self' www.cognitoforms.com www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.facebook.com *.facebook.net public.pim.cz *.google.com e.issuu.com *.gpsguard.eu *.tds-live.com runczech.golibe.com player.vimeo.com *.activetimes.eu activetimes.eu;worker-src 'self' www.youtube.com *.iplatba.cz;frame-ancestors 'self' *.aktualne.cz aktualne.cz;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.glami.cz cdn-www3-runczech2013-test.fg.cz cdn-vsh.runczech.com *.facebook.com scontent.cdninstagram.com cdn-images.mailchimp.com *.atdmt.com http://*.staticflickr.com edee.runczech.com http://*.vimeocdn.com *.mapy.cz *.cdninstagram.com *.fbcdn.net;style-src 'self' 'unsafe-inline' cdn-vsh.runczech.com cdn-www3-runczech2013-test.fg.cz translate.googleapis.com fonts.googleapis.com *.google.com downloads.mailchimp.com public.pim.cz api.mapy.cz;object-src 'self' 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' * ; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; child-src 'self' *; font-src 'self' data: *; connect-src 'self' * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
frame-ancestors *.amboss.com 1
frame-ancestors 'self' https://www.bharatpetroleum.in https://*.bpcl.in 1
frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; frame-src *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; report-uri /security/csp/report 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-92IlB30+MMsfdlVzsEyNVHFV' 'nonce-zaIC8vtr1oqQGlqep7EL7YO7' 'nonce-upUDgnSuCJfYKrcanGSeAHK8' 'nonce-byZ5Q38FKY80uHoIM9GCuC71' 'nonce-ligIlce5dKxjvQXhFhbGc2Ce' 'nonce-85UsOzMszs7UMUeSZiraaYKy' 'nonce-K0fGaMSKCY1j4NRAMODWOiqZ' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.gs1-germany.de https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://ext.nonstoppartner.net https://*.hotjar.com; style-src https: 'unsafe-inline' https://*.gs1-germany.de https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com; frame-src 'self' https://*.walls.io https://www.youtube-nocookie.com https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://ext.nonstoppartner.net https://*.gs1.org; frame-ancestors 'self' https://academy.gs1-germany.de; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org *.crazyegg.com; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' *.leoncountyfl.gov ; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://*.ndlah5p.com https://h5p.org https://*.ndla.no https://players.brightcove.net http://players.brightcove.net https://players.brightcove.net *.nrk.no http://nrk.no https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://www.youtube.com https://s.ytimg.com https://cdn.auth0.com https://vjs.zencdn.net https://httpsak-a.akamaihd.net *.brightcove.com *.facebook.net *.twitter.com *.twimg.com *.brightcove.net bcove.me bcove.video *.api.brightcove.com *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.edgefcs.net *.akafms.net *.edgesuite.net *.akamaihd.net *.analytics.edgekey.net *.deploy.static.akamaitechnologies.com *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net  *.gallerysites.net ndla.no *.ndla.no ws://*.hotjar.com wss://*.hotjar.com https://*.hotjar.com cdnjs.cloudflare.com https://*.zendesk.com https://static.zdassets.com cdn.jsdelivr.net; frame-src blob: *.nrk.no nrk.no *.vg.no vg.no https://www.tv2skole.no/ https://www.scribd.com/ https://optimize.google.com https://www.youtube.com ndla.no *.ndlah5p.com https://h5p.org *.ndla.no *.slideshare.net slideshare.net *.vimeo.com vimeo.com *.ndla.filmiundervisning.no ndla.filmiundervisning.no *.prezi.com prezi.com *.commoncraft.com commoncraft.com *.embed.kahoot.it *.brightcove.net https://*.hotjar.com embed.kahoot.it fast.wistia.com https://khanacademy.org/ *.khanacademy.org/ *.vg.no/ *.facebook.com *.twitter.com e.issuu.com new.livestream.com livestream.com channel9.msdn.com tomknudsen.no www.tomknudsen.no geogebra.org www.geogebra.org ggbm.at www.imdb.com imdb.com miljoatlas.miljodirektoratet.no www.miljostatus.no miljostatus.no phet.colorado.edu lab.concord.org worldbank.org *.worldbank.org ted.com embed.ted.com embed.molview.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com *.twitter.com *.twimg.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: cdnjs.cloudflare.com https://*.hotjar.com cdn.jsdelivr.net; img-src 'self' https://*.ndla.no https://www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net http://metrics.brightcove.com https://httpsak-a.akamaihd.net https://*.boltdns.net https://www.nrk.no/ https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://ndla.zendesk.com *.facebook.com *.twitter.com *.twimg.com  data:; media-src 'self' blob: https://*.ndla.no *.brightcove.com brightcove.com; connect-src  'self'  https://*.ndla.no https://logs-01.loggly.com https://edge.api.brightcove.com https://*.brightcove.com https://bcsecure01-a.akamaihd.net https://hlsak-a.akamaihd.net ws://*.hotjar.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.com:* https://www.google-analytics.com https://*.zendesk.com https://ekr.zdassets.com https://optimize.google.com https://ltiredirect.itslearning.com https://platform.itslearning.com cdn.jsdelivr.net 1
script-src 'self' cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' connect.facebook.net *.facebook.net *.stg.brandwire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com 1
frame-ancestors 'self' https://www.thechristhospitalmychart.com; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kdl.bibliocms.com *.kdl.bibliocms.com https://kdl.org kdl.org *.kdl.org; 1
default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.broadviewnet.com https://flex.msn.com https://ssl.google-analytics.com https://snapabug.appspot.com https://www.snapengage.com; style-src 'self' 'unsafe-inline' ; img-src *; font-src 'self' data:;frame-src 'self' 'self' https://www.youtube.com; report-uri https://identity.broadviewnet.com/IdentityProvider/csp/report 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com www.google.de www.google.com googleads.g.doubleclick.net; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ https://*.facebook.net https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-A3Mz1feagj0R4e3QXFFPiw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1
script-src *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.googleapis.com *.gstatic.com *.facebook.net *.justserve.org *.servir.org *.facebook.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: placehold.it placeholdit.imgix.net 'self' ws://localhost:3000 ws://10.0.2.2:3000 ws://localhost:8080 assets.adobedtm.com dpm.demdex.net cdn.tt.omtrdc.net ldschurch.tt.omtrdc.net *.tintup.com *.hypermoarks.com *.cloudfront.net players.brightcove.net vjs.zencdn.net edge.api.brightcove.com blob: * metrics.brightcove.com consent.truste.com consent-pref.truste.com 'unsafe-inline' 'unsafe-eval'; style-src *.fonts.net *.opendns.com *.googleapis.com *.justserve.org *.servir.org *.lds.org *.ldscdn.org *.churchofjesuschrist.org 'self' 'unsafe-inline' 1
default-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu cdn.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com; connect-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.truste.com *.newrelic.com *.nr-data.net *.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com ; img-src 'self' data: *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' *.navexglobal.com *.policytech.com *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu ethicspoint.eu player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com *.typekit.net; font-src 'self' fonts.gstatic.com ajax.googleapis.com *.typekit.net; frame-ancestors 'self' *.pendo.io *.ethicspoint.eu; 1
default-src 'unsafe-inline' 'self' https:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; frame-src 'self' https:; connect-src 'self' https: 1
default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * blob:;frame-ancestors 'self' ;form-action * ;manifest-src * ; 1
allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.xport.glopalservice.com http://*.xport.glopalservice.com https://*.borderlinx.com http://*.borderlinx.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://aws.bximg.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com ; options inline-script eval-script 1
frame-ancestors 'self' https://twitter.com; 1
frame-ancestors 'self' http://preview.ceros.com http://view.ceros.com http://*.mccarthy.com http://*.digcastle.com https://preview.ceros.com https://view.ceros.com https://*.mccarthy.com https://*.digcastle.com 1
default-src 'self'; font-src * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-inline'; style-src 'self' 'unsafe-inline' frame-src https://*.youtube.com/ https://*.oxy.com  https://*.youtube-nocookie.com http://*.corporate-ir.net https://occidentalpetroleum.gcs-web.com 1
frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1
frame-ancestors https://www.bdli.de/ https://staging.bdli.de *.ila-berlin.de localhost ila.lndo.site http://ila.lndo.site:8000; report-uri //report-csp-violation 1
default-src 'none'; script-src 'self' https://static.cryptomkt.com/ https://cdn4.mxpnl.com/ https://static.olark.com/ https://api.olark.com/ https://knrpc.olark.com/ https://assets.olark.com/; object-src 'self' https://static.cryptomkt.com/; style-src 'self' 'unsafe-inline' https://static.cryptomkt.com/ https://fonts.googleapis.com/ https://static.olark.com/; img-src 'self' data: https://static.cryptomkt.com/ https://log.olark.com/ https://static.olark.com/; media-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; frame-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; font-src 'self' data: https://static.cryptomkt.com/ https://fonts.gstatic.com https://static.olark.com/; connect-src 'self' wss://worker.cryptomkt.com/ https://worker.cryptomkt.com/ https://api-js.mixpanel.com/ https://knrpc.olark.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org; 1
default-src 'self'; frame-src 'self' https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self';img-src *; script-src *; 1
default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * ;frame-ancestors * ;form-action * ;manifest-src * ; 1
frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1
base-uri 'self' about:;block-all-mixed-content;child-src fallsviewer.ca 'self';connect-src 'self' data: *.youtube.com fonts.gstatic.com www.clarity.ms cloudflareinsights.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.readspeaker.com rebound.postmarkapp.com img.niagarafalls.ca cdn.monsido.com https://*.smartlook.com https://*.smartlook.cloud;default-src https: 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' null cdnjs.cloudflare.com fonts.gstatic.com niagarafalls.ca;form-action 'self' *.paypal.com *.readspeaker.com niagarafalls.ca;frame-ancestors 'self' fallsviewer.ca map.niagarafalls.ca niagarafalls.ca *.us.monsido.com; frame-src fallsviewer.ca niagarafalls.maps.arcgis.com mapme.com viewer.mapme.com www.facebook.com *.niagarafalls.ca *.readspeaker.com www.google.com www.youtube.com youtube.com niagarafalls.ca *.transitapp.com ;img-src data: 'self' img.niagarafalls.ca *.readspeaker.com res.cloudinary.com https://www.google-analytics.com *.gstatic.com stats.g.doubleclick.net www.youtube.com *.monsido.com *.googleapis.com https://*.google.com https://*.google.ca;media-src *.readspeaker.com youtu.be *.youtube.com;object-src *.youtube.com 'self'; report-uri https://niagarafalls.ca/webservices/csp-enforce;script-src 'self' blob: google.com *.googleapis.com *.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com www.google-analytics.com www.clarity.ms *.cloudflareinsights.com connect.facebook.net *.readspeaker.com rebound.postmarkapp.com cdn.monsido.com www.youtube.com api.transitapp.com *.ytimg.com https://*.smartlook.com https://*.smartlook.cloud 'unsafe-inline' 'unsafe-eval';style-src 'self' stackpath.bootstrapcdn.com *.googleapis.com *.google.com *.readspeaker.com 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob: 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-FD8z67g4dmtTX14yu+J8hg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
default-src'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://connect.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.online-metrix.net https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.devolksbank.nl https://*.googleapis.com https://srv.snsbank.nl https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube-nocookie.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://srv.snsbank.nl https://*.demdex.net; base-uri 'self'; img-src 'self' https://*.devolksbank.nl https://srv.snsbank.nl https://tagmanager.google.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google-analytics.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; connect-src 'self' https://*.devolksbank.nl https://srv.snsbank.nl https://www.google-analytics.com https://www.google-analytics.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
  default-src 'self';   base-uri 'self';   style-src 'self' 'unsafe-inline';   script-src 'self' 'unsafe-eval' *.google.com;  object-src 'self' multimedia.gsb.bund.de;   media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org;   child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com;   img-src 'self' data: *.google.com *.gstatic.com *.youtube.com;   frame-ancestors 'none'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com epl.bibliocms.com *.epl.bibliocms.com https://epl.bibliocms.com epl.bibliocms.com *.epl.bibliocms.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://www.google-analytics.com https://trendygolf.imgix.net https://production-trendygolf-1556104155.s3.amazonaws.com https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead/ https://www.google.com/pagead/ https://www.facebook.com https://stats.g.doubleclick.net https://t.paypal.com https://googleads.g.doubleclick.net/ https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://insights.algolia.io https://www.google-analytics.com https://ssl.google-analytics.com https://apis.google.com https://*.twitter.com https://*.twimg.com https://*.instagram.com/en_US/embeds.js https://www.dwin1.com https://www.googleadservices.com https://connect.facebook.net https://ads.avocet.io https://googleads.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.awin1.com https://www.google.com/pagead/ https://beacon-v2.helpscout.net; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.googletagmanager.com https://www.google.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://www.paypalobjects.com https://graph.facebook.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://insights.algolia.io https://*.instagram.com https://*.sciencebehindecommerce.com https://www.facebook.com https://www.paypal.com https://stats.g.doubleclick.net https://graph.facebook.com https://*.cloudfront.net https://*.helpscout.net; font-src data: https://trendygolf.com; media-src 'self'; form-action 'self' https://*.twitter.com https://*.twitter.com https://www.facebook.com/tr/; object-src 'self'; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
frame-ancestors 'self'; frame-src 'self' centredeservices.alturing.eu www.youtube.com www.youtube-nocookie.com *.chronopost.fr *.weborama.fr www.googletagmanager.com mmtro.com www.zenaps.com *.doubleclick.net www.awin.com marketingplatform.google.com *.cookiebot.com 1
img-src blob: * android-webview-video-poster: data:; media-src * data:; connect-src *.googleadservices.com *.doubleclick.net https://io.fusedeck.net https://cdn.fusedeck.net 'self' *.google-analytics.com wss://io.fusedeck.net; worker-src blob: 'self'; font-src * data:; default-src player.vimeo.com *.yourmoney.ch *.newsbox.ch secure.adnxs.com *.cashgate.ch 'unsafe-eval' *.gstatic.com *.issuu.com *.tkb.ch 'self' tagmanager.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com e2.marco.ch *.adform.net io.fusedeck.net 'unsafe-inline' 1
policy-uri /'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/  https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/  https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
frame-ancestors http://*.viewlift.com 1
allow 'self'; frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; frame-src *; style-src * 'unsafe-inline'; 1
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com 1
frame-ancestors *; 1
font-src 'self' static.flatfy.com *.gstatic.com; frame-src 'self' www.google.com/recaptcha/ *.hotjar.com *.hotjar.io; script-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.google.com/ads/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com fonts.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.google-analytics.com *.hotjar.com *.hotjar.io wss:; default-src 'self' static.flatfy.com *.gstatic.com *.hotjar.com *.hotjar.io 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net plink-production.s3-eu-central-1.amazonaws.com plink-development.s3-eu-central-1.amazonaws.com; frame-ancestors 'none'; img-src 'self' *.mollie.com mollie.dev stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.in www.google.co.ma www.google.co.th www.google.co.uk www.google.com www.google.com.hk www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.hu www.google.ie www.google.it www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk play-lh.googleusercontent.com www.google-analytics.com www.gstatic.com www.facebook.com; script-src 'self' www.google-analytics.com www.googleadservices.com ajax.googleapis.com connect.facebook.net 'nonce-MGiat8Dn2Pa84Jor1PCLbg=='; style-src 'self' 'unsafe-inline'; report-uri https://o29109.ingest.sentry.io/api/5384345/security/?sentry_key=70667fd3313e41ae8a6af1ac55828e78&sentry_environment=prod 1
prefetch-src https://disqus.com https://c.disquscdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com *.jquery.com *.typekit.net *.facebook.net *.hotjar.com *.aspnetcdn.com *.pinimg.com *.xg4ken.com *.optimizely.com *.jwplatform.com *.jwpcdn.com *.addthis.com *.addthisedge.com *.moatads.com https://sparuk.disqus.com https://disqus.com https://c.disquscdn.com https://woobox.com config1.veinteractive.com; default-src 'self' data:; worker-src blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net https://disqus.com https://c.disquscdn.com https://optimize.google.com; connect-src 'self' *.google-analytics.com *.doubleclick.net *.pinterest.com *.jwplatform.com *.jwpsrv.com *.disqus.com *.veinteractive.com; font-src 'self' *.gstatic.com *.typekit.net; img-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.gravatar.com *.ssl.com *.facebook.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleads.com *.typekit.net https://googleads.g.doubleclick.net *.google.com *.google.co.uk *.pinterest.com https://az836042.vo.msecnd.net https://sparuk.blob.core.windows.net *.jwplatform.com *.jwpsrv.com *.jwpltx.com *.viglink.com https://disqus.com https://c.disquscdn.com https://www.googleadservices.com drs2.veinteractive.com *.fls.doubleclick.net; media-src blob:; frame-src 'self' *.google.com *.addthis.com *.vimeo.com *.youtube.com *.facebook.com *.doubleclick.net https://disqus.com https://woobox.com online.anyflip.com config1.veinteractive.com; 1
default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdn.datatables.net https://static.zdassets.com https://v2.zopim.com https://unpkg.com https://unpkg.com/ionicons@5.1.2/dist/ionicons/p-4372c4bc.js https://static.customersaas.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/  https://widget-mediator.zopim.com/ https://static.hotjar.com/ https://script.hotjar.com/; connect-src 'self' https://ekr.zdassets.com https://tracker.customersaas.com/ https://api.customersaas.com https://www.google-analytics.com/ https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://in.hotjar.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io/ https://stats.g.doubleclick.net/ ; img-src 'self' 'unsafe-inline' https://developers.google.com  https://www.viva.com.bo https://viva.com.bo https://www.google.com https://www.google.com.bo https://www.google-analytics.com https://secure.gravatar.com https://v2assets.zopim.io/ https://v2.zopim.com/ https://maps.gstatic.com https://maps.googleapis.com https://d35v9wsdymy32b.cloudfront.net https://static.customersaas.com https://d3mwk3f7r8fv9u.cloudfront.net data:; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://cdn.datatables.net https://d1r5etm691cejh.cloudfront.net https://static.customersaas.com; font-src 'self' https://fonts.gstatic.com https://v2.zopim.com/ https://static.customersaas.com data:; frame-src https://www.google.com/ https://vars.hotjar.com/; 1
default-src https://ipara.com;https://ipara.com.tr 1
allow 'self'; frame-ancestors http://asmart.inone.useinsider.com/ 1
default-src https:; img-src https: 'self' data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
default-src https: data: 'unsafe-inline'; object-src 'self'; script-src  'self' https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
default-src *; style-src *; connect-src * 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net www.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.googleusercontent.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=bDz9qdYD42q0rUqm4cbdibGruEpVp2HxOQoLEDssAwsa%2BU8Xaq%2B8CJYY4DDMJ2lRLf8e%2FnFTPIMknxBzjyXQHQ%3D%3D; 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data: 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com  https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com  https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com  https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com  https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://smartslider3.com  https://www.yumpu.com  https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://yoast.com https://*.google-analytics.com; media-src https://* 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sno-isle.bibliocms.com *.sno-isle.bibliocms.com https://www.sno-isle.org www.sno-isle.org *.www.sno-isle.org; 1
default-src 'self'; child-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru mc.yandex.ru accounts.google.com content.googleapis.com; connect-src 'self' wss://seolib.ru:8018 mc.webvisor.org mc.webvisor.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; font-src 'self' data: updates.seolib.ru seolib.ru fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru accounts.google.com content.googleapis.com; img-src 'self' data: favicon.yandex.net www.google-analytics.com www.googletagmanager.com https://*.googleusercontent.com stats.g.doubleclick.net mc.webvisor.org gstatic.com www.gstatic.com www.google.com www.google.com.ua www.google.ru mc.yandex.ru reformal.ru cdn.jsdelivr.net media.reformal.ru http://traffic.alexa.com http://runep.ru/; media-src https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' updates.seolib.ru seolib.ru media.reformal.ru www.google-analytics.com www.googletagmanager.com tagmanager.google.com stats.g.doubleclick.net mc.webvisor.org d31j93rd8oukbv.cloudfront.net mc.yandex.ru www.google.com www.google.com.ua www.google.ru apis.google.com https://apis.google.com gstatic.com www.gstatic.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com seolib.ru www.google.com ajax.googleapis.com use.fontawesome.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; report-uri /csp/report 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.com  data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
script-src 'self' *.stripe.com *.continual.ly googleads.g.doubleclick.net googleads.g.doubleclick.ne www.google-analytics.com www.googletagmanager.com www.googleadservices.com ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com www.youtube.com s.ytimg.com *.amazonaws.com 'unsafe-inline'; 1
allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.walkme.com; img-src *; media-src *; frame-src 'self' 1
base-uri 'self' 'report-sample'; block-all-mixed-content; form-action 'self' 'report-sample'; frame-ancestors 'self'; default-src 'none'; connect-src 'self' 'report-sample'; frame-src 'self' 'report-sample'; img-src 'self' data: 'report-sample'; font-src 'self' 'report-sample'; media-src 'self' 'report-sample'; manifest-src 'self' 'report-sample'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; report-uri /auktion/clients/csp_violation.php 1
frame-ancestors 'self'  https://*.advisorservices.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com 1
child-src 'self' youtube.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com https://forms-edcc.conectys.com; frame-src 'self' youtube.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com https://forms-edcc.conectys.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.segment.com/ https://*.leaddyno.com/ https://*.hotjar.com/ https://*.lfeeder.com/ https://*.intercom.io/ https://*.googleapis.com/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.hsforms.net/ https://*.hs-analytics.net/ https://*.hs-scripts.com/ https://*.hs-banner.com/ https://*.hscollectedforms.net/ https://*.bing.com/ https://*.googleadservices.com/ https://*.heapanalytics.com/ https://*.intercomcdn.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.intercomusercontent.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com http://fonts.intercomcdn.com https://intercom.help https://api-iam.intercom.io https://js.intercomcdn.com https://*.growsurf.com https://widgets.boast.io; img-src 'self' data: https://*.lfeeder.com/ https://*.facebook.com/ https://*.bing.com/ https://*.heapanalytics.com/ https://heapanalytics.com/ https://*.hubspot.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.hsforms.com/ https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://*.google.co.uk; object-src 'self' data: https://*.facebook.com/ https://*.hotjar.com/ https://*.doubleclick.net/; frame-src 'self' data: https://*.facebook.com/ https://*.hotjar.com/ https://*.doubleclick.net/; 1
default-src 'self' themes.googleusercontent.com www.google-analytics.com stats.g.doubleclick.net data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; block-all-mixed-content; connect-src 'self' www.google-analytics.com https://api.recurly.com https://api.stripe.com/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com https://js.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' www.google-analytics.com js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://unpkg.com/swagger-ui-dist@3.29.0/swagger-ui-bundle.js https://cdn.jsdelivr.net/npm/d3@3.5.17/d3.min.js https://cdn.jsdelivr.net/npm/nvd3@1.8.6/build/nv.d3.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com 'unsafe-inline' 'sha256-lWqs1p92yS+Ym1QyqatK6geFegJdlpxgUeFU6t72SGw=' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' fonts.googleapis.com https://unpkg.com/swagger-ui-dist@3.29.0/swagger-ui.css https://cdn.jsdelivr.net/npm/nvd3@1.8.6/build/nv.d3.min.css https://api.recurly.com 'unsafe-inline' 1
default-src 'self' chrome-extension *.adform.net; child-src www.youtube.com player.vimeo.com www.gstatic.com www.facebook.com web.facebook.com www.googletagmanager.com www.strava.com connect.garmin.com *.adform.net; connect-src 'self' www.facebook.com www.google-analytics.com stats.g.doubleclick.net *.adform.net; font-src 'self' data: chrome-extension fonts.gstatic.com use.fontawesome.com *.adform.net; frame-src 'unsafe-eval' www.youtube.com player.vimeo.com www.gstatic.com www.facebook.com web.facebook.com www.googletagmanager.com www.strava.com connect.garmin.com *.adform.net; img-src * data: maps.gstatic.com *.googleapis.com *.ggpht; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.google-analytics.com https://www.google-analytics.com/analytics.js ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com maps.googleapis.com googleads.g.doubleclick.net tagmanager.google.com connect.facebook.net reklama.bikeworld.pl portal.bikeworld.pl katalog.bikeworld.pl *.adform.net; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.adform.net; report-uri /csp/report 1
frame-ancestors *.scaledrone.com 1
block-all-mixed-content; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1
'nosniff'; 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com aclibrary.bibliocms.com *.aclibrary.bibliocms.com https://aclibrary.org aclibrary.org *.aclibrary.org; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com lvccld.bibliocms.com *.lvccld.bibliocms.com https://lvccld.org lvccld.org *.lvccld.org; 1
default-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com https://*.googlevideo.com 'unsafe-inline' 'unsafe-eval'; media-src https://www.mediengruppe-rtl.de blob:; img-src 'self' data: https://yt3.ggpht.com https://i.ytimg.com; script-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; style-src https://www.mediengruppe-rtl.de https://fonts.gstatic.com https://www.youtube-nocookie.com https://s.ytimg.com 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org; frame-ancestors 'none' 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /en/report-csp-violation 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com *.pricespider.com *.hotjar.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com  *.pricespider.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com   *.pricespider.com *.fbcdn.net; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com data:; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com slpl.bibliocms.com *.slpl.bibliocms.com https://www.slpl.org www.slpl.org *.www.slpl.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.stripe.com https://*.windriverfinancialgateway.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sejda.com *.polyfill.io *.sites-appleby.vuturevx.com https://sites-appleby.vuturevx.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.googleapis.com *.fonts.net *.algolianet.com data: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.fonts.net https://fast.fonts.net ; font-src 'self' *.fonts.net https://fast.fonts.net *.gstatic.com data: ; img-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.gravatar.com *.doubleclick.net data: ; connect-src 'self' *.sejda.com *.google-analytics.com *.algolia.net *.algolianet.com data: ; frame-src 'self' *.google.com *.vimeo.com *.youtube.com *.vuturevx.com *.brightcove.net data: ; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com ccclib.bibliocms.com *.ccclib.bibliocms.com ccclib.org *.ccclib.org http://ccclib.org; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://*.openstreetmap.org privacy.trustcommander.net *.adtelligence.de *.kameleoon.eu *.kameleoon.com *.novomind.com *.provenexpert.com *.google-analytics.com *.doubleclick.net *.commander1.com *.otto.de *.rs.ogit.cloud *.bing.com *.xiti.com *.mouseflow.com; font-src 'self' 'unsafe-inline' data: *.gstatic.com; frame-ancestors *.hanseaticbank.de *.hbnext.de *.test *.develop-sr3snxi-7qbx3id7snbj6.eu-2.platformsh.site *.release-utkfd3a-7qbx3id7snbj6.eu-2.platformsh.site; frame-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://direktkredit.hanseaticbank.de cdn.trustcommander.net cdn.tagcommander.com sonata.aklamio.com *.youtube.com *.instagram.com *.twitter.com *.facebook.com *.test *.google.com *.google-analytics.com *.googletagmanager.com; img-src 'self' data: https://antrag.hanseaticbank.de https://antrag.hbnext.de http://*.tile.osm.org https://*.tile.openstreetmap.org manager.tagcommander.com analytics.aklamio.com *.kameleoon.eu *.kameleoon.com *.novomind.com *.otto.de *.rs.ogit.cloud *.xiti.com *.adtelligence.de *.outbrain.com *.bing.com *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.facebook.com *.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://code.jquery.com cdn.trustcommander.net cdn.tagcommander.com cdn.mouseflow.com platform.commandersact.com api.aklamio.com api.amio-dev.com *.hanseaticbank.de *.googleapis.com *.adtelligence.de *.kameleoon.eu *.kameleoon.com *.novomind.com *.provenexpert.com *.google-analytics.com *.googletagmanager.com *.outbrain.com *.bing.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' https://antrag.hanseaticbank.de https://antrag.hbnext.de *.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' *.crazyegg.com https://www.google-analytics.com; child-src 'self' https://player.pippa.io https://player.acast.com https://embed.acast.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com https://consentcdn.cookiebot.com/; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; 1
default-src 'self'; script-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; style-src * 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src *; 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 1
default-src https: 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src https:; style-src https: 'unsafe-inline'; img-src https: data:; media-src https:; font-src https: data:; connect-src https: wss:; frame-ancestors 'self' partner.approvalmax.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de; frame-ancestors 'self'; 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com npmcdn.com *.vimeocdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.global.ssl.fastly.net *.googleadservices.com *.wistia.com *.cloudflare.com *.googleapis.com *.adobedtm.com *.sharethis.com *.adsrvr.org npmcdn.com *.pardot.com *.linkedin.com *.quantcount.com *.quantserve.com *.licdn.com *.kickfire.com *.bugherd.com *.rumiview.com *.medpace.com *.vimeocdn.com *.medtargetsystem.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.fls.doubleclick.net *.linkedin.com yoa.st *.sharethis.com *.medpace.com *.pixel.ad *.addthis.com *.truoptik.com *.liadm.com *.adsrvr.org *.adsymptotic.com *.quantserve.com *.ads.linkedin.com *.kickfire.com *.semasio.net *.krxd.net *.rumiview.com *.thebrighttag.com *.narrative.io *.scorecardresearch.com *.vimeocdn.com *.advertising.com *.sitescout.com *.g.doubleclick.net ml314.com *.rd.linksynergy.com; connect-src 'self' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.yoast.com *.medpace.com *.sharethis.com *.akamaized.net; frame-src 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.sharethis.com *.global.ssl.fastly.net *.pardot.com *.adobedtm.com *.sharethis.mgr.consensu.org *.bidswitch.com *.pubmatic.com *.analytics.yahoo.com *.adsrvr.org *.narrative.io *.pixel.ad *.scorecardresearch.com *.cloudfront.net *.akamaized.net *.advertising.com *.sitescout.com *.vimeo.com *.thebrighttag.com *.exelator.com *.mookie1.com; frame-ancestors 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.sharethis.com *.global.ssl.fastly.net *.pardot.com *.adobedtm.com *.sharethis.mgr.consensu.org *.bidswitch.com *.pubmatic.com *.analytics.yahoo.com *.adsrvr.org *.narrative.io *.pixel.ad *.scorecardresearch.com *.cloudfront.net *.akamaized.net *.advertising.com *.sitescout.com *.vimeo.com *.thebrighttag.com *.exelator.com *.mookie1.com; media-src 'self' *.akamaized.net; form-action 'self' *.medpace.com; default-src 'self' *.fls.doubleclick.net *.sharethis.mgr.consensu.org *.adsrvr.org *.sitescout.com *.g.doubleclick.net *.bidswitch.com *.pubmatic.com *.analytics.yahoo.com *.narrative.io *.pixel.ad *.scorecardresearch.com *.advertising.com *.thebrighttag.com *.exelator.com *.mookie1.com; upgrade-insecure-requests; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
frame-ancestors 'self' *.ecoproductsstore.com; frame-src 'self' find.storesnear.me *.ecoproducts.com squadblog.ecoproducts.com brandfolder.com *.brandfolder.com https://brandfolder.com https://*.brandfolder.com *.amazonaws.com ads.p.veruta.com t.p.mybuys.com s7.addthis.com https://www.youtube.com/ *.vimeo.com http://blog.ecoproducts.com/ http://squadblog.ecoproducts.com/ *.ecoproductsstore.com 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.valiant.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.valiant.ch https://tagmanager.google.com https://io.fusedeck.net https://www.google.com https://www.google.ch https://www.google.fr https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com  https://valiant.reader.epaper.guru; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://io.fusedeck.net https://ssl.gstatic.com https://www.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.google.ch https://www.google.fr https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.linkedin.com data: blob:; frame-src 'self' https://*.valiant.ch https://valiant.mxm.ch https://valiant.reader.epaper.guru https://evoja-etools.sinso.ch https://app.newsroom.co https://jobs.valiant.ch https://bid.g.doubleclick.net https://www.youtube.com https://5472548.fls.doubleclick.net https://10785982.fls.doubleclick.net https://www.kununu.com https://www.agentselly.ch https://www.facebook.com; connect-src 'self' https://*.valiant.ch wss://io.fusedeck.net https://webservice.cybwell.ch https://bid.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.google.com https://www.facebook.com; base-uri 'self'; object-src 'self'; media-src 'self' data:; frame-ancestors 'self' https://*.valiant.ch; child-src 'none'; worker-src 'self'; manifest-src 'self'; prefetch-src 'self'; plugin-types application/pdf; form-action 'self'; navigate-to 'self'; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; media-src 'self' data: blob: https://*.kc-usercontent.com https://*.kontent.ai https://web-blog.wf.mk https://blog.webfactory.mk; img-src 'self' data: blob: https://*.kc-usercontent.com https://web-blog.wf.mk https://blog.webfactory.mk https://*.kontent.ai https://*.calendly.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.medium.com https://secure.gravatar.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'self'; frame-src 'self' https://calendly.com https://*.calendly.com https://youtube.com https://*.youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.embedly.com/; connect-src 'self' blob: data: https://sentry.io https://*.kenticocloud.com https://*.kontent.ai https://www.google-analytics.com https://www.googletagmanager.com https://calendly.com https://*.kc-usercontent.com https://*.calendly.com https://stats.g.doubleclick.net https://preview-deliver.kontent.ai https://web-blog.wf.mk https://blog.webfactory.mk https://*.hotjar.com https://*.hotjar.io; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://cdn.polyfill.io/v2/polyfill.min.js https://calendly.com https://*.calendly.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://calendly.com https://*.calendly.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; report-uri /report-violation 1
frame-ancestors 'self' spoxy3.insipio.com 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com *.google-analytics.com vimeo.com; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://*.salemove.com wss://*.salemove.eu https://*.salemove.eu wss://*.glia.eu https://*.glia.eu https://*.twilio.com wss://*.twilio.com https://stats.g.doubleclick.net https://*.certua.io https://sentry.io; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://identity.mypfp.co.uk *.intelliflo.com https://player.vimeo.com https://*.docusign.com *.docusign.net *.yodlee.com https://www.google.com/recaptcha/; img-src 'self' *.amazonaws.com data: *.intelliflo.com https://mypfp.co.uk https://*.salemove.eu https://*.glia.eu https://libs.salemove.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://maps.gstatic.com https://*.googleapis.com https://www.blog.invesco.us.com https://www.invesco.co.uk https://digital.invesco.com https://cdn.certua.io; media-src 'self' https://libs.salemove.com https://*.salemove.eu https://*.glia.eu; script-src 'self' 'unsafe-inline' *.intelliflo.com https://*.salemove.com https://*.salemove.eu https://*.glia.eu https://libs.salemove.com *.google-analytics.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' *.amazonaws.com https://*.salemove.com https://*.salemove.eu https://*.glia.eu https://fonts.googleapis.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src 'self'  http: https: fayat.lan fayat.com data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: https: fayat.com fayat.lan google-analytics.com googlegoogletagmanager.com googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com  gateway.zscloud.net fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; img-src 'self' data: https: *.fayat.com *.gstatic.com *.googleapis.com *.w3.org 'unsafe-eval' 'unsafe-hashes'; font-src fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com fayat.com fayat.lan; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de; script-src 'strict-dynamic' 'nonce-e62c27ce7b5845c12223342d61a96eb1' 'nonce-c58162a989c9c18f40dddce4dab981f8' 'nonce-26825a57c5331934c56a36cdcef9611c' 'nonce-d47385127db9faa88b41e527071a3630' 'nonce-cbe00f37a3b44d0603309b7fb222e7eb' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e62c27ce7b5845c12223342d61a96eb1' 'nonce-c58162a989c9c18f40dddce4dab981f8' 'nonce-26825a57c5331934c56a36cdcef9611c' 'nonce-d47385127db9faa88b41e527071a3630' 'nonce-cbe00f37a3b44d0603309b7fb222e7eb' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de; script-src 'strict-dynamic' 'nonce-f4e03492379539bd1f8ce92438a0fbce' 'nonce-d442e09b6e98316062251dce76725204' 'nonce-697a46c4e309b3f319b9998913b8761f' 'nonce-ce2449d96297d0200eb237353e2e3566' 'nonce-f2087731d6bd438bec1ec9ef2db14f54' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-f4e03492379539bd1f8ce92438a0fbce' 'nonce-d442e09b6e98316062251dce76725204' 'nonce-697a46c4e309b3f319b9998913b8761f' 'nonce-ce2449d96297d0200eb237353e2e3566' 'nonce-f2087731d6bd438bec1ec9ef2db14f54' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sdcl.bibliocms.com *.sdcl.bibliocms.com https://www.sdcl.org www.sdcl.org *.www.sdcl.org; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: http://www.cockovnik.cz http://www.vasecocky.cz http://www.lentiamo.cz; frame-ancestors * 1
frame-ancestors 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com; frame-src 'self' http://*.amg.com https://*.amg.com http://*.cochand.com https://*.cochand.com http://*.google.com https://*.google.com http://*.youtube.com https://*.youtube.com; 1
img-src blob: * android-webview-video-poster: data:; font-src * data:; child-src tel: blob: *; default-src beta.idisign.ch *.cashgate.ch 'unsafe-eval' *.gstatic.com www.newhome.ch www.wuestpartner.com 'self' data: *.googleapis.com start.unblu.com wss://*.unblu.com dis.swisscom.ch *.sgkb.ch *.unblu.com 'unsafe-inline' recruitingapp-1154.umantis.com test.idisign.ch 1
default-src 'self'; block-all-mixed-content; connect-src 'self' syndication.twitter.com www.google-analytics.com assets.pinterest.com; font-src 'self' cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src *; img-src 'self' s3-eu-west-1.amazonaws.com platform.twitter.com www.facebook.com data: web.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.uk www.paypalobjects.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.pinterest.com log.pinterest.com connect.facebook.net platform.twitter.com syndication.twitter.com tfw-current.s3.amazonaws.com www.google.com www.gstatic.com cdnjs.cloudflare.com stevenlevithan.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org	www.youtube.com s.ytimg.com www.vvs.de; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self'; 1
base-uri 'self' *.google.com; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com ict.infinity-tracking.net outsysprod.paragon-group.co.uk response.pure360.com 'self' sitesearch360.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.investis.com *.paragonbank.co.uk *.paragonbankinggroup.co.uk *.sitesearch360.com *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com; script-src gap: 'self' ict.infinity-tracking.net mpsnare.iesnare.com sitesearch360.com snap.licdn.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com *.google.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=0%2f1C%2ff%2bmj1IsRFCyKE4XujnGOw4j9sJ7iLXWKUSJh9QyPKss0Vqq4ZEKuNI9%2ffanKja06FgL8FObENeJ32k1e8Tu1YiCnXadtIpqQDCsrwvFhMbAqEq%2bsLIZSZhOR4O%2fIBbzjiB%2fVsfSXSkvcD8LsLwK9%2fJ%2bHJnP9%2fYs9lNNqvJ1NW%2fcL6bbnQdGfwNMlytmeRlnrpsov88tLjLJ4CE%2b4w%3d%3d; 1
frame-ancestors 'self' https://psr-www.bayard-jeunesse.com https://www.bayard-jeunesse.com; 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-8IFKZDhhpiTISN+5Zjckj2GGkOsGkKUUowOE0neCY7c=' 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src 'self' data: *; 1
frame-ancestors 'self' *.tracegains.net tracegains.net;base-uri 'self';object-src 'none';media-src 'self';worker-src 'none'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' data:; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1
https://client.libertydentalplan.com; https://libertydentalplan.com 1
frame-src http://webvisor.com 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src 'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.neti *.a1.group live.virtual-events.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1
default-src 'self' blob: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com *.cloudflareinsights.com; style-src 'self' data: 'unsafe-inline' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com; font-src https: data: about:; img-src data: https: 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com jeffco.bibliocms.com *.jeffco.bibliocms.com https://jeffcolibrary.org jeffcolibrary.org *.jeffcolibrary.org; 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.ampproject.org counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleusercontent.com *.mzstatic.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.de mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
base-uri 'none'; default-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io 'nonce-803dd924d08d4a46a59ee88b2d4718ff48d854c3ccba' 'nonce-7766a68a25f8783fa653b4d5740422961d6eb49d8fa7' 'nonce-2a43b39c3201d7702cae0221c3034494886858ae9f4d' 'nonce-bf1f177bf46d91954e13376453c49233df7fb3dfcf14' 'nonce-0f63416c76be9641b1e12a126f78da7f594609c87eaa'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://track.hubspot.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com; connect-src 'self' https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; object-src 'none'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com banman.providermagazine.com host1.easypolls.net ajax.googleapis.com script.crazyegg.com cdn.calculatestuff.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com www.googletagmanager.com banman.providermagazine.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net widgets.calculatestuff.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com analytics.tiktok.com 1
default-src self; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors self; child-src *; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info sc-static.net *.konzertmeister.app 'unsafe-inline' 'unsafe-eval' data: 1
upgrade-insecure-requests, frame-ancestors 'self' nasa.sharepoint.com *.ariba.com *.sciquest.com *.jaggaer.com *.punchout2go.com *.google.com *.apple.com *.colamco.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https://*.wistia.com https://*.wistia.net weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; frame-src *.weightmans.com *.vimeo.com *.hotjar.com *.google.com static.addtoany.com cdn.yoshki.com fast.wistia.com fast.wistia.net cloud.highcharts.com app.everviz.com *.youtube.com *.youtube-nocookie.com *.libsyn.com *.soundcloud.com chatbot.wearegabba.com *.addthis.com *.googletagmanager.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.hotjar.io www.googletagmanager.com www.google-analytics.com maps.googleapis.com ajax.googleapis.com *.google.com instant.page *.wistia.com *.wistia.net https://src.litix.io static.addtoany.com assets.juicer.io cookiehub.net *.cookiehub.com stats.g.doubleclick.net *.gstatic.com *.cloudflare.com *.apester.com app.everviz.com cdn.ampproject.org chatbot.wearegabba.com clarity.microsoft.com clarity.ms plausible.io cdn.yoshki.com www.clarity.ms *.addthis.com *.moatads.com *.cdnjs.cloudflare.com/ajax/libs/hammer.js/ cdn.jsdelivr.net/npm/handlebars@4.7.6/dist/ weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; connect-src 'self' 'unsafe-inline' cookiehub.net analytics.nyltx.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io fg8vvsvnieiv3ej16jby.litix.io www.juicer.io *.hotjar.com wss://*.hotjar.com *.hotjar.io analytics.google.com www.google-analytics.com *.doubleclick.net *.apester.com plausible.io www.clarity.ms; style-src 'self' 'unsafe-inline' blob: cookiehub.net *.cookiehub.com fonts.googleapis.com assets.juicer.io *.cloudflare.com https://fast.wistia.com botsify.com weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; font-src 'self' data: 'unsafe-inline' fonts.gstatic.com static.juicer.io https://*.wistia.com weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; img-src 'self' data: assets.juicer.io img.juicer.io *.wistia.com *.wistia.net embedwistia-a.akamaihd.net pbs.twimg.com maps.gstatic.com maps.googleapis.com www.google-analytics.com uniform.azureedge.net *.doubleclick.net 'unsafe-inline' *.google.com *.google.co.uk *.cdninstagram.com *.instagram.com *.fbcdn.net *.apester.com cdn.yoshki.com botsify-production.s3.us-west-2.amazonaws.com *.clarity.ms c.bing.com weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-src https://www.youtube.com/ https://publish.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com; img-src 'self' data: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com; script-src 'self' https://www.youtube.com/ https://*.ytimg.com/ https://browser.sentry-cdn.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://ssl.google-analytics.com https://www.google-analytics.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://script.hotjar.com https://static.hotjar.com https://script.hotjar.com https://enquete.agconsult.com 'nonce-5Ol9amdj1NMJ74prI14MlQ=='; style-src 'self' https://fonts.googleapis.com https://survey.alchemer.com 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' eventmobi.com experience.eventmobi.com *.eventmobi.com * 1
default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com avero.speed-trap.nl googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com celebrus.avero.nl static.hotjar.com script.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net collectie.avero.nl *.onmarc.nl js.hs-banner.com collectie.averoachmea.nl https://www.googletagmanager.com https://surfly.com d6tizftlrpuof.cloudfront.net js.usemessages.com https://js.hscollectedforms.net *.collectie.centraalbeheer.nl;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net avero.speed-trap.nl *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com track.hubspot.com forms.hubspot.com celebrus.avero.nl *.onmarc.nl d6tizftlrpuof.cloudfront.net https://googleads.g.doubleclick.net *.ads.linkedin.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.hubapi.com api.hubspot.com forms.hubspot.com vc.hotjar.io cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net *.onmarc.nl *.ave01.pre.connectis.io https://www.google-analytics.com https://surfly.com https://sentry.io *.hsforms.com *.averoachmea.nl *.collectie.centraalbeheer.nl;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com d6tizftlrpuof.cloudfront.net *.surfly.com surfly.com app.hubspot.com forms.hsforms.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl *.hsforms.com;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com smcl.bibliocms.com *.smcl.bibliocms.com https://smcl.org smcl.org *.smcl.org; 1
frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inphota.com kit.fontawesome.com www.googletagmanager.com consent-manager.metomic.io consent-manager.confirmic.com platform.twitter.com syndication.twitter.com static.ads-twitter.com cdn.syndication.twimg.com analytics.twitter.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com www.googleadservices.com www.google.com www.google.ae https://www.gstatic.com/recaptcha/ connect.facebook.net aff.bstatic.com *.algolianet.com *.algolia.net ; report-uri https://gulfmultisport.inphota.com/en/security/csp-report; style-src 'self' 'unsafe-inline' *.inphota.com fonts.googleapis.com kit.fontawesome.com ka-f.fontawesome.com kit-free.fontawesome.com cdnjs.cloudflare.com translate.googleapis.com fast.fonts.net ; img-src data: blob: *; font-src fonts.gstatic.com ka-f.fontawesome.com kit-free.fontawesome.com fast.fonts.net; connect-src wss: *.inphota.com kit.fontawesome.com ka-f.fontawesome.com www.google-analytics.com stats.g.doubleclick.net api.rollbar.com *.inphota.com *.facebook.com *.algolia.net *.algolianet.com apipub.metomic.io apipub.confirmic.com cdn.plot.ly translate.googleapis.com t.co ; frame-src *.inphota.com www.facebook.com www.booking.com https://www.google.com/recaptcha/ www.youtube.com veloviewer.com translate.google.com www.googletagmanager.com ; frame-ancestors 'self' *.inphota.com adsc.ae www.adsc.ae therakhalfmarathon.com www.therakhalfmarathon.com cyclechallenge.ae www.cyclechallenge.ae 1
default-src 'self' www.youtube-nocookie.com youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' www.vrk.nl static.mailplus.nl ssl.siteimprove.com cdn.siteimprove.net 'unsafe-eval' code.jquery.com svc.webspellchecker.net siteimproveanalytics.com youtu.be www.youtube-nocookie.com youtu.be connect.facebook.net m19.mailplus.nl data1.saliche.com translate.google.com s3-us-west-2.amazonaws.com wowww.nl siteimproveanalytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net static.mailplus.nl svc.webspellchecker.net translate.googleapis.com; img-src * data:; font-src 'self' fonts.gstatic.com svc.webspellchecker.net static3.avast.com cdn.faceworks.nl data:; connect-src 'self' my2.siteimprove.com svc.webspellchecker.net id.siteimprove.com static.mailplus.nl; report-uri /report-csp-violation 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com librarypoint.bibliocms.com *.librarypoint.bibliocms.com https://www.librarypoint.org www.librarypoint.org *.www.librarypoint.org; 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net https://support.gale.com* https://www.google-analytics.com/analytics.js *www.google-analytics.com* https://translate.googleapis.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; object-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://ecard.quipugroup.net  *.fonts.googleapis.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *www.aacpl.net/* *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.yourcloudlibrary.com https://support.gale.com* https://aacplnet-my.sharepoint.com* https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.microsoft.com https://support.gale.com* https://aacplnet-my.sharepoint.com* https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://aacplnet-my.sharepoint.com* https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.fwicloud.com; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com halifax.bibliocms.com *.halifax.bibliocms.com https://www.halifaxpubliclibraries.ca www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca; 1
default-src 'self' *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com; frame-src 'self' *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' *.neighbourly.com nbrlyprod.streaming.mediaservices.windows.net *.mapbox.com *.google-analytics.com;media-src blob: nbrlyprodmedia.blob.core.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' data: *.mapbox.com nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' *.neighbourly.com 'unsafe-eval' *.googleapis.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com *.mapbox.com *.stripe.com; style-src 'self' *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=yTPDecexIz4gX5udAk8ba/1f0uk7og3BmKYMQWm6SWjz8xnZY/rAoA== 1
default-src 'self'; img-src 'self' ; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.6connex.com; script-src 'self' code.jquery.com kit.fontawesome.com https://www.google.com https://www.googletagmanager.com http://clicky.com *.getclicky.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdn.datatables.net https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval' 1
base-uri ; default-src https: 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.facebook.net *.cloudflare.com *.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://www.googleadservices.com *.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.typography.com *.yolt.com; img-src 'self' data: https://www.google-analytics.com *.doubleclick.net https://www.google.com *.thisisdax.com; connect-src 'self' data: *.optimizely.com *.salesforce.com https://www.google-analytics.com https://www.googletagmanager.com *.doubleclick.net *.google.com *.facebook.com; font-src 'self' data: ;; object-src 'none'; form-action 'self'; frame-ancestors data: https://www.googletagmanager.com https://www.google.com; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com stats.g.doubleclick.net geoid.investisdigital.com https://cookiemanager.investisdigital.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com brightcove.hs.llnwd.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://form.jotformeu.com https://cdn.jotfor.ms https://js.jotform.com https://widgets.jotform.io https://browser.sentry-cdn.com https://events.jotform.com https://static.dvinci-easy.com https://api.heycamp.de https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/de/local.js https://code.jquery.com;; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jotfor.ms http://www.al-ko.com https://widgets.jotform.io https://static.dvinci-easy.com;; img-src 'self' www.google-analytics.com https://www.facebook.com https://www.google.com https://cdn.jotfor.ms https://stats.g.doubleclick.net https://events.jotform.com https://www.heycamp.de https://cdn.cookielaw.org https://i3.ytimg.com https://www.google.ro  https://www.google.de  https://www.google.com;; media-src 'self'; frame-src 'self' https://www.google.com https://www.store-connector.com https://submit.jotformeu.com/ https://www.youtube.com/;; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com netdna.bootstrapcdn.com;; connect-src 'self' https://www.google-analytics.com *.onetrust.com https://cdn.cookielaw.org https://static.dvinci-easy.com https://alko-tech.dvinci-easy.com https://www.heycamp.de https://stats.g.doubleclick.net;; report-uri /en/report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1
base-uri 'self'; form-action 'self'; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; img-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.mucf.se; media-src 'none'; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com; font-src 'self'; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' https://checkbrowser.hin.ch  https://go.online-ident.ch  http://tag.myaspectra.ch  https://verify.certifaction.com ; script-src https://www.islonline.net  http://tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com  'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.youtube.com  https://verify.certifaction.com ; font-src 'self' https://fonts.gstatic.com ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com ; img-src 'self' http://tag.myaspectra.ch http://0.gravatar.com data:  1
default-src https:;media-src 'self' www.wellsfargomedia.com www.wellsfargo.com;font-src 'self' data: stm-connect.secure.evetest.wellsfargo.com:23621;frame-src 'self' ciaanalytics.wellsfargo.com connect.secure.wellsfargo.com www.bing.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com;style-src 'unsafe-inline' 'self' wca.sec.wellsfargo.com www.bing.com www.wellsfargo.com ceomedia.wf.com;base-uri 'self';report-uri /reporting/csp;frame-ancestors 'none';script-src 'self' 'nonce-3fd1744b059a702c'  unsafe-inline  unsafe-eval www.wellsfargo.com www.bing.com dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com ceomedia.wf.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com six.cdn-net.com wcafs.wellsfargo.com;connect-src 'self' www.bing.com t0.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com wca.wellsfargo.com wcafs.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;img-src 'self' stats.g.doubleclick.net data: blob: t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.adobe.com www.wellsfargo.com www.google-analytics.com ssl.google-analytics.com ceomedia.wf.com www.bing.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;object-src 'self' wifp.wellsfargo.com wifp.ceo.wellsfargo.com; 1
frame-ancestors 'self' https://*.hapara.com/ 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com arapahoe.bibliocms.com *.arapahoe.bibliocms.com https://arapahoelibraries.org arapahoelibraries.org *.arapahoelibraries.org; 1
script-src 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
default-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src  'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self'  https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
script-src 'self'; 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
default-src 'self' https://api.rss2json.com/ https://d.adroll.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://maps.gstatic.com/ https://www.yellowmap.de/ https://www.google.com/  https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://knappschaft.zentrale-pruefstelle-praevention.de/ https://knappschaft.md-medicus.de/ https://bkk-vorteilsrechner.de/ https://rgb.crm.de/knappschaft-bahn-see/ https://www.sachsen-fernsehen.de/ https://api.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://app.usercentrics.eu/ https://graphql.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/ https://*.readspeaker.com/; font-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com  https://fonts.gstatic.com/ data:; style-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com/; script-src 'self' 'unsafe-eval' https://cdn1.readspeaker.com/ https://s.adroll.com/ https://d.adroll.com/ https://connect.facebook.net/ https://track.adform.net/  https://s2.adform.net/ https://www.google-analytics.com/ https://amplify.outbrain.com/ https://d.adroll.mgr.consensu.org/  https://googleads.g.doubleclick.net/   https://www.google.com/ https://www.google.de/ https://api.ipify.org/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.yellowmap.de/ https://www.googleadservices.com/ https://consent.cookiebot.com https://www.youtube.com/ https://googleads.g.doubleclick.net  https://d.adroll.mgr.consensu.org https://tr.outbrain.com/ https://privacy-proxy.usercentrics.eu https://app.usercentrics.eu/;img-src 'self' data: https://blog.knappschaft.de https://www.facebook.com https://www.google-analytics.com  https://googleads.g.doubleclick.net/ https://tr.outbrain.com/ https://www.yellowmap.de https://app.usercentrics.eu/ https://img.usercentrics.eu/; 1
img-src 'self' ws.gosign.lt ssl.google-analytics.com; media-src 'none'; reflected-xss block; 1
child-src 'self' *.youtube.com *.vimeo.com europa.eu *.europa.eu *.facebook.com *.youtube-nocookie.com youtube.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com https://forms-edcc.conectys.com; frame-src 'self' *.youtube.com *.vimeo.com europa.eu *.europa.eu *.facebook.com *.youtube-nocookie.com youtube.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com https://forms-edcc.conectys.com; 1
default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: https://players.brightcove.net https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: https://a.idio.co/ https://i.idio.co; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ https://s.idio.co/ia.js https://js.idio.co/1473.js https://s.idio.co/ip.js https://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/; style-src * 'unsafe-inline'; frame-ancestors 'self' http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/; 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com; 1
default-src 'none';connect-src 'self';font-src 'self';frame-src https://www.google.com/recaptcha/;img-src 'self' https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://*.g.doubleclick.net;object-src 'self';script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/;style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src fintactix.com code.highcharts.com; report-uri /report-csp-violation 1
default-src https: https://*.gstatic.com https://tagmanager.google.com https://*.hotjar.com; frame-src https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://*.gstatic.com https://cdn.curator.io/; font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://www.gstatic.com https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js; connect-src 'self' https://api.compassion.com.au https://api.quickstream.westpac.com.au https://compassionau.force.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.doubleclick.net/ https://api.curator.io/; img-src 'self' data: http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://*.gstatic.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ 1
frame-ancestors 'self' https://www.kayak.fr 1
frame-ancestors https://*.cpcworldwide.com 1
upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1
default-src 'self' 'unsafe-inline' blod: data: * 1
img-src *; default-src 'self' https://ukwest-0.in.applicationinsights.azure.com//v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net www.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com staticcontents.investisdigital.com ipapi.connectid.cloud otp.tools.investis.com https://sc.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com w.soundcloud.com player.vimeo.com atsginc.wufoo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net  ipapi.connectid.cloud https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; report-uri /report-csp-violation 1
frame-ancestors www.bps.ac.uk 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safebrowsing.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com consent-cdn.swmh.de; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com consent-cdn.swmh.de; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.es *.stripe.com accounts.google.com tinyletter.com; 1
default-src 'none'; script-src 'self' https://static.uppercap.com/ https://www.google-analytics.com/; object-src 'self' https://static.uppercap.com/; style-src 'self' 'unsafe-inline' https://static.uppercap.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/; img-src 'self' data: https://static.uppercap.com/ https://s3.eu-central-1.amazonaws.com/uppercap-medias/ https://www.google-analytics.com/ www.googletagmanager.com ; media-src 'self' https://static.uppercap.com/; frame-src 'self'; font-src 'self' data: https://static.uppercap.com/ https://fonts.gstatic.com; connect-src 'self' wss://worker.uppercap.com/ https://worker.uppercap.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://webpay3gint.transbank.cl/ 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com staticcontents.investisdigital.com ipapi.connectid.cloud *.google-analytics.com *.doubleclick.net judxu4avx2.execute-api.eu-west-1.amazonaws.com 3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rawgit.com sc.lfeeder.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com staticcontents.investisdigital.com ipapi.connectid.cloud  www.youtube.com youtube.com s.ytimg.com unpkg.com use.typekit.net p.typekit.net tagmanager.google.com www.google.com maps.googleapis.com maps.google.com;; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net use.typekit.net p.typekit.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net www.google.com otp.tools.investis.com vimeo.com player.vimeo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net tagmanager.google.com; report-uri /report-csp-violation 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de; script-src 'strict-dynamic' 'nonce-c22bb4e07d73ece1d026c821c165395b' 'nonce-36bb77a3da9a0e1e525d8fbcf7ab56fc' 'nonce-2830661915586d5e367d92cf694b9489' 'nonce-c7aba118f017433594ba5cba080e259d' 'nonce-cad185159de8c130dbb024d0273a627d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-c22bb4e07d73ece1d026c821c165395b' 'nonce-36bb77a3da9a0e1e525d8fbcf7ab56fc' 'nonce-2830661915586d5e367d92cf694b9489' 'nonce-c7aba118f017433594ba5cba080e259d' 'nonce-cad185159de8c130dbb024d0273a627d' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' http:  https: bott-fs.kittelberger.net *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' www.bosch-thermotechnology.us bosch-thermotechnology.us fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' www.bosch-thermotechnology.us bosch-thermotechnology.us static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://static.codepen.io https://marketing.envylabs.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com; img-src 'self' https://marketing.envylabs.com https://secure.gravatar.com https://*.ads.linkedin.com https://*.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleusercontent.com https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://insight-engine.newfangled.com https://yoast.com; frame-src 'self' https://codepen.io https://www.google.com https://www.youtube.com 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://*.tile.openstreetmap.org https://creator.hosted-pageflow.com 1
allow 'self'; options inline-script; frame-ancestors 'none' 1
frame-ancestors 'none'; object-src 'none'; media-src 'self' data: *.cloudinary.com https://js.intercomcdn.com https://js.driftqa.com js.driftt.com player.vimeo.com vod-progressive.akamaized.net; worker-src 'self' blob:; report-uri https://sentry.io/api/12909/security/?sentry_key=1610ada4146c464fa0d641df9d41ff59&sentry_environment=production&sentry_release=R20210729084509 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sppl.bibliocms.com *.sppl.bibliocms.com https://sppl.org sppl.org *.sppl.org; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
default-src 'self' https://connect.facebook.net https://e.issuu.com; font-src 'self' 'unsafe-inline' data: https://webchat.keyreply.com www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg https://fonts.googleapis.com https://fonts.gstatic.com https://static.juicer.io; connect-src 'self' https://nhg.app.keyreply.com www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg www.juicer.io https://graph.facebook.com www.google-analytics.com https://v1.addthis.com m.addthis.com; frame-src 'self' www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg youtu.be www.youtube.com https://staticxx.facebook.com https://platform.twitter.com www.google.com s7.addthis.com https://e.issuu.com; frame-ancestors 'self'; img-src *; media-src 'self' data: https://images.pexels.com https://e.issuu.com; object-src 'self' www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.polyfill.io/v2/polyfill.min.js https://nhg.app.keyreply.com/webchat/js/app.js www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com www.googletagmanager.com https://connect.facebook.net http://connect.facebook.net https://platform.twitter.com https://v1.addthisedge.com https://v1.addthis.com https://z.moatads.com https://e.issuu.com; style-src 'self' 'unsafe-inline' data: www.ktph.com.sg www.whc.sg www.yishuncommunityhospital.com.sg www.geri.com.sg www.admiraltymedicalcentre.com.sg assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com https://e.issuu.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
default-src 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com; style-src 'self' 'unsafe-inline' *.blackbaudhosting.com *.googleapis.com *.gstatic.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com; frame-src 'self' *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net; object-src 'self'; connect-src 'self' *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net; media-src 'self' *.medtronic.com; form-action 'self' *.facebook.com; frame-ancestors 'self' *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net; upgrade-insecure-requests; 1
default-src 'self'; frame-src 'self' *.twitter.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://cdn.syndication.twimg.com/ *.twitter.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://consent.truste.com *.jquery.com *.bootstrapcdn.com *.navexglobal.com; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
default-src 'self' *.fg.cz *.fraus.cz *.fraus.com;font-src 'self' data: fonts.gstatic.com *.fg.cz *.google.com *.issuu.com;connect-src 'self' *.gstatic.com *.google.com *.googleapis.com www.google-analytics.com *.fg.cz *.yandex.ru *.facebook.com *.seznam.cz *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.licdn.com *.linkedin.com *.cloudflare.com *.facebook.com *.facebook.net *.fg.cz *.fraus.cz *.fraus.com cdn.jsdelivr.net *.doubleclick.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz;form-action 'self' *.facebook.com *.facebook.net *.fg.cz *.google.com *.issuu.com;frame-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;child-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.placeholder.com *.fg.cz *.fraus.cz *.fraus.com *.facebook.com *.facebook.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz;style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com *.google.com *.fg.cz *.fraus.cz *.fraus.com *.issuu.com;object-src 'self' *.fg.cz 1
default-src 'self'; object-src 'self' https://pts.eteleon.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.eteleon.de https://umfrage.eteleon.de https://pts.eteleon.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.eteleon.de https://stats.eteleon.de https://imagepool.eteleon.de https://pts.eteleon.de https://api.trustedshops.com https://trustbadge.api.etrusted.com/shop/X37852C187578EB2357B3937AF0ABF16A/memberservice https://shops-si.trustedshops.com/shops/X37852C187578EB2357B3937AF0ABF16A https://trustbadge-logging.trustedshops.com; script-src 'strict-dynamic' 'nonce-1ec4be2e988f9b46628fc9a7d3163404' 'nonce-8cd8d19fd485eb5b7e5a3933819f2010' 'nonce-a7f7bcf961eeb297c353b8a59d0f35a5' 'nonce-ed614d3c8b72d7eefab1957eab01e0c9' 'nonce-b04f8a752544941778a98a7063538bd3' 'nonce-47d612427d8a78ae50587710b6b1d3aa' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.eteleon.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-1ec4be2e988f9b46628fc9a7d3163404' 'nonce-8cd8d19fd485eb5b7e5a3933819f2010' 'nonce-a7f7bcf961eeb297c353b8a59d0f35a5' 'nonce-ed614d3c8b72d7eefab1957eab01e0c9' 'nonce-b04f8a752544941778a98a7063538bd3' 'nonce-47d612427d8a78ae50587710b6b1d3aa' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info new.polantis.com www.google.com www.google.fr www.gstatic.com https://rawgithub.com/phpepe/highcharts-regression/master/highcharts-regression.js https://rawgit.com/phpepe/highcharts-regression/master/highcharts-regression.js www.googletagmanager.com cdn.jsdelivr.net cdn.mouseflow.com; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com www.google.fr randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.google.fr www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info new.polantis.com maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr analytics.google.com stats.g.doubleclick.net cdn.jsdelivr.net; report-uri /nelmio/csp/report 1
allow *; script-src 'self' http://l2.io https://l2.io http://prosperent.com https://prosperent.com https://*.dhleasyshop.com http://*.dhleasyshop.com https://server.iad.liveperson.net http://server.iad.liveperson.net https://*.facebook.com http://*.facebook.com https://connect.facebook.net http://connect.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://ssl.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://web01.optimix.asia https://web01.optimix.asia http://tracking.sokrati.com https://tracking.sokrati.com http://eulerian.kdpgroupe.com https://eulerian.kdpgroupe.com http://www.googleadservices.com https://www.googleadservices.com http://srv1.wa.marketingsolutions.yahoo.com https://srv1.wa.marketingsolutions.yahoo.com http://*.marinsm.com https://*.marinsm.com http://*.dgmsearchlab.com https://*.dgmsearchlab.com http://*.cedexis.com https://*.cedexis.com http://*.amazonaws.com https://*.amazonaws.com http://*.cedexis-radar.net https://*.cedexis-radar.net d39ze0fcltcujr.cloudfront.net http://*.referralcandy.com https://*.referralcandy.com https://www.paypalobjects.com http://*.youku.com https://*.youku.com https://*.cloudfront.net ; options inline-script eval-script 1
default-src 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1
default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com  cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/; 1
script-src 'self' 'nonce-bQ4PVGFYLx31DeXJZCiscyMI' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com;  1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://static.bggex.pro https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleusercontent.com *.mzstatic.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.com mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://www.youtube-nocookie.com/ 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https: wss: 1
default-src 'self'; connect-src 'self' www.google-analytics.com https://www.google-analytics.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' *.pbwstatic.com www.google-analytics.com https://www.google-analytics.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 1
default-src * https: wss: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-src 'self' https:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 1
frame-ancestors 'self' https://*.salesforce.com 1
frame-ancestors DENY 1
default-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://staticfiles.digitalchargingsolutions.com https://maps.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com; frame-src 'self' https://payment.datatrans.biz/; img-src 'self' https: data: https://cpologo.digitalchargingsolutions.com; style-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://fonts.googleapis.com; font-src 'self'  https://staticfiles.digitalchargingsolutions.com https://fonts.gstatic.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' blob: * https:; connect-src * blob:; 1
frame-ancestors 'self' http://customer--hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.web2016-acc.netivity.nl https://matrabike.WEB2016-ACC.netivity.nl http://www.google.com 1
default-src https:; script-src 'self' 'nonce-c+zTIdtOtC9FIP5WN4VLyVMuMkA61l1D' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; style-src 'self' 'nonce-bjP4XlXvPfzuF+iCtX6yycChGwhuKdmU' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 1
frame-ancestors 'self' mein.kabelplus.at newapp.etracker.com 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1
frame-ancestors 'self' insights.hotjar.com 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'nonce-6AEemGb0xJptoIGFP3Nd' 'nonce-7AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk; connect-src 'self' https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
default-src * 'unsafe-inline' data: ; font-src * 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval' https:  1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua; frame-src 'self' 'unsafe-inline' https://*.doubleclick.net 1
frame-ancestors 'self' www.pro-agent.com www.google.com; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com fulcolibrary.bibliocms.com *.fulcolibrary.bibliocms.com https://www.fulcolibrary.org www.fulcolibrary.org *.www.fulcolibrary.org; 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1
connect-src 'self' https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1
default-src 'self' 'unsafe-inline' ajax.aspnetcdn.com *.vo.msecnd.net *.visualstudio.com *.ppdlweb.ca 1
default-src 'self';object-src 'none';object-src allow-forms allow-same-origin allow-scripts;base-uri 'self';upgrade-insecure-requests;frame-ancestors 'none';script-src 'self' 'unsafe-inline' ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' ajax.aspnetcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com;font-src font-src 'self' ajax.aspnetcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com data:;img-src data: 'self'; 1
default-src 'self'; \
        script-src 'self' https://ssl.google-analytics.com; \
        img-src 'self' https://ssl.google-analytics.com 1
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
script-src 'nonce-C2BMegQJp5NziyzJ+87N0gYPNfM=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self'; font-src 'self' data: 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com https://fonts.gstatic.com *.intercomcdn.com *.googleusercontent.com; img-src 'self' *.gstatic.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.wpengine.com *.discuss.io *.facebook.com data: https://secure.gravatar.com pbs.twimg.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.wistia.com *.wistia.net *.aggregage.com *.ads.linkedin.com *.google.com *.google.ca heapanalytics.com *.mediashower.com *.bing.com *.adsymptotic.com *.6sc.co *.hubspot.com *.hsforms.com *.intercomassets.com *.intercomcdn.com *.bamboohr.com *.akamaihd.net *.stripe.com; script-src 'self' 'unsafe-eval' blob: 'unsafe-inline' data: *.googleoptimize.com *.stripe.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.gstatic.com *.google.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.segment.com *.segment.io *.salesloft.com *.wistia.com *.wistia.net *.googleadservices.com *.hotjar.com *.hs-scripts.com mediashower.com *.mediashower.com *.intercom.io *.aggregage.com *.licdn.com *.heapanalytics.com *.hs-analytics.net *.g.doubleclick.net *.6sc.co *.facebook.net *.bing.com *.hsadspixel.net *.hscollectedforms.net *.hs-banner.com *.intercomcdn.com *.hsforms.net *.hsforms.com *.bamboohr.com; style-src 'self' 'unsafe-inline' *.google.com *.googleoptimize.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com https://fonts.googleapis.com mediashower.com *.bamboohr.com; connect-src 'self' 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com embedwistia-a.akamaihd.net *.google-analytics.com *.g.doubleclick.net *.wistia.com *.wistia.net *.segment.io *.adnxs.com *.hubapi.com *.hubspot.com *.hsforms.com *.intercom.io *.hotjar.com wss://nexus-websocket-a.intercom.io *.salesloft.com *.litix.io *.bing.com *.bamboohr.com hubspot-forms-static-embed.s3.amazonaws.com *.6sc.co *.hotjar.io *.6sense.com api.stripe.com checkout.stripe.com *.facebook.com; frame-src 'self' *.google.com *.stripe.com *.hsforms.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.youtube.com *.hotjar.com *.g.doubleclick.net *.facebook.com *.hubspot.com *.google.com s3.amazonaws.com *.youcanbook.me *.wistia.net; media-src 'self' *.wistia.com *.intercomcdn.com 1mf196320qhvpkhl61356tjl-wpengine.netdna-ssl.com *.netdna-ssl.com *.litix.io *.akamaihd.net blob: data:; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' 'connect-src' *.estout.com data: https://cdn.estout.com https://scripts.sirv.com https://estout.sirv.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com *.nspa.org.uk *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/ *.hotj blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://tinyurl.com *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com marinlibrary.bibliocms.com *.marinlibrary.bibliocms.com https://marinlibrary.org marinlibrary.org *.marinlibrary.org; 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' data: ; img-src 'self' 'unsafe-inline' data: https://app.usercentrics.eu https://daimlerag.d2.sc.omtrdc.net; connect-src 'self' https://graphql.usercentrics.eu 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.google.com https://sentry.io https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
frame-ancestors 'self' https://www.eventbrite.com 1
default-src 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.youtube.com https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl  https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl  https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl  https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl  https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://www.uniqa.pl https://*.www.uniqa.pl  https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://*.uniqa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://*.uniqa.pl data: 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.vectrabank.com https://*.vectrabank.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumome.com https://*.sumo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.vectrabank.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.vectrabank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.vectrabank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.vectrabank.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://vimeo.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.vectrabank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.ins-netz-gehen.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-scripts.com *.addthis.com *.addthisedge.com *.linkedin.com *.pinterest.com *.facebook.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.gstatic.com *.google.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.usemessages.com *.hsleadflows.net *.googleadservices.com *.sumome.com *.doubleclick.net *.facebook.net *.b-cdn.net *.youtube.com *.ytimg.com *.kxcdn.com *.hubspot.com *.hsforms.net *.hsadspixel.net js.hs-banner.com *.hs-banner.com *.sumo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.kxcdn.com *.b-cdn.net *.google.com; img-src 'self' *.hubspot.com *.acquia-sites.com data: *.ckeditor.com *.webspellchecker.net sumo.com *.sumo.com *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hubspot.net *.ytimg.com *.gstatic.com *.googleapis.com *.facebook.com *.google.co.za *.google.it *.google.co.uk *.google.co.id *.google.de *.google.pl *.google.fr *.google.ru *.google.cn *.google.es *.google.com.br *.google.co.nz *.google.com.pr *.google.hr *.google.com.pa *.google.at *.google.ca *.google.gr *.google.com.au *.google.com.hk *.google.com.ph *.google.com.tr *.google.fi *.google.co.jp *.google.com.kh *.google.com.my *.google.co.ke *.google.se *.google.co.il *.google.com.sg *.google.co.th *.google.co.in *.google.ae *.google.co.kr *.google.lk *.googletagmanager.com *.google.com.do *.google.bg *.google.rs *.google.hu *.google.pt *.google.ro *.google.com.co *.google.ch *.google.com.mx *.google.lv *.google.com.vn *.google.no *.nautique.tv micro-cdn.sumo.com; frame-src 'self' *.google.com *.addthis.com *.youtube.com *.vrcloud.co vrcloud.co *.vrcloud.com vrcloud.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.facebook.net *.hubspot.com *.nautique.tv; font-src 'self' *.gstatic.com *.addthis.com; connect-src 'self' *.addthis.com *.webspellchecker.net sumo.com *.sumo.com *.hubspot.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.hubapi.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com  https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.servmetric.com *.govmetric.com; report-uri /report-csp-violation 1
default-src 'self' localhost maps.googleapis.com themes.googleusercontent.com fonts.gstatic.com googleads.g.doubleclick.net ads.optad360.com http://ads.optad360.com csync.smartadserver.com secure-assets.rubiconproject.com ec-ns.sascdn.com track.adform.net api.deep.bi ls.hit.gemius.pl securepubads.g.doubleclick.net *.safeframe.googlesyndication.com safeframe.googlesyndication.com googlesyndication.com *.googlesyndication.com *.gstatic.com *.cloudflare.com; block-all-mixed-content; frame-src googlesyndication.com *.googlesyndication.com pagead2.googlesyndication.com *.hit.gemius.pl *.gemius.pl *.rubiconproject.com *.smartadserver.com *.sascdn.com googleads.g.doubleclick.net; img-src 'self' data: blob: google-analytics.com www.google-analytics.com fonts.googleapis.com maps.google.com *.gstatic.com maps.googleapis.com adx.adform.net www3.smartadserver.com creatives.sascdn.com ad.doubleclick.net pixel.adsafeprotected.com x.bidswitch.net cm.g.doubleclick.net d5p.de17a.com sync.clickonometrics.pl ib.adnxs.com ma.wp.pl cm.adgrx.com cm.adform.net c1.adform.net server.seadform.net sync-eu.exe.bid track.adform.net sync.bumlam.com s1.adform.net pre.glotgrx.com dt.adsafeprotected.com pro.hit.gemius.pl gremimedia.pl cdn.uwazamrze.pl stats.g.doubleclick.net ced-ns.sascdn.com www.google.com www.google.pl *.google.com *.google.pl googlesyndication.com *.googlesyndication.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.historia.uwazamrze.pl fonts.googleapis.com *.gstatic.com maps.google.com maps.googleapis.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com ced.sascdn.com ced-ns.sascdn.com s1.adform.net adx.adform.net pagead2.googlesyndication.com adservice.google.com googleads.g.doubleclick.net www3.smartadserver.com adservice.google.pl pixel.yabidos.com pixel.adsafeprotected.com track.adform.net static.adsafeprotected.com code.createjs.com radar.cedexis.com cdn.rp.pl cdn.uwazamrze.pl www.youtube.com s.ytimg.com api.deep.bi sync.smartadserver.com gapl.hit.gemius.pl securepubads.g.doubleclick.net googletagservices.com *.googletagservices.com googlesyndication.com *.googlesyndication.com ampproject.org *.ampproject.org *.2mdn.net *.evidon.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com blob: cdn.rp.pl cdn.uwazamrze.pl 1
default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; script-src 'self' data: maps.googleapis.com maps.google.com https://ssl.google-analytics.com https://www.paypalobjects.com https://www.paypal.com/tagmanager/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: maps.googleapis.com maps.google.com *.gstatic.com *.gravatar.com *.ytimg.com *.paypal.com www.paypalobjects.com www.steelforlife.org www.steelconstruction.org https://ssl.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.paypal.com/webapps/hermes/api/logger https://www.paypal.com/xoplatform/logger/api/logger; frame-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; child-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; 1
font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src 'self'; img-src 'self' analytics.meine-krankenkasse.de vbu.gesundheitsformulare.de s.ytimg.com f.vimeocdn.com app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com www.facebook.com www.google.com www.google.de app.usercentrics.eu data:; font-src 'self' vbu.gesundheitsformulare.de data:; style-src 'self' 'unsafe-inline' vbu.gesundheitsformulare.de s.ytimg.com f.vimeocdn.com analytics.meine-krankenkasse.de; script-src 'self' 'unsafe-inline' tagmanager.google.com *.criteo.com *.criteo.net *.adform.net *.google-analytics.com www.googletagmanager.com analytics.meine-krankenkasse.de vbu.gesundheitsformulare.de s.ytimg.com f.vimeocdn.comi forms.meine-krankenkasse.de analytics.meine-krankenkasse.de connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com secure.adnxs.com www.googleadservices.com app.usercentrics.eu; child-src 'self' app.meine-krankenkasse.de dev-app.meine-krankenkasse.de forms.meine-krankenkasse.de tagmanager.google.com *.criteo.com *.criteo.net *.adform.net *.google-analytics.com www.googletagmanager.com vbu.gesundheitsformulare.de www.youtube-nocookie.com player.vimeo.com analytics.meine-krankenkasse.de 360.nexpics.com *.meine-gesundheitsplattform.de bkk-vbu.limequery.org *.weisse-liste.de pixel.mathtag.com www.facebook.com; frame-ancestors 'self' analytics.meine-krankenkasse.de; connect-src 'self' digitus-bkkvbu.apps.cloud.itsc.de api.usercentrics.eu aggregator.service.usercentrics.eu graphql.usercentrics.eu www.facebook.com; 1
default-src 'self' *.intelliflo.com and *.test.intelliflo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intelligent-office.net *.intelliflo.com *.test.intelliflo.com cdn.walkme.com  ec.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net papi.walkme.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.walkme.com *.amazonaws.com data: *.intelliflo.com; media-src 'self'; frame-src https:; font-src 'self' data:; connect-src 'self' *.intelliflo.com and *.test.intelliflo.com and *.amazonaws.com and wss://*.intelliflo.com and ec.walkme.com and cdn.walkme.com; 1
default-src  'self' data:;font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' *.google.com *.googleapis.com www.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com www.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.doubleclick.net *.leady.com;form-action  'self' *.facebook.com *.facebook.net;frame-src  'self' blob: www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com;worker-src  'self' blob: www.youtube.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz;object-src  'self' 1
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com *.googletagmanager.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
default-src 'self' https: *.junkers.es; media-src 'self' https: mycliplister.com; font-src 'self' *.junkers.es; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.junkers.es; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com; 1
child-src 'self' youtube.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com sdk.companywebcast.com livestream.com ec.livecasts.eu *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com https://forms-edcc.conectys.com; frame-src 'self' youtube.com *.youtube-nocookie.com *.youtube.com *.vimeo.com *.dailymotion.com sdk.companywebcast.com livestream.com ec.livecasts.eu *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com https://forms-edcc.conectys.com; 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'nonce-TldRNU9HVmlOR1JtWXpWaFltVTA=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-WlRoak5EZGpabVF4WVdOaU5qSTM=' *.readspeaker.com 'nonce-WlROak9XWm1aV1JoTmpFd01UWTA=' *.timeblockr.com; object-src 'self'; style-src 'self' *.readspeaker.com *.timeblockr.com 'nonce-T1RrMk5UTXpZelU1Tm1abE5XTTU='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.nets.eu http://*.nets.eu *.nets.eu https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google.com http://*.google.com *.google.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
frame-ancestors 'self' https://*.loop21.net 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.doubleclick.net *.google-analytics.com *.google.com *.mouseflow.com;img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.google.com *.google.nl www.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.google.com https://maps.gstatic.com https://maps.googleapis.com *.mouseflow.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://developers.google.com https://maps.googleapis.com https://embed.webinargeek.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.typekit.net;font-src https://fonts.gstatic.com data: *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl;frame-src https://www.youtube.com https://bid.g.doubleclick.net https://app.webinargeek.com *.mouseflow.com 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' blob: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-fINtf4ZdDhbPMdSB7qqtFvAmy8XddurB' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
form-action *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.iwis-daido.com *.kindergarten-kinderkette.de; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.expo-ip.com *.iwis-daido.com https://*.crisp.chat wss://*.crisp.chat data: 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' doo.net *.doo.net *.db-app.de *.swmh.de www.youtube.com *.ytimg.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.stry.tl *.podigee.com *.licdn.com *.linkedin.com consent-cdn.sv-veranstaltungen.de; object-src 'self'; style-src 'self' 'unsafe-inline' *.doo.net *.db-app.de www.google.com *.stry.tl *.podigee.com; img-src 'self' data: *.doo.net *.db-app.de www.youtube.com *.ytimg.com www.google.com www.google.de www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com *.stry.tl *.podigee.com *.linkedin.com *.vimeo.com *.vimeocdn.com; media-src 'self' www.youtube.com; frame-src 'self' doo.net *.doo.net securepay.swmh.de *.swmh.de *.db-app.de www.youtube.com www.youtube-nocookie.com *.ytimg.com www.google.com www.gstatic.com *.stry.tl *.screenpaper.io *.podigee.com consent-cdn.sv-veranstaltungen.de *.vimeo.com; font-src 'self' data: *.doo.net *.db-app.de www.google.com *.podigee.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com consent-cdn.sv-veranstaltungen.de stats.g.doubleclick.net 1
default-src 'self'; style-src 'self' https://use.fontawesome.com https://fonts.googleapis.com https://d952cmcgwqsjf.cloudfront.net 'unsafe-inline' https://code.ionicframework.com https://*.freshteam.com; font-src 'self' data: https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://d952cmcgwqsjf.cloudfront.net https://code.ionicframework.com; script-src 'self' https://*.cloudflare.com https://static.cloudflareinsights.com https://sdk.synaps.io/2.0.1/verify.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://*.fullstory.com https://*.usersnap.com https://fullstory.com https://browser.sentry-cdn.com https://use.fontawesome.com https://*.freshsales.io https://d952cmcgwqsjf.cloudfront.net https://s3.amazonaws.com/files.freshteam.com/ https://*.freshteam.com https://js-agent.newrelic.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.fullstory.com https://*.usersnap.com https://*.sentry.io https://www.google-analytics.com wss://ws.coinapi.io/v1/ https://*.freshsales.io wss://*.falconx.io wss://*.falconxdev.com https://*.falconx.io https://*.falconxdev.com https://*.freshteam.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://lipis.github.io; frame-src 'self' https://www.google.com https://verify.synaps.io 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'nonce-WVdabU5EZzJOR1ExWVdKa1pqazE=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-TXpaak5qRTVNRFZpTldNMk1XRTE=' *.readspeaker.com 'nonce-WXpJek5qUmhZV0l4WlRRNU56ZGs=' *.timeblockr.com; object-src 'self'; style-src 'self' *.readspeaker.com *.timeblockr.com 'nonce-WldSak1qZGpNRGt4WlRRMk56STM='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 1
default-src 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com;	font-src 'self' fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' connect.facebook.net itunes.apple.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com ajax.googleapis.com s.ytimg.com; connect-src 'self' webadmin.heartline.com admin.heartline.com backend.heartline.com pascal-prod.evidation.com pascal-beta.evidation.com pascal.evidation.com stats.g.doubleclick.net www.google-analytics.com evidation-pascal.zendesk.com www.ups.com itunes.apple.com  www.facebook.com; img-src 'unsafe-inline' 'self' www.facebook.com www.google.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com assets.prod.heartline.com i.ytimg.com data:; media-src 'self' assets.prod.heartline.com www.youtube.com i.ytimg.com;  frame-src 'self' assets.prod.heartline.com www.youtube.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1
default-src 'none'; script-src 'self' https://*.googleadservices.com https://*.dynatrace.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://*.cxtrvl.com https://*.tstllc.net *.sas.com  *.aimatch.com *.gigya.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cloud.webtype.com https://hello.myfonts.net https://*.googleapis.com https://*.cxtrvl.com *.gigya.com 'unsafe-inline'; connect-src 'self' *.sas.com *.aimatch.com *.dynatrace.com  https://*.cxtrvl.com *.foresee.com https://*.tstllc.net *.cnxloyalty.com *.gigya.com https://www.google-analytics.com *.cnxloyalty.com https://derbysoft.leonardocontentcloud.com *.cnxloyalty.com; font-src 'self' https://cloud.webtype.com https://*.gstatic.com https://*.googleapis.com https://*.cxtrvl.com; img-src 'self' data: https://*.vacationsdirect.com https://*.cloudfront.net https://*.viator.com *.budget.com *.avis.com *.thrifty.com *.dollar.com *.rcstatic.com *.gigya.com *.cartrawler.com *.enterprise.fr *.nationalcar.com *.alamo.com *.enterprise.com *.carhire-solutions.com https://*.cxtrvl.com *.cxloyalty.com https://*.tripadvisor.com https://pls.webtype.com *.orxenterprise.com https://www.google-analytics.com https://*.tripadvisor.com https://*.gstatic.com https://*.googleapis.com https://placehold.it https://placeholdit.imgix.net https://*.tacdn.com https://*.ehi.com *.payshield.com.au reflected-xss block *.cnxloyalty.com https://derbysoft.leonardocontentcloud.com; form-action 'self' *.cxtrvl.com *.gigya.com https://cxlvacations.cdev.infra.tstllc.net/cruise/cruises/rewards; frame-ancestors *.sas.com *.aimatch.com *.cnxloyalty.com *.gigya.com; plugin-types application/pdf; frame-src ;object-src 'self'; 1
default-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://optimize.google.com; style-src data: 'self' 'unsafe-inline' *.myfonts.net https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src * data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com; media-src *; font-src * https://fonts.gstatic.com https://checkout.orangefit.nl data:; connect-src * data: blob: 'unsafe-inline'; frame-src 'self' *.youtube.com *.google.com *.criteo.com *.vimeo.com *.hotjar.com https://optimize.google.com 1
default-src 'self'; script-src 'self' js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' ; img-src *; connect-src 'self' control.fraedom.com flexipurchase.com www.flexipurchase.com www.lloydsbank-datamanagement.com lloydsbank-datamanagement.com; 1
frame-src 'self' https://accounts.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://newapp.etracker.com/ https://www.google.com/ https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://blog.tuev-hessen.de/ https://staging-blog.tuev-hessen.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/; 1
frame-ancestors https://*.barcodefactory.com http://*.barcodefactory.com http://localhost:3000 http://10.0.0.155:3000 1
default-src  'self' data: ;font-src  'self' data: fonts.gstatic.com ;connect-src  'self' *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.facebook.com *.hotjar.com *.hotjar.io wss://ws2.hotjar.com wss://ws3.hotjar.com ;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com *.gstatic.com *.imedia.cz *.facebook.net *.adform.net *.doubleclick.net *.hotjar.com *.googleadservices.com *.glami.cz *.licdn.com *.linkedin.com *.seznam.cz https://unpkg.com;form-action  'self' *.facebook.com *.facebook.net ;frame-src  'self' blob: www.youtube.com *.vimeo.com *.imedia.cz *.facebook.com *.adform.net *.matterport.com datastudio.google.com *.hotjar.com *.google.com *.fliphtml5.com fliphtml5.com *.iplatba.cz *.essox.cz;worker-src  'self' blob: www.youtube.com *.vimeo.com *.imedia.cz *.facebook.com *.adform.net *.matterport.com datastudio.google.com *.hotjar.com *.google.com *.fliphtml5.com fliphtml5.com *.iplatba.cz *.essox.cz;frame-ancestors  'self' datastudio.google.com ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie www.zasilkovna.cz www.zasielkovna.sk *.imedia.cz *.facebook.com *.doubleclick.net c.seznam.cz *.glami.cz;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.gstatic.com ;object-src  'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com *.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.googleapis.com *.facebook.net *.doubleclick.net *.ads-twitter.com *.trackedlink.net *.licdn.com *.addthis.com *.paypalobjects.com *.mouseflow.com *.moatads.com *.addthisedge.com *.paypal.com *.twitter.com *.facebook.com *.postcodeanywhere.co.uk; default-src 'self' data:; worker-src ; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com; connect-src 'self' rec1.visualwebsiteoptimizer.com www.google-analytics.com *.paypal.com *.addthis.com *.doubleclick.net *.mouseflow.com *.bracedigital.com https://umbraco.com; font-src 'self' hello.myfonts.net fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: *.linkedin.com *.google.com *.google.co.uk https://t.co/i/adsct *.paypal.com *.facebook.com https://umbraco.tv *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.gstatic.com; frame-src 'self' vcc-eu2.8x8.com platform.twitter.com syndication.twitter.com *.8x8.com *.addthis.com *.youtube.com *.paypal.com *.facebook.com *.sagepay.com *.bracedigital.com *.google.com; 1
img-src * data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' data: blob:; connect-src * 'unsafe-inline';font-src 'self' data:; frame-src *; style-src * 'unsafe-inline'; object-src 'self'; form-action 'self'; manifest-src 'self'; base-uri 'self'; block-all-mixed-content;default-src 'self'; 1
allow 'self'; frame-ancestors dev.togostanza.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se; media-src 'none'; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se; font-src 'self'; connect-src 'self' https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://nhs.attendanywhere.com https://feeds.trac.jobs/ 1
default-src 'self' *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com siteimproveanalytics.com *.readspeaker.com *.obi4wan.com *.pusher.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' www.google-analytics.com *.siteimproveanalytics.io  data: *.obi4wan.com *.amazonaws.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com fonts.gstatic.com *.readspeaker.com; connect-src 'self' www.google-analytics.com *.readspeaker.com *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.curator.io https://cdn.productreview.com.au;img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://stats.g.doubleclick.net https://dc.yieldify.com https://dwmvwp56lzq5t.cloudfront.net https://scontent.cdninstagram.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://bat.bing.com https://ad.doubleclick.net https://go.flx1.com https://secure.adnxs.com https://cookiea1.veinteractive.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://hey.hellobar.com http://cookiea1.veinteractive.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://cdsaus2.veinteractive.com https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://cm.g.doubleclick.net https://veads.veinteractive.com https://insight.adsrvr.org https://sync.adap.tv https://assets.yieldify.com https://ads.yahoo.com https://pixel.advertising.com https://curatorio.s3.amazonaws.com https://cdn.curator.io https://x.bidswitch.net https://adservice.google.com https://d2nq7dn4e4z508.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://match.adsrvr.org https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://cdn.livechatinc.com https://tags.w55c.net https://us-u.openx.net https://i.w55c.net https://t.mookie1.com https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://su.addthis.com https://ad.sxp.smartclip.net https://cdn-image.otherlevels.com https://www.google.com https://www.google.com.au https://cds.taboola.com https://secure.getprice.com.au https://a.b0e8.com https://marvel-b1-cdn.bc0a.com https://marvel-processor.bc0a.com https://cx.atdmt.com https://tr.outbrain.com https://r.turn.com *.id.amgdgt.com https://*.yieldify.com;style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://dwmvwp56lzq5t.cloudfront.net https://cdn.curator.io https://platform.twitter.com https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://www.wufoo.eu https://configaus2.veinteractive.com https://bat.bing.com https://script.crazyegg.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://my.hellobar.com https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://d33wq5gej88ld6.cloudfront.net https://www.google.com https://www.gstatic.com https://dcc4iyjchzom0.cloudfront.net https://platform.instagram.com https://platform.twitter.com https://cdn.curator.io https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://d1l6p2sc9645hc.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://s.adroll.com https://d.adroll.com https://ib.adnxs.com https://www.wufoo.com https://secure.wufoo.com  https://apps.rokt.com https://roktcdn1.akamaized.net https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdn.taboola.com https://www.eventbrite.com.au https://woobox.com https://trc.taboola.com https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com;default-src 'self' https://images.wineselectors.com.au https://configaus2.veinteractive.com https://vars.hotjar.com https://www.google.com https://www.facebook.com https://roktcdn1.akamaized.net;connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://api.curator.io https://appsapihk.veinteractive.com https://cookiea1.veinteractive.com https://c.flx1.com wss://ws1.hotjar.com https://cdsaus2.veinteractive.com https://bacon.section.io https://in.hotjar.com https://apps.rokt.com https://stats.g.doubleclick.net https://www.facebook.com https://trc.taboola.com https://sessionapihk.veinteractive.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://dtrchk.veinteractive.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://cds.taboola.com https://trc-events.taboola.com https://pips.taboola.com https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com;media-src 'self' https://images.wineselectors.com.au https://cdn.livechatinc.com;object-src 'self' https://images.wineselectors.com.au;child-src 'self' https://www.youtube.com https://www.google.com https://vars.hotjar.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://syndication.twitter.com https://www.instagram.com https://wineevents.wufoo.eu https://wineevents.wufoo.eu https://configaus2.veinteractive.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://apps.rokt.com https://www.google.com.au https://secure.livechatinc.com https://woobox.com https://wineselectors.ipscape.com.au https://bid.g.doubleclick.net https://www.ojrq.net https://tracking.gopsjump.com.au https://tracking.cohortdigital.com.au https://mozbar.moz.com https://*.yieldify.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 1
frame-ancestors 'self' https://campaign.interamerican.gr/ https://askme.interamerican.gr/; 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval' 1
default-src 'self 'unsafe-inline'' *.sernet.de *.google.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com 1
default-src  'self' *.fg.cz tagmanager.google.com *.google-analytics.com;font-src  'self' data: *.typekit.net *.typekit.com *.gstatic.com *.bootstrapcdn.com;connect-src  'self' *.fg.cz *.google-analytics.com *.typekit.net *.fullstory.com *.zeerat.com wss://collector.zeerat.com *.doubleclick.net *.sociablekit.com *.clarity.ms *.google.com *.facebook.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.fg.cz *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.twimg.com *.geoplugin.net *.zeerat.com *.fullstory.com *.sociablekit.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com sjs.bizographics.com *.imedia.cz *.seznam.cz *.clarity.ms *.youtube.com *.adform.net;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.fg.cz *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.twimg.com *.geoplugin.net *.zeerat.com *.fullstory.com *.sociablekit.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com sjs.bizographics.com *.imedia.cz *.seznam.cz *.clarity.ms *.youtube.com *.adform.net;form-action  'self' *.facebook.com *.facebook.net;frame-src  'self' *.youtube.com *.facebook.com *.facebook.net *.googletagmanager.com *.sociablekit.com indd.adobe.com *.imedia.cz;worker-src  'self' *.youtube.com *.facebook.com *.facebook.net *.googletagmanager.com *.sociablekit.com indd.adobe.com *.imedia.cz;frame-ancestors  'self';img-src  'self' data: blob: *.fg.cz *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.typekit.net *.typekit.com *.facebook.com *.facebook.net *.twimg.com *.google.am *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.cl *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.ies *.google.iq *.google.it *.google.li *.google.lt *.google.lu *.google.md *.google.mk *.google.mn *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.google.tn *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.uk *.google.co.uz *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bo *.google.com.br *.google.com.do *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.sa *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn *.youtube.com *.sociablekit.com *.fbcdn.net *.linkedin.com *.imedia.cz *.seznam.cz *.clarity.ms android-webview-video-poster: *.bing.com *.ytimg.com p.adsymptotic.com *.fullstory.com;style-src  'self' 'unsafe-inline' *.fg.cz *.googleapis.com *.typekit.net *.typekit.com tagmanager.google.com *.sociablekit.com *.bootstrapcdn.com *.google.com *.gstatic.com;style-src-elem  'self' 'unsafe-inline' *.fg.cz *.googleapis.com *.typekit.net *.typekit.com tagmanager.google.com *.sociablekit.com *.bootstrapcdn.com *.google.com *.gstatic.com;object-src  'self' 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.zevenaar.nl app.cobrowser.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com app.cobrowser.com fonts.googleapis.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.zevenaar.nl www.gstatic.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.zevenaar.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.zevenaar.nl app.cobrowser.com wss://app.cobrowser.com fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; object-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation 1
"default-src 'none';" 1
default-src ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.entrecode.de https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com bat.bing.com *.doubleclick.net *.usercentrics.eu https://connect.facebook.net https://snap.licdn.com; object-src ; style-src 'unsafe-inline' *; img-src * data:; media-src *; child-src 'self' *.t5-karriereportal.de *.youtube.com *.googlevideo.com *.doubleclick.net *.googlesyndication.com; font-src * data:; connect-src * *.entrecode.de; manifest-src 'self' 1
style-src 'unsafe-inline' 'self' http: https: ; 1
frame-ancestors https://*.innovatrics.com 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'nonce-WTJOa01ESmxOVEExTnprNU1qbGo=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-WVdVNE16Z3labU13TWpWa05URXg=' *.readspeaker.com 'nonce-TmprM01UZzJOek00WVRSaU5tRmk=' *.timeblockr.com; object-src 'self'; style-src 'self' *.readspeaker.com *.timeblockr.com 'nonce-WXpOa01qSTFNRGsxWVdObE1tRXk='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com s.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com playout.3qsdn.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; connect-src 'self' https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self' https://piwik.bzga.de/ script-src 'unsafe-inline' img-src https://piwik.bzga.de/ 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com rclreads.bibliocms.com *.rclreads.bibliocms.com https://www.rclreads.org www.rclreads.org *.www.rclreads.org; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de; frame-ancestors 'self'; 1
frame-ancestors 'self' *.kapow.com *.cvent.com http://*.cvent.com *.kapownp.com http://*.kapow.com:*; 1
upgrade-insecure-requests;default-src 'self' https; connect-src 'self' www.google.co.uk snap.licdn.com px.ads.linkedin.com www.linkedin.com linkedin.com stats.g.doubleclick.net www.google-analytics.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; font-src 'self' www.google.co.uk cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com px.ads.linkedin.com www.linkedin.com linkedin.com fonts.gstatic.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk data:; style-src 'self' 'unsafe-inline' www.google.co.uk px.ads.linkedin.com www.linkedin.com linkedin.com cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com tagmanager.google.com fonts.googleapis.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.co.uk snap.licdn.com px.ads.linkedin.com www.linkedin.com linkedin.com cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com www2.cmrsurgical.com stats.g.doubleclick.net pi.pardot.com cdn.pardot.com cdnjs.cloudflare.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googleadservices.com www.google.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com graph.facebook.com widgets.pinterest.com assets.pinterest.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; img-src 'self' cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com www.google.co.uk px.ads.linkedin.com www.linkedin.com linkedin.com ssl.gstatic.com www.gstatic.com www.googletagmanager.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com www.google-analytics.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk blob: data:; child-src 'self'; frame-src 'self' www.google.co.uk snap.licdn.com px.ads.linkedin.com www.linkedin.com linkedin.com pi.pardot.com www2.cmrsurgical.com player.vimeo.com s7.addthis.com assets.pinterest.com bid.g.doubleclick.net *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; media-src 'self' www.google.co.uk px.ads.linkedin.com www.linkedin.com linkedin.com cdn.cmrsurgical.com media-cmrsurgical.azureedge.net cmr-cdn.local cmr-cdn.daily3.codehousegroup.com cmr-cdn.rtc3.codehousegroup.com uat-cdn.cmrsurgical.com *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk; 1
policy-uri /'self' 1
default-src 'self' ; script-src 'self' 'nonce-WmpVMFlUUTVNVGxtTkRjek5tUTU=' *.kaartviewer.nl 'nonce-WmpkaVpqQTJaVGM1T1RVNVptRXg=' 'nonce-TUdVek1qYzNZMlZoTlRrM09HVmw=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' *.kaartviewer.nl 'nonce-Tm1WaE9XUTVNelkxTnpOa016QTU='; img-src 'self' data: geodata.nationaalgeoregister.nl *.kaartviewer.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com *.ytimg.com raster.horstaandemaas.nl; media-src 'self'; frame-src 'self' www.youtube.com *.google.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.kaartviewer.nl *.ionicframework.com fonts.gstatic.com; connect-src 'self' *.kaartviewer.nl *.siteimprove.com *.servmetric.com; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-150e08d6a2f65a0be06c3876dcfeaa9d' 'nonce-fe7cbb74bcfe10d6442e4225f89c4168' 'nonce-b4e12daabfaa16946fe6d1f3c730849d' 'nonce-5ecd52ff573e32b99e2655f98ca4fc1f' 'nonce-de895dd2b270b157ea365c48ba6eae65' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-150e08d6a2f65a0be06c3876dcfeaa9d' 'nonce-fe7cbb74bcfe10d6442e4225f89c4168' 'nonce-b4e12daabfaa16946fe6d1f3c730849d' 'nonce-5ecd52ff573e32b99e2655f98ca4fc1f' 'nonce-de895dd2b270b157ea365c48ba6eae65' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com data:; 1
base-uri 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.cdkeybay.com *.vanilla.digital *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.youtube.com *.cloudflare.com *.doubleclick.net *.ytimg.com; 1
frame-ancestors 'self' https://fanmusicfest-com.cdn.ampproject.org 1
default-src 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https://seal.digicert.com https://img.youtube.com https://seal.websecurity.norton.com https://www.google-analytics.com https://widgets.trustedshops.com; report-uri https://pswgroup.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; child-src 'self' *.a-ads.com www.youtube.com w.soundcloud.com *.facebook.com player.vimeo.com livejournal.com www.google.com coub.com *.yandex.ru vk.com ok.com rutube.ru; script-src 'self' 'unsafe-inline' files.coinmarketcap.com ajax.googleapis.com app.sharpay.io www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com; connect-src 'self' api.imgur.com *.golos.id wss://*.golos.id *.golos.today *.coinmarketcap.com app.sharpay.io www.google-analytics.com cdn.jsdelivr.net; report-uri /api/v1/csp_violation; object-src 'self'; frame-ancestors 'none' 1
frame-ancestors https://webvisor.com/; 1
default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com www.google-analytics.com; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com staticcdn.co.nz; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.youtube.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.youtube.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;form-action 'self';base-uri 'self';object-src 'none';report-uri https://csp.example.com; 1
default-src 'self'; connect-src 'self' https:; font-src 'self' chrome-extension: https:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://disqus.com http://disqus.com disqus.com; img-src 'self' data: http: https:; script-src 'self' https://cdn.ampproject.org https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com https://*.twimg.com https://platform.twitter.com data:; style-src 'self' https://fonts.googleapis.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://*.twimg.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com 'unsafe-inline'; 1
default-src 'self' data: *.deluxebrand.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://in.hotjar.com https://api.sandbox.braintreegateway.com/ https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://js.braintreegateway.com https://unpkg.com https://cdn.ckeditor.com https://script.hotjar.com https://demos.telerik.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com http://cdn.appdynamics.com https://cdn.quantummetric.com https://kendo.cdn.telerik.com http://cdnjs.cloudflare.com http://ajax.googleapis.com https://ajax.aspnetcdn.com http://ajax.aspnetcdn.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://ajax.googleapis.com  https://use.fontawesome.com  https://code.jquery.com https://core.spreedly.com https://cdnjs.cloudflare.com https://dmg-widget.s3-us-west-2.amazonaws.com https://www.googletagmanager.com https://cdn.impossible.io https://maps.googleapis.com https://dmg-gallery-images-dev.s3.us-west-2.amazonaws.com https://static.hotjar.com https://scripts.hotjar.com https://dmg-gallery-images-uat.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' https://assets.braintreegateway.com https://dmg-widget.s3-us-west-2.amazonaws.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com https://use.fontawesome.com https://kendo.cdn.telerik.com  https://core.spreedly.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://dmg-gallery-images-dev.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com; img-src data: *; media-src *; frame-src *; font-src *; connect-src 'self' data: *.deluxebrand.com https://www.google-analytics.com https://siteintercept.qualtrics.com http://col.eum-appdynamics.com https://stats.g.doubleclick.net https://7n7l08yp06.execute-api.us-west-2.amazonaws.com https://cdn.ckeditor.com https://script.hotjar.com https://dmg-gallery-images-dev.s3.us-west-2.amazonaws.com https://in.hotjar.com https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com wss://ws6.hotjar.com/api/v2/client/ws https://dmg-gallery-images-uat.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com; style-src 'unsafe-inline' 'self' https://tagmanager.google.com https://fonts.googleapis.com; 1
frame-ancestors http://my.rotary.org https://my.rotary.org http://my-cms.rotary.org https://my-cms.rotary.org 'self'; 1
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri https://sts.efactorypro.com/core/csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jotfor.ms *.jotform.com *.jotform.io *.jotform.us *.jotformpro.com *.multiview.com *.paypal.com *.paypalobjects.com *.texmed.org *.twimg.com *.twitter.com *.unitednetworksofamerica.com *.yahooapis.com *.zkcdn.net code.jquery.com https://t.co https://feed.jquery-plugins.net *.unitednetworksofamerica.com; frame-src 'self' *; 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com safesurfs.net ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
default-src 'self' ;script-src data: 'self' 'unsafe-eval' 'nonce-SUgAMqKDCFYcFgwJ' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net ;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net ;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/ cookiehub.net; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com cookiehub.net; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.dekust.be cdn.knightlab.com vars.hotjar.com; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/ cookiehub.net; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'self' https://d3gcmglegmnvz8.cloudfront.net/; child-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; frame-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; connect-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.pinterest.com https://*.nr-data.net https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.youtube.com/ https://device.clearsale.com.br https://*.yimg.com/; default-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://accounts.google.com/ https://www.google-analytics.com/ https://www.youtube.com/ 'unsafe-eval' 'unsafe-inline' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.googleapis.com https://d3gcmglegmnvz8.cloudfront.net/ https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' data: https://*.pinterest.com https://www.gstatic.com https://*.ytimg.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://*.googleusercontent.com https://*.fbsbx.com https://*.geotrust.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ wss://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.com.br/ https://www.youtube.com/ blob:; media-src https://d3gcmglegmnvz8.cloudfront.net/; object-src https://d3gcmglegmnvz8.cloudfront.net/; script-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com/ https://*.nr-data.net https://*.list-manage.com https://*.mailchimp.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://*.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.newrelic.com/ https://*.facebook.com/ https://*.facebook.net https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://seal.geotrust.com/ https://www.youtube.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.yimg.com/ 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.mailchimp.com https://fonts.googleapis.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ 'unsafe-inline'; frame-ancestors 'self' https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io gap:; referrer origin-when-cross-origin; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=EzaQPuYZ8aJmV%2fFCQjtWSJQd57UyAdzRXrhXcN8kyG1mgz8hR9oPtXKJB0vGZ1I0cqeaIS87Y8N%2b%2f0xRLmwxKCN5B4yHmM8Eep%2bHdWCKQj5VusQaTrF%2flmge6OOzPQxV; 1
default-src 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
frame-ancestors 'self' *.ratingruneta.ru ratingruneta.ru webvisor.com http://webvisor.com metrika.yandex.ru *.yandex.net 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1
default-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com/ajax/libs/animate.css/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com/bootstrap-table@1.18.3/dist/ https://use.fontawesome.com/releases/ https://unpkg.com/bootstrap-table@1.18.3/dist https://ipinfo.io/ https://cdnjs.cloudflare.com/ajax/libs/tinysort/; img-src * 'self' data:; frame-src https://www.google.com/recaptcha/ 1
allow; 1
frame-ancestors https://www.twoa.ac.nz 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com web-start.org ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
default-src 'self' *.ctctcdn.com *.google.com *.constantcontact.com *.gstatic.com maps.googleapis.com *.usersnap.com *.google-analytics.com; script-src 'self' 'unsafe-inline' *.ctctcdn.com *.google.com *.gstatic.com cdnjs.cloudflare.com maps.googleapis.com *.usersnap.com cdn.rawgit.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.typekit.net *.ctctcdn.com fonts.googleapis.com cdnjs.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com *.usersnap.com raw.githubusercontent.com cdn.rawgit.com *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com; font-src 'self' *.typekit.net fonts.gstatic.com *.bootstrapcdn.com; report-uri /report-csp-violation 1
frame-ancestors self https://www.northernparrots.com www.northernparrots.com:444 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://www.google-analytics.com https://*.sentry.io *.sentry.io https://*.abtasty.com *.abtasty.com https://api.addressfinder.io https://au-live.inside-graph.com au-live.inside-graph.com https://*.doubleclick.net *.doubleclick.net wss://au-live.inside-graph.com https://www.facebook.com/tr; font-src 'self' https://fonts.gstatic.com https://*.abtasty.com *.abtasty.com https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://au-cdn.inside-graph.com blob: data:; form-action 'self' https://www.facebook.com https://*.powershop.co.nz *.powershop.co.nz; frame-ancestors 'self'; frame-src https://www.googletagmanager.com www.googletagmanager.com https://www.facebook.com https://recaptcha.google.com/recaptcha/ https://www.google.com/recaptcha/ https://*.vimeo.com *.vimeo.com https://*.youtube.com *.youtube.com https://*.google.com *.google.com https://*.doubleclick.net *.doubleclick.net; img-src 'self' https://*.doubleclick.net *.doubleclick.net https://i.vimeocdn.com https://i.vimeocdn.com https://www.google-analytics.com www.google-analytics.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com https://www.googletagmanager.com www.googletagmanager.com https://track.hubspot.com track.hubspot.com https://www.facebook.com www.facebook.com https://*.abtasty.com *.abtasty.com https://*.amazonaws.com *.amazonaws.com https://au-cdn.inside-graph.com https://www.google.com/ads/ https://www.google.com.au/ads/ blob: data:; media-src https://youtube.com youtube.com https://vimeo.com vimeo.com; object-src 'none'; script-src 'self' https://*.vimeo.com *.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.net *.facebook.net https://*.facebook.com *.facebook.com https://*.inside-graph.com *.inside-graph.com https://js.hs-scripts.com js.hs-scripts.com https://*.hs-banner.com *.hs-banner.com https://*.hubspot.com *.hubspot.com https://js.hs-analytics.net https://*.abtasty.com *.abtasty.com https://*.abtasty.com *.abtasty.com https://*.googleapis.com *.googleapis.com https://*.doubleclick.net *.doubleclick.net 'nonce-NTg5OTBhNjk4MjgyNGUxZjc3Y2NhOWFkNzFiZTIyMWE3YTQ5YWZkNmU4OGFmN2QzNGE2MThjMWFlZmVmOTYwYWRmYjI5ZjRkMzM3NDIzYjM3YTM0OGE2MDMxMDA1MmViYjZjOTMzOGQ5NWFmMzZkM2RmNWM1MTU3OTFkZThlZGU=' 'unsafe-eval' blob:; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://*.abtasty.com *.abtasty.com https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://au-cdn.inside-graph.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
script-src 'self' https://*.variance.hu/* https://variance.hu/* https://*.inlock.io/* https://inlock.io/* blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.google.com *.gstatic.com; connect-src 'self'; frame-src *.google.com 1
frame-ancestors 'none'; connect-src 'self' https://*.force.com/ https://cdns.us1.gigya.com/ https://*.gigya.com/ https://*.facebook.com/ https://www.googleoptimize.com/ https://*.pusher.com wss://*.pusher.com https://*.fusepump.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.sessioncam.com/ https://*.doubleclick.net/ https://*.nr-data.net/ https://*.mookie1.com/ 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dancow.co.id/report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.schubert.group 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.duiven.nl app.cobrowser.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com app.cobrowser.com fonts.googleapis.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.duiven.nl www.gstatic.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.duiven.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.duiven.nl app.cobrowser.com wss://app.cobrowser.com fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' stats.ballensiefen.net 1
script-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.netdna-ssl.com *.cloudflare.com *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.twimg.com *.ytimg.com *.wp.com 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors https://*.webcargonet.com  https://*.freightos.com 1
default-src 'self' google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com adservice.google.com adservice.google.ru adservice.google.com.ua adservice.google.co.uz ulogin.ru *.ulogin.ru vk.com google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru ; object-src 'self' *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com ; img-src 'self' * data: blob: filesystem:; media-src 'self' ; font-src 'self' *.gstatic.com *.googleapis.com netdna.bootstrapcdn.com; frame-src 'self' *.doubleclick.net www.youtube.com vk.com *.vk.com ulogin.ru *.ulogin.ru; connect-src 'self' adservice.google.com *.google-analytics.com *.gstatic.com *.googlesyndication.com 1
frame-ancestors *.kinmen.travel 'self' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.google.com;object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'none'; 1
font-src 'self' fonts.gstatic.com https://*.intercomcdn.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com data:; img-src * data:; script-src 'self' 'unsafe-inline' www.googleadservices.com www.googletagmanager.com www.google-analytics.com marketing.talmix.com marketing.mbaco.com https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ connect.facebook.net https://s.adroll.com https://d.adroll.com https://*.intercom.io https://*.intercomcdn.com https://pi.pardot.com https://fullstory.com https://*.fullstory.com https://d2yyd1h5u9mauk.cloudfront.net https://scout-cdn.salesloft.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com https://1922ad1ca24372498797-3b677d6bb99015de4b7df47cce09c3b8.ssl.cf3.rackcdn.com; style-src 'self' tagmanager.google.com fonts.googleapis.com 'unsafe-inline' https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' webcode.telekom-dienste.de fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com *.wbtrk.net lo.v.liveperson.net accdn.lpsnmedia.net *.facebook.net *.intelliad.de *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.cloudflare.com empathy-portal.de lpcdn.lpsnmedia.net *.usabilla.com *.cloudfront.net *.adform.net tag.contiamo.com *.nuki.io nuki.io; object-src 'self'; style-src 'self' 'unsafe-inline' webcode.telekom-dienste.de www.telekom.de fonts.googleapis.com *.cloudfront.net; img-src data: 'self' webcode.telekom-dienste.de *.doubleclick.net fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com lpcdn.lpsnmedia.net *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com empathy-portal.de *.brodos.com *.facebook.com *.intelliad.de tracking.mlsat02.de *.cloudfront.net *.usabilla.com events.contiamo.com https://goliath.telekom-dienste.de; media-src 'self' fbc.wcfbc.net lptag.liveperson.net *.telekom.de tags-eu.tiqcdn.com *.adform.net *.google.de *.google.com *.ytimg.com *.youtube-nocookie.com *.gstatic.com tags-eu.tiqcdn.com *.googlevideo.com lpcdn.lpsnmedia.net; frame-src 'self' *.rfihub.com t23.intelliad.de *.youtube-nocookie.com *.youtube.com lptag.liveperson.net lpcdn.lpsnmedia.net *.lo.cobrowse.liveperson.net server.lon.liveperson.net email-telekom.de shopsuche.telekom.de *.facebook.com *.facebook.net/ nuki.io ebs08-stg.telekom.de ebs08.telekom.de https://d6tizftlrpuof.cloudfront.net *.usabilla.com; font-src 'self' https://ebs10.telekom.de *.gstatic.com data: https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://fonts.googleapis.com https://www.telekom.de/; connect-src 'self' https://ebs10.telekom.de wss://gwe-dmz-cc.telekom.de https://gwe-dmz-cc.telekom.de https://rest.ice-search.de https://iss-staging-backend.ice-search.de https://ebs01-stg.telekom.de ebs01.telekom.de https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://ebs02.telekom.de https://events.contiamo.com; form-action 'self' shopsuche.telekomshop.de *.facebook.net *.facebook.com; frame-ancestors 'self' https://pano.framework.tv https://telekom-cafe-ape.framework.tv 1
default-src 'self' 'nonce-6aba2e5df20d40ccad839cc5d5824ed9' 'unsafe-eval' https://conizi.io/static; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://conizi.io/static; font-src 'self' https://fonts.gstatic.com https://conizi.io/static data:; img-src 'self' https://conizi.io/static data: 1
default-src 'none'; script-src 'self' https://code.jquery.com https://www.google-analytics.com; img-src ' self 'https://www.google-analytics.com; connect-src' self '; font-src' self '; style-src' self ';  1
child-src t.svtrd.com youtube.com www.youtube.com *.doubleclick.net app4.premieserverplus.nl connect.facebook.net *.24sessions.com www.youtube-nocookie.com youtube-nocookie.com;connect-src 'self' maps.googleapis.com api.advieskeuze.nl *.usabilla.com;default-src 'none';font-src 'self' data:  fonts.gstatic.com d6tizftlrpuof.cloudfront.net;form-action 'self' t.svtrd.com connect.facebook.net;frame-ancestors 'self' *.usabilla.com d6tizftlrpuof.cloudfront.net;img-src 'self' data:  www.google-analytics.com *.doubleclick.net www.google.com www.google.be www.google.nl *.svtrd.com *.facebook.com d6tizftlrpuof.cloudfront.net *.usabilla.com *.googleadservices.net *.gstatic.com maps.googleapis.com advieskeuzestorage.blob.core.windows.net *.advieskeuze.nl europe-west2-data-argenta-216109.cloudfunctions.net;manifest-src 'none';media-src *;object-src 'none';report-uri https://insurco.report-uri.io/r/default/csp/enforce;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com connect.facebook.net maps.googleapis.com *.usabilla.com d6tizftlrpuof.cloudfront.net *.svtrd.com *.24sessions.com www.googletagmanager.com tagmanager.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.usabilla.com d6tizftlrpuof.cloudfront.net tagmanager.google.com; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.google.com https://*.typekit.net https://metrics.mehrwert.de https://www.google-analytics.com/; style-src https: 'unsafe-inline' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.typekit.net https://metrics.mehrwert.de; frame-ancestors https://www.fortuna-koeln.de https://verein.fortuna-koeln.de https://verein.www.fortuna-koeln.de https://www.fortuna-koeln.de https://twitter.com https://*.twitter.com 1
frame-ancestors https://*.veygo.com https://*.nonprod-veygo.com https://*.preprod-veygo.com 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com *.google-analytics.com   geoid.investisdigital.com https://cookiemanager.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edg tagmanager.google.come.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com player.vimeo.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri /report-csp-violation 1
frame-ancestors 'self'  *.ttha.com ttha.com *.huntersextravaganza.com huntersextravaganza.com *.thenation.com thenation.com *.sunshineartist.com sunshineartist.com *.dollsmagazine.com dollsmagazine.com *.todayschristianliving.org todayschristianliving.org *.piperowner.org piperowner.org *.cessnaowner.org cessnaowner.org *.smart-retailer.com smart-retailer.com *.handmade-business.com handmade-business.com 1
default-src 'self'  ;options inline-script eval-script;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org ; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: piwik.itzbund.de; frame-ancestors 'self'; 1
frame-ancestors "self" "https://*.motor.com" "https://*.motoshop.com" 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.stripe.com/ https://*.typekit.net/; img-src 'self' data: ; object-src 'self' data: https://*.stripe.com/; frame-src 'self' data: https://*.stripe.com/; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.smithwicksexperience.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.myfonts.net *.hotjar.com *.facebook.net; object-src 'self' https: *.smithwicksexperience.com ; style-src 'self' 'unsafe-inline' https: *.smithwicksexperience.com fonts.googleapis.com footer.diageohorizon.com *.myfonts.net; img-src 'self' https: data: *.smithwicksexperience.com *.googleapis.com *.gstatic.com analytics.twitter.com d.adroll.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.ie www.google-analytics.com *.hotjar.com *.facebook.com; frame-src 'self' https: *.smithwicksexperience.com *.worldnettps.com www.youtube.com *.hotjar.com; font-src 'self' https: *.smithwicksexperience.com data: *.myfonts.net *.gstatic.com *.hotjar.com; connect-src 'self' https: *.smithwicksexperience.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com; media-src 'self' https: *.smithwicksexperience.com 1
default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/  http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com https://alteryz.s3.amazonaws.com/copalove/ https://script.googleusercontent.com https://*.perfdrive.com https://everymundo.github.io http://docs/themes/cm/index.isolated.cm.css https://www.kayak.com https://fc-services-api-dev.everymundo.net 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src 'self' bam.eu01.nr-data.net cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com bam.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net p.typekit.net cloud.typography.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com www.bitchute.com emb.d.tube rumble.com www.brighteon.com lbry.tv; connect-src 'self' whaleshares.io pubrpc.whaleshares.io api.whaleshares.io www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com www.googletagmanager.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1
default-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://staticfiles.digitalchargingsolutions.com https://maps.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com; frame-src 'self' https://payment.datatrans.biz/ https://pay.datatrans.com; img-src 'self' https: data: https://cpologo.digitalchargingsolutions.com; style-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://fonts.googleapis.com; font-src 'self'  https://staticfiles.digitalchargingsolutions.com https://fonts.gstatic.com; 1
child-src https: 'self' https://enertrag.com/ https://*.enertrag.com/; default-src https: 'self' data: https://enertrag.com/ https://analytics.enertrag.com/ https://www.youtube.com/ https://maps.google.de/ https://*.gstatic.com/ https://*.googleapis.com/;script-src 'self' https://analytics.enertrag.com/ https://*.enertrag.com/ 'unsafe-inline' 'unsafe-eval' https://maps.google.de/ https://maps.googleapis.com/; font-src 'self' data: https://*.enertrag.com/ https://enertrag.com/ https://netdna.bootstrapcdn.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/; style-src 'unsafe-inline' 'self' https://*.enertrag.com/ https://enertrag.com/ https://hello.myfonts.net https://fonts.googleapis.com/; object-src https://*.enertrag.com/ 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'none' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://unpkg.com https://storage.googleapis.com/ https://consentcdn.cookiebot.com https://consent.cookiebot.com/ https://www.gstatic.com/ https://analytics.edlinger.at/ https://cdn.polyfill.io https://twitter.com https://*.twimg.com https://ton.twitter.com https://*.cloudfront.net https://*.cloudflare.com https://code.angularjs.org https://www.dropbox.com/ https://app.box.com https://*.live.net/ https://*.google.com  https://cdn.jsdelivr.net https://cdn.jsdelivr.net www.google.com staticxx.facebook.com facebook.com www.googletagmanager.com connect.facebook.net www.google-analytics.com ajax.googleapis.com https://cdn.polyfill.io; object-src 'self' data: https://cdn.whisky-circle.info https://*.cloudfront.net; style-src 'self' data: 'unsafe-inline' https://unpkg.com https://www.gstatic.com/  https://*.cloudfront.net https://cdn.whisky-circle.info https://*.googleapis.com/ https://www.whisky-circle.info/a-guide-to-driving-in-scotland/ ; img-src 'self' blob: data: https://*.googleusercontent.com https://opensharecount.com https://analytics.edlinger.at/ https://www.blogheim.at https://*.osm.org https://cdn.whisky-circle.info https://*.google.at https://themeadviser.com https://www.google-analytics.com https://www.facebook.com s.w.org https://stats.g.doubleclick.net https://www.gravatar.com/avatar/ https://secure.gravatar.com/ ps.w.org https://www.google.com https://*.googleapis.com/; media-src 'self' data: https://cdn.whisky-circle.info; child-src 'self' data: https://*.vimeo.com https://*.cloudfront.net https://*.youtube.com https://*.youtube-nocookie.com https://staticxx.facebook.com https://cdn.polyfill.io  font-src 'self' data: https://cdn.whisky-circle.info https://*.gstatic.com; connect-src 'self' data: https://analytics.edlinger.at/ https://www.clarity.ms https://www.google-analytics.com https://my.yoast.com  https://yoast.com/; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; frame-src 'self' data: https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://analytics.edlinger.at/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.staticflickr.com *.youtube-nocookie.com maps.googleapis.com developers.google.com *.3qsdn.com *.flickr.com tde-stats.spin-ag.de *.telefonica.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.3qsdn.com; connect-src 'self' *.3qsdn.com; media-src 'self' *.youtube-nocookie.com *.3qsdn.com *.staticflickr.com *.flickr.com blob:; child-src 'self' *.telefonica.de *.udldigital.de *.youtube-nocookie.com *.3qsdn.com blob:; object-src 'self'; frame-src 'self' *.google.com *.telefonica.de *.youtube-nocookie.com data:; form-action 'self'; img-src 'self' chart.apis.google.com  maps.gstatic.com *.googleapis.com developers.google.com *.udldigital.de *.telefonica.de *.staticflickr.com *.flickr.com tde-stats.spin-ag.de *.3qsdn.com data: 1
default-src 'self' *.googlesyndication.com; 1
object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com omaha.bibliocms.com *.omaha.bibliocms.com https://omahalibrary.org omahalibrary.org *.omahalibrary.org; 1
script-src 'self' 'nonce-1Bwv478zE2c7m'; default-src 'self' 1
default-src 'self'; connect-src 'self' http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.google.com; script-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.adsrvr.org https://connect.facebook.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com https://*.bootstrapcdn.com https://*.google-analytics.com https://*.youtube.com https://*.smartzonessva.com https://smartzonessva.com https://*.ytimg.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.bootstrapcdn.com https://*.google-analytics.com https://*.youtube.com https://*.smartzonessva.com https://*.gravatar.com; img-src 'self' data: https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.facebook.com https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.google-analytics.com https://*.doubleclick.net https://*.gravatar.com; media-src 'self' data:; frame-src 'self' https://*.nsbank.com https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.bootstrapcdn.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com/  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com ; object-src 'self'; style-src 'self' 'unsafe-inline' http://cdn.ckeditor.com; img-src 'self' http://cdn.ckeditor.com; media-src 'self' https://youtube.com; frame-src 'self' https://www.youtube.com; font-src 'self'; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://indigowebmaster.com; img-src 'self' data: https://indigowebmaster.com https://*.cdninstagram.com; object-src 'self' data: https://indigowebmaster.com; frame-src 'self' data: https://indigowebmaster.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hypovbg.at https://cdnjs.cloudflare.com https://google.com https://www.google.com https://tagmanager.google.com https://analytics.arz.at https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://*.gstatic.com https://e.issuu.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; object-src 'self' https://*.youtube.com; style-src 'self' 'unsafe-inline' https://*.hypovbg.at google.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; img-src 'self' data: https://*.hypovbg.at https://google.com https://www.google.com https://analytics.arz.at https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://maps.google.com https://maps.googleapis.com https://*.gstatic.com https://consent.cookiebot.com https://kurse.banking.co.at; media-src 'self' https://*.hypovbg-cdn.at; frame-src 'self' https://consentcdn.cookiebot.com https://kurse.banking.co.at https://*.hypovbg.at https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://e.issuu.com; font-src 'self' https://*.hypovbg.at https://fonts.googleapis.com; connect-src 'self' https://data.hypovbg.at 1
default-src 'self' *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.youtube.com *.progress.ie 46.137.108.103 *.onlinebanking.progress.ie *.onlinebankingws.progress.ie *.cookiebot.com 1
script-src 'self' 'unsafe-inline' https://* 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://* 'unsafe-eval'; media-src self: https://* blob:; connect-src https://*; default-src 'self'; font-src 'self' 'unsafe-inline' https://* 'unsafe-eval' data:; img-src data: https://* http://* blob:; frame-src https://* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self' 'unsafe-inline' data: *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://p.adsymptotic.com/ https://wb.messengerpeople.com/ https://www.baufi-lead.de/ https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://fondsfinanzfilme1.s3-external-3.amazonaws.com/ https://fondsfinanzfilme1.s3.amazonaws.com/ https://europace2.de/ https://www.europace2.de https://widget.msgp.pl https://www.yumpu.com; script-src 'self' 'unsafe-inline' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.baufi-lead.de/;frame-ancestors 'self' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de www.rd-rhein-main.com www.finanzmakler-weimar.de www.finanzbonus.com www.afp-makler.de www.afp-regionaldirektion.de www.makler-mehrwert.de www.fuvb.eu www.allfinanz-sachsen.de www.bimi-maklernetzwerk.de www.kapitalrente.de www.osthessen-versicherung.de www.nickl-versicherungsmakler.com www.ohzversicherungen.de www.1aversicherungen.de www.ms-finanzen.de www.versicherungsmakler-pinneberg.de www.wilke-finanz.de 1
default-src 'self'  *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.google.com *.google.co.uk *.g.doubleclick.net * ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.google.com *.google.co.uk *.g.doubleclick.net * ;object-src 'none'; 1
default-src 'self' detergents.lidl-info.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com form.lidl.com lidl.media01.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 1
base-uri 'self' *.google.com; child-src blob: 'self' gap: *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com ict.infinity-tracking.net outsysprod.paragon-group.co.uk response.pure360.com 'self' sitesearch360.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.investis.com *.paragonbank.co.uk *.paragonbankinggroup.co.uk *.sitesearch360.com *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com; script-src gap: 'self' ict.infinity-tracking.net mpsnare.iesnare.com sitesearch360.com snap.licdn.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.google.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=8K%2fOjxrmhlb4zzhYgiiOCjtba4IWzl4rRz0ooiNiJW6OIekd4Wx2fPBJjUHG0nzYgEgq36iIFasGEIwZ20s%2bad%2fFpCg2Dfdw8AU0OEKP0LqW2YgX%2fRv83L2mU4apLncg%2f4xEACeL3xtJVFBvjHetczNaapheKiAVW7U0dIQKC6h2ufx655o2RoZFfYB9vzb41Oq%2f4C82UFEDAuk4wSQ%2fmenTktF0k0HPTSG%2bTWeTSoY%3d; 1
default-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://c.disquscdn.com/ https://disqus.com/ https://apis.google.com/ https://usperform.atwix.com:*/;script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:  https://fonts.gstatic.com/; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src https: 'unsafe-inline'; report-uri //report-csp-violation 1
default-src 'self'; connect-src 'self' ws: sentry.io www.google-analytics.com https://api.stripe.com https://heapanalytics.com; font-src fonts.gstatic.com use.fontawesome.com https://heapanalytics.com; frame-src platform.twitter.com syndication.twitter.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; img-src * data: https://heapanalytics.com; script-src 'self' ajax.cloudflare.com cdn.syndication.twimg.com platform.twitter.com static.blockpartyapp.com static.cloudflareinsights.com www.googletagmanager.com *.youtube.com *.ytimg.com https://js.stripe.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-pvDGUTuliZJn_tPdNL1Gmg'; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com static.blockpartyapp.com ton.twimg.com use.fontawesome.com/releases/v5.6.0/css/all.css https://heapanalytics.com; manifest-src 'self' static.blockpartyapp.com 1
ALLOW-FROM https://www.googletagmanager.com 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.twitter.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.w.org *.facebook.com *.linkedin.com *.google-analytics.com *.youtube.com *.gravatar.com *.twitter.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.cloudflare.com *.twimg.com *.polyfill.io *.googleapis.com *.twitter.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.cloudflare.com *.gstatic.com data:; frame-src *.facebook.com *.youtube.com *.twitter.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://cdnjs.cloudflare.com https://www.google-analytics.com/ https://connect.facebook.net/ https://platform.twitter.com/ https://s7.addthis.com/ https://web.archive.org/ https://www.propietatdespiells.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://www.gstatic.com/ https://m.addthis.com/ https://www.google.com/ https://s.ytimg.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/recaptcha__en.js; img-src 'self' data: https://www.propietatdespiells.com/; object-src 'self' https://s7.addthis.com/; frame-src 'self' https://s7.addthis.com/; 1
default-src 'self' the.aztecgroup.co.uk player.vimeo.com *.player.vimeo.com *.vimeo.com *.google-analytics.com google-analytics.com *.doubleclick.net *.stats.g.doubleclick.net *.cdn.cookielaw.org *.cookielaw.org *.geolocation.onetrust.com *.onetrust.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.player.vimeo.com *.vimeo.com *.google-analytics.com google-analytics.com *.doubleclick.net *.stats.g.doubleclick.net *.cdn.cookielaw.org *.cookielaw.org *.geolocation.onetrust.com *.onetrust.com *.vimeo.com player.vimeo.com the.aztecgroup.co.uk https://snap.licdn.com *.pardot.com https://cdn.jsdelivr.net https://code.jquery.com https://s7.addthis.com https://graph.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.addthis.com https://addsearch.com https://app.addsearch.com https://s6.searchcdn.com https://stats.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.linkedin.com *.bizographics.com *.whoisvisiting.com *.facebook.net *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.fonts.googleapis.com *.fonts.net *.issuu.com https://r1.dotmailer-surveys.com https://secure.quantserve.com data: ; style-src 'self' 'unsafe-inline'  https://code.jquery.com *.tagmanager.google.com https://tagmanager.google.com https://addsearch.com https://app.addsearch.com https://s6.searchcdn.com https://stats.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.fonts.net; img-src * 'self' data: ; object-src 'none'; media-src *.vimeo.com *.akamaized.net; frame-src 'self' the.aztecgroup.co.uk *.pardot.com *.facebook.com https://*.addthis.com https://r1.dotmailer-surveys.com *.google.com *.vimeo.com *.issuu.com; font-src 'self' data: ; 1
urbanohio.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.profile.es/ https://profile.es/ https://cdn.knightlab.com/ https://cdn.ampproject.org/ http://optimize.google.com; img-src 'self' data: https://secure.gravatar.com/ https://gpsites.co/ https://www.profile.es/ https://profile.es/; object-src 'self' data: https://www.profile.es/ https://profile.es/; frame-src 'self' data: https://www.profile.es/ https://profile.es/; form-action 'self' data: https://www.profile.es/ https://profile.es/; 1
frame-ancestors 'self' localhost:* *.tason.com 1
frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' piwik.bodegraven-reeuwijk.nl https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 app.trengo.eu; object-src 'self'; style-src 'self' 'unsafe-inline' app.trengo.eu; img-src 'self' piwik.bodegraven-reeuwijk.nl data: https://*.giphy.com https://s3.eu-central-1.amazonaws.com https://trengo.s3.eu-central-1.amazonaws.com; media-src 'self' https://static.widget.trengo.eu; frame-src 'self' bodegravenreeuwijk.kaartviewer.nl; frame-ancestors 'self' bodegravenreeuwijk.kaartviewer.nl piwik.bodegraven-reeuwijk.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com s3.eu-central-1.amazonaws.com; connect-src 'self' https://api.widget.trengo.eu https://gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com app.trengo.eu; report-uri /report-csp-violation 1
base-uri 'self'; default-src 'none'; connect-src 'self' https://bam.nr-data.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com; frame-ancestors 'none'; img-src 'self' blob: data:; media-src; object-src 'none'; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net 'nonce-2ec6e35a8869d572f6a47f5fc9835c608c1ef318b260a6f4f3bbe5a30b0896cd'; style-src 'self' https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css https://fonts.googleapis.com/; report-uri https://staysafeapp.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://video.figure.nz https://a.tiles.mapbox.com https://api.rollbar.com; font-src 'self' data:; img-src 'self' data: https://video.figure.nz https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com; media-src https://video.figure.nz; script-src 'self' https://cdnjs.cloudflare.com https://static.woopra.com https://www.woopra.com https://code.jquery.com https://cdn.rawgit.com https://api.mapbox.com 'nonce-ebru3hpMCdkpUQs3Feu__g'; style-src 'self' 'unsafe-inline' https://api.mapbox.com; worker-src blob:; report-uri https://figurenz.report-uri.com/r/d/csp/enforce 1
default-src 'self' ; script-src 'self' 'nonce-TjJabE5HRmtOelJqWWpoaFpEZzQ=' piwik.vught.nl 'nonce-WXpneU5tTXhPVEF4TkdGak4yWTI=' 'nonce-WVRWak9EVmhZMll4TlRoaVpXTXg='; object-src 'self'; style-src 'self'; img-src 'self' data: piwik.vught.nl www.toegankelijkheidsverklaring.nl; media-src 'self'; frame-src 'self'; frame-ancestors 'self' piwik.vught.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com fonts.gstatic.com; connect-src 'self' piwik.vught.nl; report-uri /report-csp-violation 1
frame-ancestors https://*.communaute-paysbasque.fr 1
default-src 'self' ; script-src 'self' 'nonce-TTJReU5qSTRZamhpWVRNM1ptVmo=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com www.googletagmanager.com *.google-analytics.com 'nonce-WTJWaVpHTTJNMkkyTTJNM01EQmg=' 'nonce-WTJNeE9HSTJNVGswTjJSbFlqZzQ='; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.google-analytics.com *.gstatic.com; media-src 'self'; frame-src 'self' *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.ionicframework.com; connect-src 'self' *.siteimprove.com *.servmetric.com *.google-analytics.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ http://e.issuu.com/embed.js; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ http://e.issuu.com/embed.js; 1
default-src 'self'; object-src 'self' https://pts.galaxyexperte.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.galaxyexperte.de https://umfrage.galaxyexperte.de https://pts.galaxyexperte.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.galaxyexperte.de https://stats.galaxyexperte.de https://imagepool.galaxyexperte.de https://pts.galaxyexperte.de; script-src 'strict-dynamic' 'nonce-8fd9c7ed6904f1e0722ff354808c90cb' 'nonce-f34df2a57cb757d9bd15dcf7d19db834' 'nonce-c8ae739a648f307e893b69c6cc5d854d' 'nonce-9ee18a40d53fbc8327b4bff911b0becf' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.galaxyexperte.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; media-src 'self' https://imagepool.galaxyexperte.de; script-src-elem 'strict-dynamic' 'nonce-8fd9c7ed6904f1e0722ff354808c90cb' 'nonce-f34df2a57cb757d9bd15dcf7d19db834' 'nonce-c8ae739a648f307e893b69c6cc5d854d' 'nonce-9ee18a40d53fbc8327b4bff911b0becf' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none'; default-src 'self' https://p.scdn.co; child-src https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://admin.spotlight.prod.fined.io; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.plyr.io https://noembed.com https://vimeo.com https://apps.ticketmatic.com; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://i.ytimg.com https://i.vimeocdn.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn.plyr.io https://www.youtube.com https://s.ytimg.com https://player.vimeo.com 'nonce-afe68ef8df1d3b98' 'unsafe-inline' 'strict-dynamic'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://cdn.plyr.io 'nonce-afe68ef8df1d3b98'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.infotechexpress.com infotechinc.zendesk.com *.zdassets.com *.google-analytics.com *.stripe.com *.cloudflare.com 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net fonts.googleapis.com youtube.com *.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com cdn.rawgit.com otp.tools.investis.com https://sc.lfeeder.com https://staticcontents.investisdigital.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com youtube.com brightcove.hs.llnwd.net; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com otp.tools.investis.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src *; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups allow-pointer-lock 1
default-src 'self'  https://d.adroll.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/  https://maps.gstatic.com/ https://www.yellowmap.de/ https://www.google.com/  https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.usercentrics.eu/ https://aggregator.service.usercentrics.eu https://app.usercentrics.eu/ https://graphql.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/ https://*.readspeaker.com/ https://www.googletagmanager.com/; font-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com  https://fonts.gstatic.com/ data:; style-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com/; script-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com/ https://s.adroll.com/ https://d.adroll.com/ https://connect.facebook.net/ https://track.adform.net/  https://s2.adform.net/ https://www.google-analytics.com/ https://amplify.outbrain.com/ https://d.adroll.mgr.consensu.org/  https://googleads.g.doubleclick.net/   https://www.google.com/ https://www.google.de/ https://api.ipify.org/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.yellowmap.de/ https://www.googleadservices.com/ https://consent.cookiebot.com https://www.youtube.com/iframe_api/ https://googleads.g.doubleclick.net  https://d.adroll.mgr.consensu.org https://tr.outbrain.com/ https://privacy-proxy.usercentrics.eu https://app.usercentrics.eu;img-src 'self' data: https://www.facebook.com https://www.google-analytics.com  https://googleads.g.doubleclick.net/ https://tr.outbrain.com/ https://app.usercentrics.eu/ https://img.usercentrics.eu/; 1
default-src 'self' https://fujifilm-connect.com; script-src 'self' https://fujifilm-connect.com *.google.com https://googleads.g.doubleclick.net 'unsafe-inline' data: https://cdn.cookielaw.org https://iframe-service.sales-promotions.com https://use.typekit.net  https://cdnjs.cloudflare.com  https://brigh11230.pcapredict.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/modernizr/ *.bootstrapcdn.com https://code.jquery.com https://cdn.datatables.net https://js-agent.newrelic.com/nr-1198.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/ https://cdn.ckeditor.com https://cdnjs.cloudflare.com/ajax/libs/summernote/ https://cdn.jsdelivr.net/npm/summernote@0.8.18/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://www.googletagmanager.com https://connect.facebook.net; object-src 'self' https://fujifilm-connect.com; style-src 'self' https://fujifilm-connect.com 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com  https://cdnjs.cloudflare.com https://cdn.datatables.net https://services.postcodeanywhere.co.uk https://maxcdn.bootstrapcdn.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/ https://cdnjs.cloudflare.com/ajax/libs/summernote/ https://cdn.jsdelivr.net/npm/summernote@0.8.18/ https://use.fontawesome.com https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.14/; img-src 'self' https://fujifilm-connect.com https://www.facebook.com https://www.gstatic.com data: https://www.google-analytics.com https://platform-lookaside.fbsbx.com; media-src 'self'; frame-src 'self' https://fujifilm-connect.com *.sales-promotions.com https://my.matterport.com; font-src 'self' data: https://fujifilm-connect.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.typekit.net https://maxcdn.bootstrapcdn.com *.sales-promotions.com https://cdnjs.cloudflare.com/ajax/libs/summernote/ https://cdn.jsdelivr.net/npm/summernote@0.8.18/ https://use.fontawesome.com; connect-src 'self' https://fujifilm-connect.com https://facebook.com  *.typekit.net https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://privacyportal-eu.onetrust.com; frame-ancestors 'self' https://fujifilm-connect.com; 1
img-src * https://www.google-analytics.com/ data: ; default-src *; script-src www.globalballooning.com.au cn.globalballooning.com.au 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.facebook.com *.fbcdn.net *.fbcdn.net *.facebook.net *.youtube.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.XYX *.google.com *.google.fr  *.googleadservices.com *.gstatic.com   *.akamaihd.net *.tawk.to cdn.jsdelivr.net data: ; frame-src *.tawk.to *.googletagmanager.com *.youtube.com *.vimeo.com *.securepay.com.au *.weatherlink.com *.facebook.com; style-src * 'unsafe-inline' ; connect-src www.globalballooning.com.au cn.globalballooning.com.au   *.facebook.com *.fbcdn.net *.facebook.net *.googleadservices.com *.google.fr *.doubleclick.net *.akamaihd.net ws://*.facebook.com:* *.tawk.to wss://*.tawk.to https://www.google-analytics.com/; 1
frame-src afwerxchallenge.com * hsvtol.afwerx.com 1
frame-ancestors 'self' https://csmia.adaniairports.com 1
default-src 'self'; child-src 'self' *.youtube.com *.bayern.de; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://*.mul-pay.jp https://s.yimg.jp https://fonts.gstatic.com https://*.impact-ad.jp https://*.im-apps.net https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.google.co.jp https://static.line-scdn.net https://*.line.me; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://*.impact-ad.jp https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://b91.yahoo.co.jp; 1
script-src 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google-analytics.com tech-connect.biz ads.exoclick.com main.exoclick.com syndication.exoclick.com; 1
allow 'self'; gtp.com.au 1
frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.wagnergroup.com *.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com vjs.zencdn.net hello.myfonts.net snap.licdn.com http://*.hotjar.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click http://siteimproveanalytics.com 'unsafe-eval'; style-src 'unsafe-inline' 'self' fonts.googleapis.com vjs.zencdn.net hello.myfonts.net; img-src 'self' data: www.wagnergroup.com www.google-analytics.com maps.googleapis.com csi.gstatic.com maps.gstatic.com stats.g.doubleclick.net px.ads.linkedin.com http://*.hotjar.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click http://ssl.siteimprove.com; connect-src 'self' www.youtube.com stats.g.doubleclick.net www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; object-src 'self' www.youtube.com http://conv.indeed.com https://c.leadlab.click; frame-src 'self' www.youtube.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; child-src 'self' www.youtube.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; font-src 'self' data: vjs.zencdn.net fonts.gstatic.com; 1
default-src 'self' *.demdex.net *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com;        script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com *.googleapis.com *.googletagmanager.com *.twitter.com *.google-analytics.com *.twimg.com *.linkedin.com https://unpkg.com *.cloudflare.com 'unsafe-eval';        font-src 'self' *.gstatic.com;        style-src 'self' *.twimg.com 'unsafe-inline' *.googleapis.com *.twitter.com;        img-src data: 'self' *.youtube.com *.googleapis.com *.twitter.com *.twimg.com maps.gstatic.com *.everesttech.net *.demdex.net *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com *.google-analytics.com *.linkedin.com;        frame-src *;        connect-src *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com localhost *.google-analytics.com *.stats.g.doubleclick.net 1
script-src 'nonce-144791c7d8b541f1ae052c7abaa38507' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://*.sharethis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com/ajax/libs/es6-shim/0.35.3/es6-shim.min.js https://unpkg.com/vue@2.5.17/dist/vue.js https://unpkg.com/vee-validate@2.1.0-beta.9/dist/vee-validate.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.15.1/moment.min.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.bizographics.com https://*.linkedin.com https://dev.vwd-webtech.com https://business-customer.vwd.com https://www.surveygizmo.eu https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.youtube.com https://cdn.jsdelivr.net https://*.outbrain.com https://snap.licdn.com https://survey.alchemer.eu https://*.gstatic.com; object-src 'self' https://*.flickr.com; style-src 'self' 'unsafe-inline' https://*.sharethis.com https://*.hotjar.com https://www.surveygizmo.eu https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://*.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.bizographics.com https://*.google.com  https://*.google.be https://px.ads.linkedin.com https://*.sharethis.com http://*.sharethis.com https://www.surveygizmo.eu https://tr.outbrain.com https://www.eflavours.be; media-src 'self' http://*.vimeo.com https://*.vimeo.com https://*.youtube.com; frame-src 'self' https://*.vimeo.com https://*.youtube.com https://*.sharethis.com https://c.sharethis.mgr.consensu.org https://*.deltalloydlife.be https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.eflavours.be https://fonts.gstatic.com; connect-src 'self'  https://*.sharethis.com https://*.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://dev.vwd-webtech.com https://business-customer.vwd.com https://*.google-analytics.com; report-uri /en/report-csp-violation 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr; 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditscorechoice.com *.pushnami.com static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io www.googleadservices.com; style-src 'self' 'unsafe-inline' *.creditscorechoice.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.creditscorechoice.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.pushnami.com *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; frame-ancestors http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; frame-src http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.google.com; font-src data: 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee fonts.gstatic.com; style-src 'unsafe-inline' 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee fonts.googleapis.com; connect-src 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.google-analytics.com stats.g.doubleclick.net; img-src blob: data: 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee https://www.trueweb.ee http://www.trueweb.ee stats.g.doubleclick.net ssl.google-analytics.com www.google-analytics.com www.google.com www.google.ee www.facebook.com; script-src 'unsafe-inline' 'unsafe-eval' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.gstatic.com www.google.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com connect.facebook.net www.facebook.com; base-uri 'self'; form-action 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.typekit.net;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.google-analytics.com *.linkedin.com *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.licdn.com *.hotjar.com *.amazonaws.com *.list-manage.com *.pardot.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net *.mailchimp.com;report-uri /csp/violation/report;connect-src *.google-analytics.com 'self' *.doubleclick.net *.hotjar.com wss:;frame-src www.youtube.com *.vimeo.com www.google.com *.pcon-solutions.com *.hotjar.com mozbar.moz.com blob: *.facebook.com;media-src player.vimeo.com vod-progressive.akamaized.net extremis.dev.dukeandgrace.site 'self' *.cloudfront.net;script-src-elem *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.google.com *.licdn.com *.hotjar.com *.amazonaws.com *.list-manage.com *.pardot.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com;style-src-elem fonts.googleapis.com *.typekit.net *.google.com *.mailchimp.com 'self' 'unsafe-inline' 1
default-src * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: http://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net; script-src 'strict-dynamic' 'nonce-af25d187361cc93e9e4735757aba17b7' 'nonce-664f50bf7e2e62711f4361b0b91667ca' 'nonce-8b57ce0927fd783ccf26cdd7a8c92a54' 'nonce-fd0d2fceae000d4e9109493a12647337' 'nonce-0961b21a2392716b9be814065dbe9d50' 'nonce-6c3d64d2a71044fdc011d232552be453' 'nonce-02094d101d2c18dcaea27c98222b58b1' 'nonce-63e2619b1cac12a92824a6bdd3bfaccb' 'nonce-64b487f1d13b8c0a00c8106ef1c193ba' 'nonce-47abfc56b5a84d20d8bd39e23d848a75' 'self' https:; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-af25d187361cc93e9e4735757aba17b7' 'nonce-664f50bf7e2e62711f4361b0b91667ca' 'nonce-8b57ce0927fd783ccf26cdd7a8c92a54' 'nonce-fd0d2fceae000d4e9109493a12647337' 'nonce-0961b21a2392716b9be814065dbe9d50' 'nonce-6c3d64d2a71044fdc011d232552be453' 'nonce-02094d101d2c18dcaea27c98222b58b1' 'nonce-63e2619b1cac12a92824a6bdd3bfaccb' 'nonce-64b487f1d13b8c0a00c8106ef1c193ba' 'nonce-47abfc56b5a84d20d8bd39e23d848a75' 'self' https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.google.de *.google.com *.gstatic.com *.cookiebot.com *.commerce-connector.com; img-src 'self' data: *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.google.de *.google.com *.gstatic.com *.commerce-connector.com *.commerce-connector.de; frame-src 'self' *.youtube.com *.cookiebot.com *.commerce-connector.com *.google.com 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.jquery.com *.cloudfront.net *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.cloudflare.com *.jobvite.com *.googleapis.com *.linkedin.com *.cloudfront.net *.bugherd.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.bugherd.com *.cloudfront.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.wpengine.com *.relevanssi.com *.googleapis.com *.s3.amazonaws.com *.cloudfront.net; connect-src 'self' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.s3.amazonaws.com *.yoast.com *.bugsnag.com *.pusherapp.com *.bugherd.com *.pusher.com; frame-src 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.jobvite.com; frame-ancestors 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.jobvite.com; media-src 'self' ; form-action 'self' ; default-src 'self' *.googleapis.com *.google-analytics.com *.g.doubleclick.net; upgrade-insecure-requests; 1
default-src 'self' https: 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval' https://code.jquery.comv https://ajax.googleapis.com; img-src 'self' 'unsafe-inline' https: data:; frame-src 'self' 'unsafe-inline' https://plusone.google.com https://facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://js.driftt.com https://share.transistor.fm https://players.brightcove.net https://secureacceptance.cybersource.com/ https://s7.addthis.com https://6cdc87b6-64bc-43f1-a9a8-22a29a3ff0b3.widget.cluster.groovehq.com http://iidrupal8.dev.dd:8083 https://dev.iinetworks.com https://stg.iinetworks.com https://www.iinetworks.com https://iinetworks.com https://iin-dev.eu.auth0.com https://iin-stg.eu.auth0.com https://iin-prd.eu.auth0.com https://local.iiconferences.com:8443 https://dev.iiconferences.com https://stg.iiconferences.com https://www.iiconferences.com https://www.iimemberships.com https://www.iiresearch.com https://www.iiforums.com https://www.ttivanguard.com https://www.iiresearch.com https://pollev-embeds.com/ https://embed.polleverywhere.com https://twitter.com; frame-ancestors http://iidrupal8.dev.dd:8083 https://dev.iinetworks.com https://stg.iinetworks.com https://www.iinetworks.com https://iinetworks.com https://iin-dev.eu.auth0.com https://iin-stg.eu.auth0.com https://iin-prd.eu.auth0.com https://local.iiconferences.com:8443 https://dev.iiconferences.com https://stg.iiconferences.com https://www.iiconferences.com https://www.iimemberships.com https://www.iiresearch.com https://www.iiforums.com https://www.ttivanguard.com https://www.iiresearch.com; child-src blob: https://plusone.google.com https://facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://js.driftt.com https://share.transistor.fm https://s7.addthis.com https://code.jquery.com http://iidrupal8.dev.dd:8083 https://dev.iinetworks.com https://stg.iinetworks.com https://www.iinetworks.com https://iinetworks.com https://iin-dev.eu.auth0.com https://iin-stg.eu.auth0.com https://iin-prd.eu.auth0.com https://local.iiconferences.com:8443 https://dev.iiconferences.com https://stg.iiconferences.com https://www.iiconferences.com https://www.iimemberships.com https://www.iiresearch.com https://www.iiforums.com https://www.ttivanguard.com https://www.iiresearch.com; font-src 'self' 'unsafe-inline' https: data:; report-uri /report-csp-violation 1
upgrade-insecure-requests;form-action 'self' https://www.createsend.com https://static.zdassets.com *.zdassets.com;frame-ancestors 'self'; object-src 'self';script-src *.zdassets.com 'unsafe-inline' 'self' https://secure.leadforensics.com https://assets.calendly.com https://js.createsend1.com https://www.googletagmanager.com https://player.vimeo.com/ https://apis.google.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.com https://www.gstatic.com;child-src 'self' http://www.google-analytics.com;worker-src 'self' blob: data:;frame-src 'self' https://secure.leadforensics.com https://www.youtube.com https://www.youtube-nocookie.com https://calendly.com https://www.google.com https://app.hegias.com https://player.vimeo.com;font-src * 'self' https://player.vimeo.com/video/keepersecret.woff data:; 1
allow *; script-src 'self' https://www.ibs.re.kr; object-src http://maps.google.com; object-src https://www.google.co.kr/; object-src http://html5shiv.googlecode.com; object-src http://www.facebook.com; object-src https://twitter.com; object-src https://www.google-analytics.com/;object-src https://www.google.com; report-uri /csp-report-endpoint/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://history.steem-engine.net https://servedby.revive-adserver.net https://pagead2.googlesyndication.com https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.steem-engine.net https://scot-api.steem-engine.net https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us https://apisct.cloud; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vrmwb.nl www.googletagmanager.com *.google-analytics.com *.readspeaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' *.google-analytics.com *.openstreetmap.org data:; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; connect-src 'self' *.google-analytics.com *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:;img-src 'self' data: https: 1
default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.tyrolia.com https://*.head-test.com https://head.testing-varnish.symmetrics.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: https://fia-tech.com http://www.greatplacetowork.com; object-src 'self' data: ; frame-src 'self' data: ; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis.com *.rawgit.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net viz.tools.investis.com *.rawgit.com ; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com  viz.tools.investis.com; frame-src 'self' *.investis.com www.google.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com viz.tools.investis.com ; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src https://www.googletagmanager.com/ns.html https://online.worldpay.com https://www.youtube.com https://e.issuu.com https://widgets.doctify.co.uk https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https://kingedwardvii.us8.list-manage.com https://online.worldpay.com https://www.facebook.com; frame-ancestors 'none'; img-src 'self' https://www.cqc.org.uk https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://www.google-analytics.com https://secure.gravatar.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ssl.gstatic.com https://img.youtube.com https://www.facebook.com https://px.ads.linkedin.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.cqc.org.uk https://cdn.worldpay.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://tagmanager.google.com https://www.gstatic.com https://www.google.co.uk https://widgets.doctify.co.uk https://connect.facebook.net https://static-ssl.responsetap.com https://metrics.responsetap.com https://snap.licdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://www.cqc.org.uk https://tagmanager.google.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.jquery.com *.google.com *.gstatic.com *.googletagmanager.com  *.google-analytics.com; object-src 'self' www.google-analytics.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'unsafe-eval' ; img-src 'self' *.googleapis.com *.google-analytics.com legal.bbulibrary.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com 192.168.2.248 dev.nixa.ca:8248; font-src 'self' *.gstatic.com *.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.youtube.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com netdna.bootstrapcdn.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com www.google-analytics.com secure.gravatar.com; connect-src 'self' *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net; frame-src 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net www.youtube.com; frame-ancestors 'self' *.g.doubleclick.net *.google.com *.fls.doubleclick.net www.youtube.com; media-src 'self' ; form-action 'self' ; default-src 'self' www.google-analytics.com; upgrade-insecure-requests; 1
script-src 'nonce-e2082f62e9a04ef490d2fa08abb6654e' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' 'unsafe-inline';img-src 'self' 'unsafe-inline' data: optanon.blob.core.windows.net www.google-analytics.com www.gstatic.com; media-src 'self' 'unsafe-inline';font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com optanon.blob.core.windows.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com  stackpath.bootstrapcdn.com fonts.googleapis.com;script-src 'nonce-{NONCE}' 'nonce-{NONCE}' 'self' 'unsafe-inline' www.google.com www.gstatic.com static.addtoany.com www.googletagmanager.com www.google-analytics.com code.jquery.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com optanon.blob.core.windows.net rum-static.pingdom.net;frame-src 'self' 'unsafe-inline' www.youtube.com player.vimeo.com www.podbean.com 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 1
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bibliocms.com *.bibliocms.com bibliocms.com *.bibliocms.com http://bibliocms.com; 1
style-src 'self' http://fonts.googleapis.com/css 'unsafe-inline'; 1
default-src 'self' https://www.googletagmanager.com https://use.fontawesome.com https://*.youtube.com https://www.google-analytics.com https://*.googlevideo.com 1
default-src 'self' ;script-src data: 'self' 'unsafe-eval' 'nonce-gh0H2y06ZLsOvQNx' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net ;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net ;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
: default-src 'self'; script-src 'self' 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.maps.yandex.net https://yastatic.net https://cdn.antisov.ru https://top-abd.mail.ru https://*.jivosite.com https://top-fwz1.mail.ru/js/code.js cdn.rees46.com/v3.js *.embedly.com *.gstatic.com *.ably.io http://api-maps.yandex.ru https://api-maps.yandex.ru *.beeline.ru *.google.kz *.google.com https://mc.yandex.ru www.facebook.com staticxx.facebook.com stats.g.doubleclick.net www.googletagmanager.com images.weserv.nl https://cdn.ably.io cdn.ably.io dl.metabar.ru *.dadata.ru vk.com *.toysfest.ru https://www.google.com https://www.google.ru *.googleapis.com www.googletagmanager.com connect.facebook.net www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru cdn.mxpnl.com cdn.ably.io; child-src 'self' *.jivosite.com *.gstatic.com https://api-maps.yandex.ru http://awaps.yandex.ru mc.yandex.ru https://www.facebook.com https://staticxx.facebook.com stats.g.doubleclick.net www.googletagmanager.com images.weserv.nl cdn.ably.io dl.metabar.ru *.dadata.ru https://www.youtube.com https://www.google.com https://www.google.ru *.facebook.com *.youtube.com 1
default-src 'self' 'unsafe-inline' *.sernet.de; style-src 'self' 'unsafe-inline'; img-src 'self' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net www.google-analytics.com *.investis.com https://www.google-analytics.com geoid.investisdigital.com https://cookiemanager.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
script-src 'self' *.google.com *.gstatic.com; upgrade-insecure-requests 1
script-src 'self' https://kielikello.disqus.com https://c.disquscdn.com https://disqus.com https://m.addthisedge.com https://m.addthis.com https://kielikello.disqus.com https://sprakbruk.disqus.com https://s7.addthis.com https://www.google-analytics.com https://v1.addthis.com https://v1.addthisedge.com https://z.moatads.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' https:; object-src 'self' https:; style-src 'self' 'unsafe-inline' https:; img-src *; media-src 'self' https:; child-src 'self' https:; font-src *; connect-src * 1
base-uri 'self'; default-src 'self'; child-src https://www.googletagmanager.com/ns.html https://www.youtube.com https://vars.hotjar.com https://forms.hsforms.com https://www.google.com https://app.hubspot.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubspot.com https://forms.hubspot.com https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://o2.mouseflow.com https://forms.hsforms.com https://*.hubapi.com https://www.googleadservices.com https://*.google.co.uk https://*.google.nl; font-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self'; img-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://*.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://secure.gravatar.com https://track.hubspot.com https://forms.hsforms.com https://*.hsforms.com https://*.hubspotusercontent40.net https://no-cache.hubspot.com https://*.ads.linkedin.com https://*.google.nl blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://ajax.googleapis.com https://secure.leadforensics.com https://www.googleadservices.com https://forms.hsforms.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://js.hsforms.net https://js.usemessages.com https://js.hscollectedforms.net https://cdn.mouseflow.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://js.hsadspixel.net https://*.hsleadflows.net https://js.hubspot.com https://*.hubspot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/giles; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self'; frame-ancestors 'self' 1
default-src 'self'; frame-src 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://widgets.ebscohost.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://cdnjs.cloudflare.com/ https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://translate.googleapis.com https://feeds.trac.jobs/ 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.google-analytics.com *.abtasty.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com; img-src *; child-src https://mfhcms.assurant.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://mfhcms.assurant.com 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src wss://ws.beechat.hive-engine.com https://beechat.hive-engine.com https://accounts.hive-engine.com https://history.steem-engine.net https://servedby.revive-adserver.net https://anyx.io https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.hive-engine.com https://api.steem-engine.net https://scot-api.hive-engine.com https://scot-api.steem-engine.net https://steemitimages.com https://images.hive.blog securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com https://api.hive.blog api.blocktrades.us https://hivesigner.com https://pagead2.googlesyndication.com http://adservice.google.com https://www.google-analytics.com https://api.openhive.network https://www.reddit.com https://gist.github.com; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com cdn.embedly.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net servedby.revive-adserver.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com; report-uri /api/v1/csp_violation 1
default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1
default-src 'self'; object-src 'self' https://pts.discotel.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.discotel.de https://umfrage.discotel.de https://pts.discotel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.discotel.de https://stats.discotel.de https://imagepool.discotel.de https://pts.discotel.de; script-src 'strict-dynamic' 'nonce-65a7f3eac6b9590c89ea7cb9a7481374' 'nonce-c40a34c22d3d813e6fe8a1caea955d3e' 'nonce-f4e38fd06218110ea892b32a63aafe50' 'nonce-8ad0aff265a799bb105149db3c5aed0d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.discotel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-65a7f3eac6b9590c89ea7cb9a7481374' 'nonce-c40a34c22d3d813e6fe8a1caea955d3e' 'nonce-f4e38fd06218110ea892b32a63aafe50' 'nonce-8ad0aff265a799bb105149db3c5aed0d' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.jsdelivr.net p.typekit.net; img-src 'self' *.google-analytics.com; media-src 'self'; frame-src 'self' *.google.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' *.youtube-nocookie.com; font-src 'self' themes.googleusercontent.com use.typekit.net fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1
default-src wss://ws.ttsep.com/ accounts.google.com 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 1
allow 'self' ssl.daumcdn.net; 1