Values for x-content-security-policy: default-src 'self'; img-src *; media-src * data:; 1,081 frame-ancestors 'self' 393 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookiepro.com https://*.onetrust.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiepro.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://*.cookiepro.com; style-src 'self' 'unsafe-inline' 49 allow 'self'; 43 default-src 'self'; script-src 'self'; 42 img-src *; media-src * data:; 36 report-uri /report-csp-violation; upgrade-insecure-requests 32 report-uri /report-csp-violation 31 default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 31 default-src 'self' 'unsafe-inline' 30 upgrade-insecure-requests; 29 default-src 'self' 20 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob: 17 allow 'self'; media-src *; img-src *; script-src *; style-src *; 16 upgrade-insecure-requests 13 default-src 'self'; 12 default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 12 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; worker-src 'self' blob:; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; report-to https://glsgroup.report-uri.io/r/default/csp/enforce; 11 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 11 frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self' 11 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 11 default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 10 frame-ancestors 'none' 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 8 frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 8 frame-ancestors 'self'; 8 script-src 'self' 7 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://js.adsrvr.org https://go.affec.tv https://bat.bing.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://snap.licdn.com https://tracking.g2crowd.com https://connect.facebook.net *.visualwebsiteoptimizer.com https://app.vwo.com *.sharethis.com https://unpkg.com https://d1hgczpbubj217.cloudfront.net https://app-static.turtl.co https://js.zi-scripts.com *.mutinycdn.com https://www.clarity.ms https://scripts.clarity.ms *.roundprinceweb.com https://www.redditstatic.com https://go.proofpoint.com https://www.google.com https://www.gstatic.com https://www.buzzsprout.com *.vimeocdn.com https://storage.googleapis.com https://js.navattic.com *.qualified.com https://wpaassets.blob.core.windows.net *.youtube.com vimeo.com *.vimeo.com cdn.cookielaw.org *.onetrust.com *.proofpoint.com https://live.rezync.com; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: blob: *; media-src 'self' *.qualified.com; frame-src 'self' 'unsafe-inline' *; frame-ancestors 'self' app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob: *.qualified.com; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 6 allow-scripts allow-popups allow-same-origin; 6 sandbox allow-scripts allow-popups allow-same-origin; 6 default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 6 frame-ancestors https://*.ptc.com https://livesocial.seismic.com https://*.qualified.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com https://support.rockwellautomation.com 5 default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 5 default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; 5 default-src 'self' *.google.com *.axa-assistance.cz *.axa-assistance.sk *.axa-assistance.pl *.axa-assistance.at *.axa-assistance.hu *.axa-assistance.de 5 self 4 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 4 frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 4 frame-ancestors www.red-gate.com; 3 block-all-mixed-content 3 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.wikimedia.org *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 3 nosniff 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 3 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 3 default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; frame-src 'none'; upgrade-insecure-requests; 3 default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com energieag.cdn.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com static.cloudflareinsights.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com *.openstreetmap.org *.tiktok.com *.tiktokw.us *.snapchat.com *.adnxs.com 'unsafe-inline' 'unsafe-eval' data: 3 frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu account.everygame.eu 3 block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 3 frame-ancestors 'self' localhost:* *.tason.com 3 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /log-report-uri/enforce 3 default-src https: data: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at https://*.google-analytics.com https://*.google.com https://*.google.at https://*.doubleclick.net https://*.youtube.com https://youtu.be https://*.ytimg.com https://*.facebook.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.g.doubleclick.net https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li https://cdn.growify.ai https://capi-automation.s3.us-east-2.amazonaws.com; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu https://*.google.bg https://*.googletagmanager.com; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/ https://pagead2.googlesyndication.com https://us-central1-growify-346505.cloudfunctions.net https://*.legalweb.io; report-uri /report-csp-violation 3 frame-ancestors *; report-uri /report-csp-violation 3 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /log-report-uri/enforce 3 frame-ancestors https://app.storyblok.com/ 3 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 3 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.quarticon.com/ https://info.quarticon.com/; img-src 'self' data: blob: https://s.w.org/ https://secure.gravatar.com/ https://cdn.pixabay.com/ https://*.quarticon.com/ https://quarticon.com/; object-src 'self' data: blob: https://*.quarticon.com/ https://info.quarticon.com/; frame-src 'self' data: blob: https://*.quarticon.com/ https://info.quarticon.com/; 3 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 3 default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 3 default-src 'self' *.destatis.de *.bewacherregister.de; base-uri 'self' *.bewacherregister.de; connect-src 'self' *.destatis.de interamt.de piwik.itzbund.de *.bewacherregister.de; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de *.bewacherregister.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.destatis.de piwik.itzbund.de doo.net *.bundesbots.de *.bewacherregister.de;font-src 'self' 'unsafe-eval' 'unsafe-inline' *.destatis.de *.bundesbots.de *.bewacherregister.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de *.bundesbots.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org *.destatis.de piwik.itzbund.de *.bundesbots.de ; child-src blob: *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ *.bundesbots.de www9.idev.nrw.de www.idev.nrw.de storymaps.arcgis.com stba.maps.arcgis.com *.dashboard-deutschland.de shinymikrosimapp.azurewebsites.net start.video-stream-hosting.de data: ; img-src 'self' data: blob: *.destatis.de piwik.itzbund.de *.bundesbots.de *.bewacherregister.de; frame-ancestors 'self' *.destatis.de statistikportal.bwl.doi-de.net *.statistikportal.de ; upgrade-insecure-requests; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' redditstatic.com *.reddit.com *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com code.jquery.com *.pinterest.com *.pinimg.com *.knotch-cdn.com *.contentsquare.net app.contentsquare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com *.virtualearth.net cdn.ckeditor.com *.google.com *.evergage.com code.jquery.com *.pinterest.com *.pinimg.com *.knotch-cdn.com *.contentsquare.net app.contentsquare.com *.redditstatic.com *.reddit.com; object-src none; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com *.googletagmanager.com *.pinterest.com csxd.edwardjonesinvestintomorrow.ca csxd.edwardjonesretirementready.ca csxd.letsmeetedwardjones.ca csxd.helloedwardjones.ca csxd.edwardjoneslongtermhealthcare.ca; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com 2 frame-ancestors 'self' *.boursobank.com; object-src *.boursorama.com *.boursobank.com *.brsimg.com 2 frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2 base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2 default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://static.zdassets.com https://gpt.avm.botario.com https://www.gravatar.com https://cdn.plyr.io ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com https://cdn.plyr.io blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com wss://widget-mediator.zopim.com wss://pod-28.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com wss://gpt.avm.botario.com https://cdn.plyr.io ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://widget-mediator.zopim.com https://gpt.avm.botario.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com https://gpt.avm.botario.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.ws.apsis.one *.apsis.one static.ws.apsis.one *.contentsquare.net *.bing.com *.doubleclick.net *.googleadservices.com *.clarity.ms capi-automation.s3.us-east-2.amazonaws.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com bat.bing.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com *.bing.com *.doubleclick.net; media-src 'self' blob: data: *.mediaflow.com; frame-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com audience.ws.apsis.one *.contentsquare.net *.bing.com *.doubleclick.net *.googleadservices.com *.bing.net *.googlesyndication.com *.clarity.ms pagead2.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de *.stage.bio; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data: *.stage.bio; script-src 'self' 'unsafe-inline' 'unsafe-eval' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com *.stage.bio 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googlesyndication.com www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.instagram.com/embed.js https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://vimeo.com https://prismic.io https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://va.vercel-scripts.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live https://us-central1-relyance-ext.cloudfunctions.net https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com https://onelinksmartscript.appsflyer.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://www.googletagmanager.com *.tiktok.com *.ttwstatic.com *.onetrust.com 'unsafe-inline'; connect-src 'self' https://*.googlesyndication.com www.googletagmanager.com https://www.facebook.com https://www.google.com/ https://connect.facebook.net https://app-backend.toolsforhumanity.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://vault.pactsafe.io https://secure.ethicspoint.com https://geolocation.onetrust.com https://metrics.worldcoin.org https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://player.vimeo.com https://vimeo.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://us-central1-relyance-ext.cloudfunctions.net https://fleet.orb.worldcoin.org https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com https://impressions.onelink.me https://engagements.appsflyersdk.com https://app.appsflyersdk.com https://tiles.openfreemap.org https://demotiles.maplibre.org https://assets.orbapp.world.org https://assets.orbapp.worldcoin.org world.org *.vimeocdn.com *.gstatic.com *.tiktokw.us *.tiktok.com *.ttwstatic.com *.onetrust.com; worker-src 'self' blob:; img-src 'self' blob: data: www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://staging.world-id-assets.com https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://raw.githubusercontent.com https://i.ibb.co https://orbapp.worldcoin.org https://impressions.onelink.me https://assets.orbapp.world.org https://assets.orbapp.worldcoin.org world.org *.gstatic.com *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://raw.githubusercontent.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; frame-src 'self' https://www.googletagmanager.com/ https://connect.facebook.net https://www.facebook.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://www.instagram.com https://vimeo.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org https://td.doubleclick.net https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live world.org *.vimeocdn.com *.google.com 2 base-uri 'none';child-src 'self' https://*.twitch.tv https://*.youtube.com;connect-src * blob: data:;default-src 'self';font-src * data:;form-action 'self' *;frame-ancestors 'self' http://localhost:1337 https://*.games.gg https://thumbgen.games.gg;frame-src *;img-src * data: blob:;manifest-src 'self';media-src * data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vast.gg https://static.ads-twitter.com https://www.redditstatic.com https://connect.facebook.net https://gleam.io https://widget.gleamjs.io https://*.google-analytics.com https://vercel.live https://*.hotjar.com https://*.cookie3.co https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://cdn.blockpass.org https://do.featurebase.app https://metrics.games.gg https://t.games.gg https://insights.games.gg https://challenges.cloudflare.com https://ads.adthrive.com https://*.adthrive.com https://*.3lift.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googletagservices.com https://www.googleadservices.com https://*.googletagmanager.com https://ep2.adtrafficquality.google https://imasdk.googleapis.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://cdn.id5-sync.com https://*.cdn.optable.co https://ads.pubmatic.com https://*.sharethrough.com https://groundcontrol.rendering.sharethrough.com https://d9.flashtalking.com https://servedby.flashtalking.com https://*.flashtalking.com https://sb.scorecardresearch.com https://cdn.brandmetrics.com https://collector.brandmetrics.com https://cdn.confiant-integrations.net https://*.adform.net https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io https://*.consentmanager.net https://choices.truste.com https://*.rubiconproject.com https://fastlane.rubiconproject.com https://*.lkqd.net https://cs.lkqd.net https://c.aps.amazon-adsystem.com https://config.aps.amazon-adsystem.com https://static.cloudflareinsights.com https://pixel.adsafeprotected.com https://content.quantcount.com https://creative-measurement.quantcount.com https://pghub.io https://s0.2mdn.net https://*.safeframe.googlesyndication.com/ https://*.yahoo.com https://*.ybp.yahoo.com https://*.adsrvr.org https://*.criteo.com https://*.criteo.net https://*.indexexchange.com https://*.casalemedia.com https://*.openx.net https://*.openx.com https://*.sovrn.com https://*.lijit.com https://*.aidemsrv.com https://*.33across.com https://*.yieldmo.com https://*.medianet.com https://*.contextweb.com https://*.improvedigital.com https://*.smartadserver.com https://*.teads.tv https://*.outbrain.com https://*.taboola.com https://*.smaato.net https://*.bidswitch.com https://*.admixer.net https://*.adsafeprotected.com https://*.moatads.com https://*.doubleverify.com https://*.dv.tech https://*.fwmrm.net https://*.serving-sys.com https://*.undertone.com https://*.advertising.com https://*.adtech.de https://*.quantserve.com https://*.script.ac https://*.kayzen.io https://*.facebook.net https://*.ads-twitter.com https://mc.yandex.ru https://*.avct.cloud https://www.facebook.com https://analytics.twitter.com https://alb.reddit.com https://*.liadm.com https://*.sng.link https://*.postrelease.com https://*.1rx.io https://*.redditstatic.com https://*.polarcdn.com https://*.com https://*.net https://*.io blob:;style-src 'self' 'unsafe-inline' * blob:;worker-src 'self' blob:; 2 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 2 default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2 frame-ancestors * 2 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2 block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.azureedge.net *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.dynamics.com *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com hec-prod-drupalfiles.oos.cloudgouv-eu-west-1.outscale.com; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.azureedge.net *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.dynamics.com *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com hec-prod-drupalfiles.oos.cloudgouv-eu-west-1.outscale.com; font-src 'self' data:; report-uri /hec-report-csp-violation 2 default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.pstmn.io https://zer-poc.bzst.de *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 2 frame-ancestors 'none'; 2 frame-ancestors 'self'; report-uri /log-report-uri/enforce 2 default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.tremonia-dxp.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com yommaserver.synology.me:5001 *.sli.do *.cdninstagram.com *.fbcdn.net; frame-ancestors 'self'; 2 frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2 frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com http://muellershop.ch https://muellershop.ch http://*.muellershop.ch https://*.muellershop.ch http://asklio.ai https://asklio.ai http://*.asklio.ai https://*.asklio.ai http://weberprevost.ch https://weberprevost.ch http://*.weberprevost.ch https://*.weberprevost.ch 2 default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2 default-src 'self' https://analytics.mmlan.de; style-src 'self' https://analytics.mmlan.de/ 'sha256-VqWowlraFBNcw9MSUtRKR9wWVcfqnRco7jxuBHj8Y/o='; script-src 'self' https://analytics.mmlan.de; img-src 'self' data: https://analytics.mmlan.de/; 2 block-all-mixed-content; connect-src 'self' www.dreamland.be www.dreamland.nl https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.icecat.studio https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu https://ct.pinterest.com https://*.clarity.ms/ https://sst.dreamland.be https://sst.dreamland.nl https://froomle.dreamland.be https://froomle.dreamland.nl https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://*.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.icecat.studio https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://*.icecat.studio https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://vehicles-contest.com https://f1-contest.com https://desk.zoho.eu https://ar.salta.com https://www.googletagmanager.com https://td.doubleclick.net https://ct.pinterest.com https://*.cloudflare.com https://dreamlandbe.zohodesk.eu https://sst.dreamland.be https://sst.dreamland.nl https://*.g.doubleclick.net https://game.girls-contest.com https://myfootballstar.com https://lego-knvb.s3.eu-west-1.amazonaws.com; img-src 'self' data: about: www.dreamland.be www.dreamland.nl https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://*.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.icecat.studio https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com https://sst.dreamland.be https://sst.dreamland.nl https://vehicles-contest.com https://bat.bing.com https://bat.bing.net https://*.clarity.ms; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.icecat.studio https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com https://vehicles-contest.com; upgrade-insecure-requests 2 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 2 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com *.rainfocus.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 2 img-src ; media-src data:; 2 2 default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' www.youtube.com *.digiaccess.org feeds.kobo.com 2 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://*.stripe.com/ https://leadbooster-chat.pipedrive.com/ https://*.idea-commerce.com https://www.googleadservices.com/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hscollectedforms.net/ https://*.licdn.com/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://hsadspixel.net/ https://*.facebook.net/ https://cdnjs.cloudflare.com/ https://*.com/recaptcha/ https://*.clickguard.com/ https://*.googleadservices.com/ https://*.googlesyndication.com/ https://*.livechatinc.com/ https://*.chatwoot.com/ https://*.ideaerp.online/ https://*.bing.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://www.google.pl/ https://s.w.org/ https://googleadservices.com/ https://*.linkedin.com/ https://*.hsforms.com/ https://*.facebook.com/ https://*.hubspot.com/ https://*.clickguard.com/ https://*.googletagmanager.com/ https://fonts.gstatic.com/ https://*.livechatinc.com/ https://cdn.files-text.com/ https://cdn.static-text.com/ https://cdn.livechat-static.com/ https://*.ideaerp.online/ https://*.bing.com/ https://*.bing.net/; object-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.clickguard.com/ https://*.livechatinc.com/ https://*.chatwoot.com/ https://*.ideaerp.online/; frame-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.clickguard.com/ https://*.livechatinc.com/ https://*.chatwoot.com/ https://*.ideaerp.online/; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; frame-ancestors 'self' 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.bizzdesign.com pi.pardot.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com *.googleadservices.com www.youtube.com *.wistia.com browser.sentry-cdn.com bizzdesign.chilipiper.com *.alfabetcloud.com cdn-cookieyes.com *.bing.com *.licdn.com *.oktopost.com js.zi-scripts.com tag.aticdn.net www.redditstatic.com a.quora.com bizzdesign.chilipiper.com fast.wistia.net api.ipify.org moderate.cleantalk.org fd.cleantalk.org dywrfp5ctng3l.cloudfront.net cdn.intellimize.co *.unify.cloud cdn.dreamdata.cloud eu1.ironcladapp.com blob: ; object-src 'self' *.bizzdesign.com; style-src 'unsafe-inline' 'self' *.bizzdesign.com cdn.jsdelivr.net dywrfp5ctng3l.cloudfront.net eu1.ironcladapp.com; img-src data: 'self' *.bizzdesign.com *.bing.com cdn-cookieyes.com *.linkedin.com *.bing.com cdn-cookieyes.com www.googletagmanager.com *.google.com *.google.fr *.google.be *.google.de *.google.nl *.google.co.uk *.google.es q.quora.com alb.reddit.com bizzdesign.chilipiper.com stats.g.doubleclick.net *.wistia.com; media-src data: 'self' *.bizzdesign.com blob:; frame-src 'self' td.doubleclick.net www.googletagmanager.com www.youtube.com *.bizzdesign.com bizzdesign.chilipiper.com splunk-prod.alfabetcloud.com fast.wistia.net www.google.com fast.wistia.net eu1.ironcladapp.com; frame-ancestors 'self' *.bizzdesign.com enablement.bizzdesign.com engagement.bizzdesign.com admin.mindtickle.com bizzdesign.mindtickle.com browser.sentry-cdn.com ; child-src 'self' *.bizzdesign.com ; font-src 'self' *.bizzdesign.com fonts.gstatic.com *.wistia.com; connect-src 'self' *.bizzdesign.com px.ads.linkedin.com *.clarity.ms bat.bing.net js.zi-scripts.com google.com *.google.com ws.zoominfo.com bat.bing.com www.google-analytics.com *.doubleclick.net scout.salesloft.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.hotjar.io wss://ws.hotjar.com *.cookieyes.com cdn-cookieyes.com gjzbjmh.pa-cd.com pixel-config.reddit.com www.redditstatic.com cdn.jsdelivr.net bizzdesign.chilipiper.com pipedream.wistia.com fast.wistia.net fd.cleantalk.org bizzdesign.pinpointhq.com *.wistia.com browser.sentry-cdn.com log.intellimize.co *.unify.cloud cdn.dreamdata.cloud eu1.ironcladapp.com *.cleantalk.org; report-uri /policies/privacy-policy; upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gtranslate.net connect.facebook.net/en_US/sdk.js stats.st-denis.cloud-ed.fr translate.google.com *.googleapis.com *.formnx.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com; img-src 'self' data: blob: apicivique.s3.eu-west-3.amazonaws.com cdn.gtranslate.net plainecommune.fr fonts.gstatic.com www.gstatic.com www.google.fr translate.googleapis.com *.google.com; frame-src *; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' apicivique.s3.eu-west-3.amazonaws.com/jvalogo.svg cdn.gtranslate.net stats.st-denis.cloud-ed.fr connect.facebook.net *.googleapis.com *.formnx.com translate.google.com *.gstatic.com; upgrade-insecure-requests 2 default-src 'none'; connect-src 'self' noembed.com cdn.plyr.io www.google.com; font-src 'self' data:; form-action 'self' annuaire.group.gca; frame-ancestors 'self'; frame-src 'self' www.youtube.com www.google.com; img-src 'self' xiti.com *.xiti.com server.arcgisonline.com i.ytimg.com data:; media-src 'self' blob:; script-src 'self' 'unsafe-inline' www.youtube.com tag.aticdn.net xiti.com www.google.com www.gstatic.com leaflet.github.io unpkg.com/leaflet@1.6.0/dist/leaflet.js; style-src 'self' 'unsafe-inline' leaflet.github.io unpkg.com/leaflet@1.6.0/dist/leaflet.css 2 default-src 'self' www.chatbase.co *.etracker.de *.labor-limbach-hannover.de *.labor-limbach-lehrte.de limbachgruppe.ftapi.com *.laborpublisher.de api.newsletter2go.com maps.googleapis.com *.google-analytics.com cmill.de *.cmill.de prime-psf.2b-advice.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.chatbase.co limbachgruppe.ftapi.com *.laborpublisher.de static.newsletter2go.com maps.googleapis.com 2badvice-cdn.azureedge.net prime-psf.2b-advice.com *.etracker.com *.etracker.de *.labor-limbach-hannover.de *.labor-limbach-lehrte.de *.googletagmanager.com *.regio-tv.de; img-src * data: *.etracker.com *.etracker.de; style-src 'self' 'unsafe-inline' 2badvice-cdn.azureedge.net *.etracker.com; frame-ancestors 'self'; frame-src 'self' www.chatbase.co www.youtube-nocookie.com youtube.com player.vimeo.com vimeo.com cmill.de *.cmill.de termin.samedi.de lv.dialoglabor.de *.etracker.com *.regio-tv.de; font-src 'self' data: fonts.gstatic.com 2 block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee *.suvekeskus.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com www.googletagmanager.com embed.figma.com www.figma.com viewer.ipaper.io; report-uri /csp/report 2 default-src self'; script-src 'self'; 'unsafe-inline' 2 default-src 'self' localhost static.formstack.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: siteimproveanalytics.com js-agent.newrelic.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com www.google.com www.gstatic.com web2.production.gyantts.com *.vimeocdn.com cdnjs.cloudflare.com hcaptcha.com newassets.hcaptcha.com stripe.com *.stripe.com *.stripecdn.com challenges.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.gstatic.com fonts.googleapis.com s3.amazonaws.com *.typekit.net *.vimeocdn.com cdnjs.cloudflare.com js.stripe.com; img-src * data:; media-src assets.gyant.com; form-action 'self' *.formstack.com https://bellin.org http://bellin.docksal.site:8080; frame-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com challenges.cloudflare.com; frame-ancestors 'self'; child-src 'self' blob: www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; font-src 'self' data: fonts.gstatic.com *.typekit.net api.eventcalendarapp.com s3.amazonaws.com *.formstack.com; connect-src 'self' bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com wss://web2.production.gyantts.com web2.production.gyantts.com *.hcaptcha.com stripe.com *.stripe.com; base-uri 'self'; report-uri /report-csp-violation 2 default-src 'self'; script-src 'self' https://l.sharethis.com https://prod.impartner.live https://ellucian25stg.prod.acquia-sites.com https://*.ellucian.com https://code.jquery.com https://packages.prmcdn.io 'unsafe-inline' 'unsafe-eval' https://ws.sharethis.com https://maps.googleapis.com https://jamaica.value-cloud.com https://*.sharethis.com https://www.buzzsprout.com https://consent.cookiebot.com https://www.googletagmanager.com https://cdn.bizible.com https://script.crazyegg.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://munchkin.marketo.net https://abrtp2-cdn.marketo.com https://tag.simpli.fi https://assets.adoberesources.net https://cdn-public.sociabble.com https://cdn01.basis.net https://www.youtube.com https://googleads.g.doubleclick.net https://tracking.intentsify.io https://consentcdn.cookiebot.com https://js.zi-scripts.com https://j.6sc.co https://i.simpli.fi https://*.marketo.com https://static.addtoany.com blob: https://unpkg.com https://a.usbrowserspeed.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://085-mht-312.mktoutil.com https://user-sync.fwmrm.net https://pbutcher.uk https://consent.trustarc.com https://*.trustarc.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://*.ellucian.com https://packages.prmcdn.io https://*.sharethis.com https://rtp-static.marketo.com https://www.googletagmanager.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ellucian.com data: https://impartner.blob.core.windows.net https://maps.googleapis.com https://*.sharethis.com https://maps.gstatic.com https://cnv.event.prod.bidr.io https://www.google.com https://imgsct.cookiebot.com https://*.linkedin.com https://t.co https://pixel.sitescout.com https://cdn.bizible.com https://t.co https://analytics.twitter.com https://cdn.bizible.com https://b.6sc.co https://www.facebook.com https://www.googletagmanager.com https://attribution.sitescout.com https://assets.adoberesources.net https://cdn.bizibly.com https://um.simpli.fi https://cm.g.doubleclick.net https://cdn.bizibly.com https://fei.pro-market.net https://www.googleadservices.com https://ps.eyeota.net https://s.ad.smaato.net https://sync.1rx.io https://eb2.3lift.com https://simplifi.partners.tremorhub.com https://aa.agkn.com https://sync.intentiq.com https://image2.pubmatic.com https://ads.stickyadstv.com https://loadm.exelator.com https://ups.analytics.yahoo.com https://sync.bfmio.com https://bcp.crwdcntrl.net https://ce.lijit.com https://idsync.rlcdn.com https://ib.adnxs.com https://pixel.rubiconproject.com https://us-u.openx.net https://fei.pro-market.net https://googleads.g.doubleclick.net https://pixel.tapad.com https://pippio.com https://syncv4.intentiq.com https://dsum-sec.casalemedia.com https://d.agkn.com https://sync.taboola.com https://capi.connatix.com https://rtb-csync.smartadserver.com https://cs.lkqd.net https://sync.inmobi.com https://s.amazon-adsystem.com https://*.trustarc.com https://*.truste.com; frame-src 'self' https://www.youtube.com https://youtu.be https://lp.ellucian.com https://www.youtube-nocookie.com https://demo.arcade.software https://*.sharethis.com https://maps.googleapis.com https://calculator.value-cloud.com https://www.buzzsprout.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://pixel-sync.sitescout.com https://player.vimeo.com https://vimeo.com https://static.addtoany.com https://unpkg.com https://*.monday.com https://*.google.com https://*.trustarc.com; font-src 'self' https://fonts.gstatic.com https://consent.trustarc.com https://*.trustarc.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.geoplugin.net https://www.geoplugin.net https://ellucian25stg.prod.acquia-sites.com https://partners.ellucian.com https://maps.googleapis.com https://*.sharethis.com https://event.on24.com https://bcp.crwdcntrl.net https://www.google.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.linkedin.com https://085-mht-312.mktoresp.com https://*.crazyegg.com https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io https://js.zi-scripts.com https://js.zi-scripts.com https://*.mktoresp.com https://js.zi-scripts.com https://c.6sc.co https://*.marketo.com https://ws.zoominfo.com https://ipv6.6sc.co wss://*.cloud.adobe.io https://secure.adnxs.com https://www.facebook.com https://*.6sense.com https://unpkg.com https://assets.adoberesources.net https://browser.sentry-cdn.com https://o4510076484911104.ingest.us.sentry.io https://static.addtoany.com https://impartner.blob.core.windows.net https://www.googletagmanager.com https://085-mht-312.mktoutil.com https://lp.ellucian.com https://*.monday.com https://consent.trustarc.com https://*.trustarc.com https://*.googlesyndication.com; upgrade-insecure-requests 2 default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://maps.googleapis.com https://maps.gstatic.com data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://www.googletagmanager.com https://imgsct.cookiebot.com https://forms.hsforms.com https://perf-eu1.hsforms.com https://26706590.fs1.hubspotusercontent-eu1.net https://www.google.de https://www.google.com; object-src data:; frame-src 'self' mailto: tel: *.krone-dev.cybob-one.com *.krone-agriculture.com https://js-eu1.hsforms.net/ https://*.mykrone.green https://mykrone.green https://*.krone.de *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com https://my.matterport.com https://forms-eu1.hsforms.com https://td.doubleclick.net https://www.googletagmanager.com ; script-src 'self' 'unsafe-inline' https://www.google.com https://forms-eu1.hubspot.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hsforms.net/forms/embed/v2.js https://js-eu1.hsforms.net https://js-eu1.hubspot.com *.clarity.ms https://www.youtube.com; connect-src 'self' https://pagead2.googlesyndication.com https://www.googleadservices.com *.clarity.ms https://www.googletagmanager.com https://region1.analytics.google.com https://www.google.de https://www.google.com https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hubspot.com https://cta-eu1.hubspot.com https://f.clarity.ms https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 2 default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://x.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; 2 worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 2 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.uno.uk/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 2 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 2 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 2 default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 2 frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 2 default-src *.tradehq.com *.tradehq.co.uk *.tradehq.com.au https://*.amazonaws.com/public.tradehq.com/ 'self'; script-src https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://cdnjs.cloudflare.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://*.raygun.io https://*.jsdelivr.net https://*.googleapis.com 'unsafe-inline' 'unsafe-eval' 'self'; connect-src https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com/attachments.tradehq.com/ https://*.amazonaws.com/public.tradehq.com/ https://*.raygun.io https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk https://tradehq.com https://tradehq.com.au https://tradehq.co.uk 'self'; img-src https://*.amazonaws.com/public.tradehq.com/ https://www.google-analytics.com https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk https://tradehq.com https://tradehq.com.au https://tradehq.co.uk 'self' blob: https://maps.gstatic.com data: https://maps.googleapis.com; font-src https://tradehq.com https://tradehq.co.uk https://tradehq.com.au fonts.gstatic.com *.fontawesome.com https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk 'self' https://cdn.jsdelivr.net; style-src *.fontawesome.com fonts.googleapis.com *.tradehq.com *.tradehq.co.uk *.tradehq.com.au tradehq.com 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; form-action 'self'; frame-src https://www.google.com https://*.tradifyhq.com https://js.stripe.com https://*.amazonaws.com/public.tradehq.com/ https://*.amazonaws.com/attachments.tradehq.com/ https://*.tradehq.com https://*.tradehq.com.au https://*.tradehq.co.uk 'self'; 2 object-src 'none' 2 default-src 'self'; img-src ; media-src data:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' * 1 default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-9ZtGjX1S37borLfZnnnGog=='; style-src 'self' 'unsafe-inline' 1 frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1 default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman.co www.postman.com; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com client-proxy.pstmn.io chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.loom.com/embed/ https://connect.us.integrations.postmancloud.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://postman.zendesk.com/ https://runtime-assets.pstmn.io/ https://www.postman.com/complete-checkout; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/ https://runtime-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-xi3O5nub7ubNP3jmwW5/oB/bLkCzvJWfbogCMH0awLcDc8LM'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com vimeo.com *.vimeo.com *.youtube.com cdn.bokeh.org *.bokeh.org *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com vimeo.com *.vimeo.com *.youtube.com; worker-src *.twitter.com blob:; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1 default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1 frame-src 'self' www.google.com/recaptcha/api2/ vars.hotjar.com *.hotjar.io api.razorpay.com/v1/checkout/public intercom-sheets.com www.google.com/maps/embed/v1/place *.doubleclick.net t.makehook.ws; frame-ancestors https://tracxn.com https://platform.tracxn.com 1 connect-src * 'self' 1 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js https://platform.twitter.com https://challenges.cloudflare.com https://cdn.mouseflow.com https://cdn.jsdelivr.net/npm/search-insights@2.17.3 https://cdn.matomo.cloud https://googleads.g.doubleclick.net https://a.usbrowserspeed.com https://d-code.liadm.com https://googleads.g.doubleclick.net https://mises.matomo.cloud https://cdnjs.cloudflare.com https://donorbox.org https://static.filestackapi.com https://js.stripe.com https://www.google.com/pay https://forms.mises.org; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/ https://www.googletagmanager.com https://donorbox.org https://qjae.mises.org https://jls.mises.org; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; upgrade-insecure-requests 1 default-src 'none'; connect-src 'self' kraken.rambler.ru wss://messenger.online.sberbank.ru stat.tildacdn.com sysstat.tildacdn.com mc.yandex.ru mc.yandex.com gist.githubusercontent.com feeds.tildacdn.com api-maps.yandex.ru www.sfn-am.ru sfn-am.ru forms.tildaapi.com stat.tildaapi.com dmp.sbermarketing.ru dmp-profiles.sbermarketing.ru mc.yandex.ru ext.clickstream.sberbank.ru visor.sberbank.ru wss://mc.yandex.ru wss://mc.yandex.com privacy-cs.mail.ru wss://www.sfn-am.ru/ws; font-src 'self' data: fonts.gstatic.com static.tildacdn.com www.sfn-am.ru sfn-am.ru; frame-src 'self' youtube.com rutube.ru api-maps.yandex.ru my.mail.ru vk.com mc.yandex.ru mc.yandex.com e.infogram.com www.sfn-am.ru sfn-am.ru https://yandex.ru; img-src 'self' data: 'unsafe-inline' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net kraken.rambler.ru mc.yandex.ru www.sfn-am.ru sfn-am.ru tilda.ws adservings.ru bs.serving-sys.ru yastatic.net top-fwz1.mail.ru/counter top-fwz1.mail.ru/tracker vk.com/rtrg static.tildacdn.com; manifest-src 'self' www.sfn-am.ru sfn-am.ru; media-src 'self' www.sfn-am.ru sfn-am.ru; script-src 'self' googleads.g.doubleclick.net api-maps.yandex.ru mc.yandex.ru mc.yandex.com 'unsafe-inline' yastatic.net st.top100.ru core-renderer-tiles.maps.yandex.net 'unsafe-eval' static.tildacdn.com unpkg.com cdnjs.cloudflare.com e.infogram.com www.sfn-am.ru sfn-am.ru stmtag.ru unpkg.com/gsap@3/dist/gsap.min.js unpkg.co/gsap@3/dist/gsap.min.js ad.adriver.ru vk.com/js/api/openapi.js top-fwz1.mail.ru/js/code.js top-fwz1.mail.ru/js/dyn-goal-config.js privacy-cs.mail.ru/static/sync-loader.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.sfn-am.ru sfn-am.ru 1 frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1 frame-ancestors 'self' *.iza.org; 1 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 1 frame-ancestors 'self' bam.harri.com harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com new.harri.com fr.new.harri.com es.new.harri.com ru.new.harri.com de.new.harri.com pl.new.harri.com ar.new.harri.com tr.new.harri.com internal-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com internal-temp-bcf49936-acd4-4f79-be5a-fad8a01526db.harri.com live.harri.com liveschedule.harri.com corporate.harri.com; 1 default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se klimatanpassningsradet.se; report-uri /userv/cspreporting 1 frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com nbcolympics.com 1 default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://virtu-www.s3.amazonaws.com/ https://*.list-manage.com/ https://*.virtu.com/ https://*.greenhouse.io/ https://*.kcg.com/ https://maps.googleapis.com/ https://maps.google.com/; img-src 'self' data: blob: https://*.virtu.com/ https://virtu-www.s3.amazonaws.com/ https://*.greenhouse.io/ https://*.kcg.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/; object-src 'self' data: blob: https://*.virtu.com/ https://*.greenhouse.io/ https://*.kcg.com/ https://www.google.com/ https://maps.google.com/; frame-src 'self' data: blob: https://*.virtu.com/ https://*.greenhouse.io/ https://*.kcg.com/ https://www.google.com/ https://maps.google.com/; 1 frame-ancestors https://cloudsecurityalliance.org https://training.cloudsecurityalliance.org 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn6.prod.gsb.bgh.in.bund.de piwik.itzbund.de 1 frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 1 default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi cdn.askem.com customer.cludo.com; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai boost-files-general-eu-west-1-test.s3-eu-west-1.amazonaws.com boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com cdn.askem.com; media-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai cdn.askem.com *.monitor.azure.com *.cdn.applicationinsights.io customer.cludo.com; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ *.boost.ai youtube.com feedback.askem.com *.in.applicationinsights.azure.com js.monitor.azure.com api.cludo.com; frame-src 'self' https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1 script-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob: https: 'unsafe-inline' 'unsafe-eval' 1 img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1 default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com https://download1.pornbox.com download1.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://*.1ka.com *.1ka.com https://beta.sheer.com beta.sheer.com https://beta2.sheer.com beta2.sheer.com https://beta3.sheer.com beta3.sheer.com https://beta4.sheer.com beta4.sheer.com https://beta5.sheer.com beta5.sheer.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://*.agego.com *.agego.com https://*.yoti.com *.yoti.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://beta.sheer.com beta.sheer.com https://beta2.sheer.com beta2.sheer.com https://beta3.sheer.com beta3.sheer.com https://beta4.sheer.com beta4.sheer.com https://beta5.sheer.com beta5.sheer.com https://*.agego.com *.agego.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect https://*.googleapis.com *.googleapis.com https://*.firebaseio.com *.firebaseio.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://fonts.gstatic.com fonts.gstatic.com data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://beta.sheer.com beta.sheer.com https://beta2.sheer.com beta2.sheer.com https://beta3.sheer.com beta3.sheer.com https://beta4.sheer.com beta4.sheer.com https://beta5.sheer.com beta5.sheer.com https://*.googleapis.com *.googleapis.com https://accounts.google.com accounts.google.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com apis.google.com https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 365.hosting webhost1.ru d.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.jivosite.com privacy-cs.mail.ru top-fwz1.mail.ru infird.com .stripe.com *.sbis.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-apac.nestlehealthscience.com.au https://*.qualtrics.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://siteintercept.qualtrics.com; media-src *; frame-src * *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.qualtrics.com; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-apac.nestlehealthscience.com.au https://*.qualtrics.com; report-uri /report-csp-violation 1 frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1 child-src 'self' https://haw-hio-cust4.usercontent-test-hispro.de https://login.haw-hamburg.de https://mathplan.de https://test-haw-hamburg.mathplan.de https://haw-hamburg.de https://www.haw-hamburg.de https://myhaw.haw-hamburg.de; font-src 'self'; frame-src 'self' https://*.haw-hamburg.de https://*.*.haw-hamburg.de https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'unsafe-eval' 'self' https://cdn.ckeditor.com https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de 'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de; img-src data: *.haw-hamburg.de *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.spd.de https://api.spendino.de https://maps.googleapis.com https://altruja.de https://www.verbavoice.net https://*.raisenow.com https://cdn.jsdelivr.net https://*.datatrans.com ; img-src 'self' data: https://*.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://*.openstreetmap.de https://images.admiralcloud.com https://*.micropayment.de https://cdn.jsdelivr.net ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://*.spd.de https://dpa-electionslive.s3.amazonaws.com https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://www.youtube.com https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://www.verbavoice.ne https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://*.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://t3prod.admiralcloud.com https://player.admiralcloud.com https://gateway.spendino.de https://*.datatrans.com https://tamaro.raisenow.com ; style-src 'self' 'unsafe-inline' https://*.spd.de https://fonts.googleapis.com https://assets.raisenow.io https://cdn.jsdelivr.net ; connect-src 'self' https://*.spd.de https://altruja.de wss://ws-eu.pusher.com https://*.raisenow.io https://*.raisenow.com ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' data: https://*.spd.de https://fonts.gstatic.com https://assets.raisenow.io ; 1 default-src 'self'; img-src 'self' 1 X-Content-Security-Policy 1 base-uri 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net;child-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net;connect-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 1 base-uri 'self';child-src blob:;connect-src 'self' sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com medias.relaischateaux.com webpack: *.algolia.net *.algolianet.com *.adnxs.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io api.widget.botmind.ai privacyportal-fr.onetrust.com bat.bing.com bat.bing.net geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com *.googleadservices.com *.facebook.com googleads.g.doubleclick.net *.hotjar.io *.google-analytics.com metrics.relaischateaux.com *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com mapsresources-pa.googleapis.com ct.pinterest.com log.pinterest.com *.contentsquare.net *.contentsquare.com s.pinimg.com;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self' *.adyen.com *.adyenpayments.com;frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com recaptcha.net www.google.com www.googletagmanager.com *.adyen.com *.relaischateaux.com ct.pinterest.com *.visammg.com;img-src 'self' data: blob: *.relaischateaux.com *.gstatic.com *.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com bat.bing.net www.facebook.com ib.adnxs.com *.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com *.googletraveladservices.com *.googletagmanager.com googleads.g.doubleclick.net *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com relay-t.io *.relay-t.io secure-relay.com *.secure-relay.com secure-hotel-tracker.com *.secure-hotel-tracker.com *.cloudfront.net assets.relaischateaux.com static.tacdn.com www.tripadvisor.com ct.pinterest.com log.pinterest.com *.contentsquare.net;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com recaptcha.net www.gstatic.com www.google.com *.adyen.com *.actito.be secure-hotel-tracker.com *.googleadservices.com *.yahoo.com *.yahoodns.net *.yimg.com s.pinimg.com ct.pinterest.com t.contentsquare.net app.contentsquare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com *.googletagmanager.com;worker-src 'self' blob:;upgrade-insecure-requests ; 1 script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-RZS+W5go5J+Hj7INtqc5MQ==' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://*.qualtrics.com https://*.piwik.pro https://www.youtube.com/ https://*.googleapis.com https://secure.leadforensics.com/ https://*.hotjar.com https://*.quanta.io;; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.hotjar.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.qualtrics.com https://*.legrand.com https://*.legrandgroup.com https://*.quanta.io;;; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com https://*.qualtrics.com https://legrand.symex.be;; frame-ancestors https://*.legrand.com https://*.legrandgroup.com https://www.googletagmanager.com https://legrand.symex.be; font-src https://*.googleapis.com https://*.legrand.com https://*.gstatic.com https://*.hotjar.com; connect-src 'self' https://legrand.symex.be https://www.google-analytics.com https://legrand-plateforme.containers.piwik.pro https://cdn.jsdelivr.net https://*.qualtrics.com https://*.piwik.pro https://www.youtube.com/ https://*.googleapis.com https://www.youtube-nocookie.com https://*.google-analytics.com https://www.googletagmanager.com www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.quanta.io;; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' blob: http: https: qa-65.stiebel-eltron.de wss://client.relay.crisp.chat; img-src 'self' data: blob: http: https: qa-65.stiebel-eltron.de ; script-src 'self' 'unsafe-eval' http: https: qa-65.stiebel-eltron.de widget.moin.ai; style-src 'self' 'unsafe-inline' http: https: qa-65.stiebel-eltron.de ; font-src 'self' data: http: https: qa-65.stiebel-eltron.de; worker-src blob: https://*.stiebel-eltron.de; 1 frame-ancestors https://mon-programme-eco-sante.harmonie-mutuelle.fr https://acp-harmonie-prod.sharecare.paris https://acp-harmonie-test.sharecare.paris https://acp-harmonie-preprod.sharecare.paris https://hm-preprod.sharecare.paris; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1 default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com *.onelink-edge.com googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com cdn.linkedin.oribi.io *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org testingn5u3c8k7g4-dsn.algolia.net cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com www.googleadservices.com googleads.g.doubleclick.net *.tags.srv.stackadapt.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com cdn.userway.org tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net ad.doubleclick.net *.google.ca *.gstatic.com *.googletagmanager.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com alb.reddit.com s.yimg.com sp.analytics.yahoo.com *.googleadservices.com *.facebook.net pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; media-src 'self' 'unsafe-inline' youtube.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com pixel-config.reddit.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com onelink-edge.com googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com bid.g.doubleclick.net *.company-target.com youtu.be tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com *.pub.sfmc-content.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.doubleclick.net *.simpli.fi *.adsrvr.org *.podbean.com www.podbean.com cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; child-src 'self' blob: dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com *.simpli.fi *.adsrvr.org cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.yimg.com sp.analytics.yahoo.com *.userway.org *.simpli.fi *.adsrvr.org cloud.response.certainteed.com *.bazaarvoice.com *.my.site.com ; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com *.onelink-edge.com googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com cdn.linkedin.oribi.io *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io analytics.tiktok.com td.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com s.pinimg.com www.redditstatic.com ct.pinterest.com s.yimg.com sp.analytics.yahoo.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com config.reddit.com www.redditstatic.com conversions-config.reddit.com ct.pinterest.com s.yimg.com analytics.google.com *.reddit.com *.tiktokw.us test-drive-11-s6uit34pua-uc.a.run.app *.facebook.com *.doubleclick.net *.googleadservices.com pixel-config.reddit.com google.com *.simpli.fi *.adsrvr.org testingn5u3c8k7g4-dsn.algolia.net cloud.response.certainteed.com *.salesforce-scrt.com *.bazaarvoice.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-9n//1lPzZXe1JrIP0TZ7zw=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1 default-src 'self' *.crazyegg.com https://www.clarity.ms https://*.clarity.ms https://brandfolder.com https://pages.videojet.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.videojet.com https://truepulsetracking.com/js/script.js https://truepulsetracking.com https://js.zi-scripts.com https://js.zi-scripts.com/zi-tag.js https://scripts.clarity.ms http://scripts.clarity.ms https://www.gstatic.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://93903118.adoric-om.com/adoric.js cdn.pushcrew.com *.crazyegg.com https://brandfolder.com https://script.crazyegg.com https://www.youtube.com https://bat.bing.com https://pages.videojet.com https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__en.js https://www.google.com/recaptcha/api.js https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com https://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js https://play.vidyard.com https://play.vidyard.com https://connect.facebook.net https://app-sj04.marketo.com https://munchkin.marketo.net https://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com https://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://www.googletagmanager.com blob:; style-src 'self' 'unsafe-inline' https://pages.videojet.com/js/forms2/css/forms2.css https://pages.videojet.com/js/forms2/css/forms2-theme-simple.css https://brandfolder.com https://static.adoric.com/adoric.v9.11.min.css *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://dev.visualwebsiteoptimizer.com/static/latest/styles/themes/light-1975c1b85dd0e3c2ab714e934485e6dc.css https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com https://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' wss://mwu9p4bdfa.execute-api.us-west-2.amazonaws.com/prod/ wss://t58z2twhge.execute-api.us-west-2.amazonaws.com/prod/ https://pages.videojet.com https://ws.zoominfo.com https://js.zi-scripts.com https://o.clarity.ms/collect https://f.clarity.ms/collect https://fbo-b.flippingbook.com https://090-bzj-603.mktoutil.com https://o.clarity.ms/collect https://n.clarity.ms/collect https://brandfolder.com *.visualwebsiteoptimizer.com app.vwo.com *.crazyegg.com https://e.clarity.ms/collect https://app.adoric-om.com https://www.google.com https://r3.visualwebsiteoptimizer.com https://s.clarity.ms/collect https://u.clarity.ms/collect https://q.clarity.ms/collect https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://script.crazyegg.com https://v.clarity.ms/collect https://z.clarity.ms/collect https://i.clarity.ms/collect https://bat.bing.com https://pagead2.googlesyndication.com https://r.clarity.ms/collect https://d.clarity.ms/collect https://h.clarity.ms/collect https://api.nelioabtesting.com https://googleads.g.doubleclick.net/pagead/landing https://b.clarity.ms/collect https://www.google.com/pagead/landing https://l.clarity.ms/collect https://k.clarity.ms/collect https://j.clarity.ms/collect https://a.clarity.ms/collect https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://play.vidyard.com https://play.vidyard.com https://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://090-bzj-603.mktoresp.com https://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com https://online.flippingbook.com https://brandfolder.com https://aurora.videojet.com https://sketchfab.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com https://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com https://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: https://videojet-preprod.go-vip.net https://videogif.bfldr.com https://sketchfab.com https://connect.facebook.net https://online.flippingbook.com https://googleads.g.doubleclick.net https://app-sj04.marketo.com https://storage-us-gcs.bfldr.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.crazyegg.com https://cdn.jsdelivr.net/npm/emoji-datasource-google@7.0.2/img/google/64/1f449.png https://ce-user-images.s3.amazonaws.com https://fonts.gstatic.com https://r3.visualwebsiteoptimizer.com https://cdn.videojet.com https://bat.bing.com https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org https://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com https://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://2.gravatar.com https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.videojet.com https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' blob: 'self' https://www.videojet.com/2542450f-ca39-4b31-a4fe-b3a44bdf7414 https://www.videojet.com https://www.videojet.com/7b2fcfc1-d4e5-4136-806c-06352297e50b https://www.videojet.com/2a2994b2-69bb-468c-9f92-05d4a4c16a3e https://www.videojet.com/14f827d5-abfb-4e4e-9a4c-895f5b02a2fd https://www.videojet.com/64bbf2dc-fdf3-4751-ba9d-a2a2b246a44f https://www.videojet.com/78280bef-49f4-4385-a2de-9e7323188caa https://www.videojet.com/8a155a4c-c61c-4378-b005-8ffe276fcc45 https://www.videojet.com/62e4c7d6-2f09-4a3e-b2a3-52cafc05d9da https://www.videojet.com/bec2d58e-d5cf-468a-887a-e370709be634 https://www.videojet.com/c781ff3d-603d-4687-89f0-3a3d6a328219 https://www.videojet.com/74fce793-ed04-4dbc-a6f5-3a63cad3cea0 https://www.videojet.com/fee32f17-de59-4310-bfbf-e12ae23e77ce https://www.videojet.com/f1d8c577-4487-4b24-869c-7f8d14253245 https://www.videojet.com/7fcb0737-1eb0-4e93-8b92-93857452a662 https://www.videojet.com/f6a8f6b8-767b-42dc-b442-b6652594efd8 https://www.videojet.com/503b8add-9b01-4c08-9ecd-5b2ad4b061ed https://www.videojet.com/9d7d8042-f3a8-4aed-9dcb-766aae5a5211 https://www.videojet.com/edfede1b-259f-4197-aa6a-ec54bb13032e https://www.videojet.com/011c1447-c96d-47ff-997b-464ac7eaa5d0 https://www.videojet.com/8006d16d-a330-4f76-962f-5ee56bd312ea https://www.videojet.com/aa59bbca-6826-445f-b147-adf7e4a18cb7 https://www.videojet.com/a67567ac-8759-457f-8f2a-8de5d2891a3d https://www.videojet.com/b9b2cba9-9085-4a35-9042-c631bc0edd95 https://www.videojet.com/57c18b2b-ebfb-44b8-9fa8-6f3ab8cbd77f https://www.videojet.com/c65fa58a-32e8-4dda-9081-b23fcb28a983; 1 default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 1 connect-src 'self' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com pei.de; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com pei.de www.pei.de; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de pei.de www.pei.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de *.webview.isb-mopa.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; Content-Security-Policy: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; X-Webkit-CSP: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de*.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://static.cloudflareinsights.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mista.ua https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.adtrafficquality.google *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org https://polyfill.io/ wikimapia.org https://*.jsdelivr.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com syndicatedsearch.goog *.googletagservices.com *.adtrafficquality.google *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org *.adsensecustomsearchads.com https://www.tiktok.com/; 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com 'self' https://webapps.itmc.tu-dortmund.de https://service.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 'self' 1 frame-ancestors 'self' https://www.lowi.es https://lowi.es; 1 frame-ancestors 'self' https://www.genau-lotto.de https://genau-lotto.de https://*.etracker.com https://s.lotto-hessen.de 1 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org https://player.vimeo.com/ https://www.recaptcha.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onelogin.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net https://www.googletagmanager.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/;; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:;; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.recaptcha.net https://www.googletagmanager.com https://cdn.jsdelivr.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com *.googletagmanager.com googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://gtm.zone-secure.net https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev *.google.com google.com *.googlesyndication.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.zone-secure.net *.clarity.ms *.privacy-center.org privacy-center.org region1.google-analytics.com;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev *.google.com google.com *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.centrakor.com *.zone-secure.net *.clarity.ms *.privacy-center.org privacy-center.org region1.google-analytics.com;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/ *.woosmap.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev *.googletagmanager.com googletagmanager.com *.google.com google.com *.googlesyndication.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.zone-secure.net *.clarity.ms *.privacy-center.org privacy-center.org region1.google-analytics.com;img-src 'self' data: *.centrakor.com maps.googleapis.com *.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com google.com *.googlesyndication.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io *.woosmap.com https://purecatamphetamine.github.io https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev *.googletagmanager.com googletagmanager.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.zone-secure.net *.clarity.ms *.privacy-center.org privacy-center.org region1.google-analytics.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com *.google.com google.com *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.zone-secure.net *.clarity.ms *.privacy-center.org privacy-center.org region1.google-analytics.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/ https://service.zone-secure.net/ *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev *.google.com google.com *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.centrakor.com *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.zone-secure.net *.clarity.ms *.privacy-center.org privacy-center.org region1.google-analytics.com;base-uri 'self';media-src 'self' data: *.flbx.io *.google.com google.com *.privacy-center.org privacy-center.org *.googletagmanager.com googletagmanager.com;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1 frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.googletagmanager.com *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com; connect-src 'self' *.fbcdn.net *.googleapis.com *.gstatic.com *.clarity.ms *.bing.com *.yimg.jp *.yahoo.co.jp *.facebook.com *.facebook.net *.googletagmanager.com *.google.com *.googleadservices.com *.googlesyndication.com *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com *.amazon-adsystem.com *.redditstatic.com *.reddit.com *.paa-reporting-advertising.amazon *.contextweb.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: google.com *.googleadservices.com *.googlesyndication.com *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.fbcdn.net *.clarity.ms *.googlesyndication.com *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com *.amazon-adsystem.com *.redditstatic.com *.reddit.com *.paa-reporting-advertising.amazon *.contextweb.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1 default-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://fonts.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net https://forms.hsforms.com https://heatmaps.monsido.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gtranslate.net https://cdn.jsdelivr.net https://www.youtube.com https://vimeo.com https://player.vimeo.com https://unpkg.com https://cdnjs.cloudflare.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://static.addtoany.com https://www.instagram.com https://maps.googleapis.com https://app-script.monsido.com https://heatmaps.monsido.com https://cdn.monsido.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://paperform.co/__embed.min.js https://ajax.googleapis.com https://fw-cdn.com https://*.freshworks.com https://*.freshchat.com https://snap.licdn.com https://analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms https://bat.bing.com https://js-agent.newrelic.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://toolbar.freshmarketer.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; object-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://*.freshworks.com https://*.freshchat.com https://fonts.googleapis.com https://d15qjtw2mfbt44.cloudfront.net https://toolbar.freshmarketer.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self' 'unsafe-inline' data: https://redsalud.widen.net https://cdn.gtranslate.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://tracking.monsido.com https://cdn.monsido.com https://www.google.com https://www.google.com.co https://www.google.cl https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://googleusercontent.com https://lh3.googleusercontent.com https://*.freshworks.com https://*.freshchat.com https://px.ads.linkedin.com https://analytics.tiktok.com https://bat.bing.com https://*.clarity.ms https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io; media-src 'self' 'unsafe-eval' https://redsalud.widen.net https://previews.us-east-1.widencdn.net https://youtu.be https://www.youtube.com https://vimeo.com https://player.vimeo.com; frame-src 'self' https://www.youtube.com https://vimeo.com https://player.vimeo.com https://www.google.com https://www.googletagmanager.com https://calendar.google.com https://google.com https://static.addtoany.com https://drive.google.com https://www.facebook.com https://accounts.google.com https://open.spotify.com https://www.instagram.com https://app-script.monsido.com https://heatmaps.monsido.com https://cdn.monsido.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.paperform.co https://fw-cdn.com https://*.freshworks.com https://*.freshchat.com https://vars.hotjar.com https://lookerstudio.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://datastudio.google.com/ ; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://heatmaps.monsido.com https://*.freshworks.com https://*.freshchat.com https://fonts.gstatic.com https://d15qjtw2mfbt44.cloudfront.net https://toolbar.freshmarketer.com; connect-src 'self' https://bam.nr-data.net https://js-agent.newrelic.com https://www.google.com https://www.google.com.co https://www.google.cl https://www.googleadservices.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://cdn.monsido.com https://heatmaps.monsido.com https://app-script.monsido.com https://fw-cdn.com https://*.freshworks.com https://*.freshchat.com https://px.ads.linkedin.com https://analytics.tiktok.com https://bat.bing.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://*.freshmarketer.com https://*.freshworks.com https://*.fwusercontent.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1 default-src 'self'; frame-src 'self' https://*.coromant.com https://*.coromant.cn https://d6tizftlrpuof.cloudfront.net https://oc-cdn-public-eur.azureedge.net https://*.marketo.com https://*.googletagmanager.com https://static.experimentation.dev https://*.google.com https://*.adyen.com https://videos.sandvik.coromant.com; style-src 'self' 'unsafe-inline' https://*.bing.com https://oc-cdn-public-eur.azureedge.net https://*.marketo.com https://*.googletagmanager.com https://*.googleapis.com https://static.experimentation.dev https://*.adyen.com https://*.mopinion.com; script-src 'self' blob: 'unsafe-eval' 'nonce-f5sRanT6MbLOh9eEsDmj2MOhSkjhj6dU' https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://www.google.com https://www.recaptcha.net https://cdn.cookielaw.org https://*.onetrust.com https://hm.baidu.com https://*.googletagmanager.com https://*.kameleoon.eu https://*.marketo.net https://*.mopinion.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.virtualearth.net https://oc-cdn-public-eur.azureedge.net https://*.coromant.com https://*.coromant.cn https://*.clarity.ms https://connect.facebook.net https://*.facebook.net https://snap.licdn.com https://*.linkedin.com https://*.marketo.com https://static.experimentation.dev https://*.adyen.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.lifeinside.io; connect-src 'self' https://*.coromant.com https://*.coromant.cn https://eu-mobile.events.data.microsoft.com https://*.kameleoon.eu https://cdn.cookielaw.org https://*.mktoresp.com https://*.googletagmanager.com https://*.google.com https://eu-data.kameleoon.io https://widget-api.lifeinside.io https://*.bing.com https://*.clarity.ms https://*.mopinion.com https://*.linkedin.com https://*.marketo.com https://*.virtualearth.net https://*.experimentation.dev https://*.adyen.com https://*.onetrust.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.lifeinside.io https://sigr-cor-products-use-prod.service.signalr.net wss://sigr-cor-products-use-prod.service.signalr.net https://sigr-tibp-cor-services-we-prod.service.signalr.net wss://sigr-tibp-cor-services-we-prod.service.signalr.net https://sigr-tibp-cor-commonsignalr-euw-prod.service.signalr.net wss://sigr-tibp-cor-commonsignalr-euw-prod.service.signalr.net; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.mopinion.com https://cdn.jsdelivr.net; object-src 'none'; frame-ancestors 'none' 1 default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com cdn.tailwindcss.com ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com t.co/i/adsct cf.zortrax.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com www.googletagmanager.com *.upviral.com ;connect-src 'self' bd1.zortrax.com stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com zortrax.us14.list-manage.com *.list-manage.com *.wistia.com *.litix.io 3dprint.zortrax.com *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com www.google.com *.facebook.com ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1 default-src blob: https: wss: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;font-src 'self';style-src 'self' 'unsafe-inline';script-src 'self' https://*.wefact.ai https://*.open.cx 'unsafe-inline';connect-src 'self' https://*.wefact.ai wss://*.wefact.ai https://*.open.cx wss://*.open.cx;frame-src 'self' https://*.wefact.ai https://*.open.cx; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.industowers.com/ https://*.industowers.com/ http://*.industowers.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/ https://s.tradingview.com/; img-src 'self' data: blob: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://goo.gle/ https://www.industowers.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googletagmanager.com; object-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; frame-src 'self' data: blob: https://td.doubleclick.net/ https://goo.gle/ https://s.tradingview.com/ https://www.googletagmanager.com/; form-action 'self' data: blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.createjs.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://maps.google.com/ https://s3.amazonaws.com/ https://*.list-manage.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/ https://goo.gle/; 1 frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn 'self'; 1 script-src 'nonce-8536f573-2131-451e-90db-4ce7c18eb591' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://gateway.mobbeel.com/ mobbeel.com *.mobbeel.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com static.cloudflareinsights.com www.clarity.ms *.clarity.ms analytics.ahrefs.com js.stripe.com pay.google.com; object-src none; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' data: blob: https:; frame-src 'self' www.google.com www.recaptcha.net js.stripe.com hooks.stripe.com pay.google.com; frame-ancestors 'self'; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; connect-src 'self' https: 1 script-src 'self' 'unsafe-eval' 1 default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1 default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com *.imaginativeenterprising-intelligent.com *.mouseflow.com *.clarity.ms *.publuu.com *.buzzsprout.com *.lfeeder.com cdn.ckeditor.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com *.cloudflare.com *.avl-marketing.com *.clarity.ms *.amazonaws.com *.lfeeder.com *.kununu.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at *.publuu.com publuu.com *.buzzsprout.com publications.avl.com www.googletagmanager.com; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com *.mouseflow.com *.cloudflare.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com *.mouseflow.com *.clarity.ms bat.bing.com; report-uri /report-csp-violation 1 frame-ancestors https://deejay.de https://*.deejay.de https://vinylfuture.com https://*.vinylfuture.com; 1 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 1 default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 default-src *;script-src 'self' 'nonce-Omd1eVTHtqzm0NLJzf4rGX1WNtEA/imhQgagZ2sHquI='; 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman.co www.postman.com; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com client-proxy.pstmn.io chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.loom.com/embed/ https://connect.us.integrations.postmancloud.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://postman.zendesk.com/ https://runtime-assets.pstmn.io/ https://www.postman.com/complete-checkout; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/ https://runtime-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-vLQjOD7HZHCPrlvm0ICu0g=='; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.segmentapis.com *.segment.com *.segment.io; object-src *; style-src * 'self' 'unsafe-inline' https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; img-src * 'self' data: https:; https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; media-src *; frame-src * https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; connect-src * 'self' https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.segmentapis.com *.segment.com *.segment.io; report-uri /log-report-uri/enforce 1 frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1 frame-ancestors 'self' forms.saib.com.sa *.saib.com.sa; report-uri /report-csp-violation 1 connect-src 217.74.35.12 mc.yandex.ru uaas.yandex.ru https://mc.yandex.ru wss://mc.yandex.ru metrica.beeline.ru cloud.beeline.ru api.mindbox.ru web-static.mindbox.ru *.mindbox.ru; default-src 'self' data: 'unsafe-inline' bitrix.info uaas.yandex.ru vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' bitrix.info abt.s3.yandex.net api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net b24.datafort.ru datafort.ru api.mindbox.ru mindbox.ru *.mindbox.ru web-static.mindbox.ru ymcrwio9b1.ru mc.yandex.ru yandex.ru www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; font-src 'self' fonts.googleapis.com; 1 default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de *.synology.me:5001; frame-ancestors 'self'; font-src 'self' data:; 1 frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com https://unibuddy.co https://cdn.unibuddy.co https://popcard.unibuddy.co; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com https://unibuddy.co https://cdn.unibuddy.co https://popcard.unibuddy.co *.srf.ch *.srf.ch/play; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com tracking-api.g2.com www.facebook.com https://lottie.host https://unpkg.com cdn.jsdelivr.net *.onetrust.com alb.reddit.com pixel-config.reddit.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz *.lovable.app;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us www.googletagmanager.com *.lovable.app;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com alb.reddit.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://unpkg.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net go.esko.com www.redditstatic.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.ckeditor.com *.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.cookielaw.org *.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.mailchimp.com; img-src 'self' data: blob: *.youtube.com *.google.com *.google.ro *.googletagmanager.com *.shortpixel.ai; media-src 'self' blob: *.youtube.com *.google.ro *.shortpixel.ai; frame-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.etapestry.com etapestry.sky.blackbaud.com *.vercel.app *.google.com *.spotify.com; font-src 'self'; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.doubleclick.net; report-uri /report-csp-violation 1 base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1 default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com www.kununu.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com code.jquery.com:* static.addtoany.com:* cdn.jsdelivr.net:* googleads.g.doubleclick.net:* connect.facebook.net:* cdnjs.cloudflare.com:* cdn.cookielaw.org:* *.gigya.com:* *.qualtrics.com *.adimo.co:* app.tintup.com:* tintup.com:* www.tintup.com www.google.com www.recaptcha.net www.gstatic.com *.nestlegoodnes.com js-agent.newrelic.com:* assets.pinterest.com:* *.atlassian.net:* apis.google.com:* *.qualifioapp.com; object-src 'none'; frame-src 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com *.qualtrics.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.youtube.com *.qualifioapp.com; frame-ancestors 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.qualifioapp.com; report-uri /log-report-uri/enforce 1 frame-ancestors https://*.holman.com *.holmancadillac.com *.holmanhondacentennial.com *.holmanhonda.com *.audisandiego.com *.audiflatirons.com *.audiboulderservice.com *.audipembrokepines.com *.audifortwashington.com *.holmanfordmapleshade.com *.holmanfordturnersville.com *.holmanlincolnmapleshade.com *.princetonbmw.com *.bmwofmtlaurel.com *.bmwoffortlauderdale.com *.bmwofpembrokepines.com *.bmwtigard.com *.kuniautocenter.com *.jaguarsandiego.com *.landroversandiego.com *.landroverdenver.com *.landroverlynnwood.com *.lexusofportland.com *.lexusofportland.com *.lexusofseattle.com *.holmaninfiniti.com *.holmantoyota.com *.lauderdalemini.com *.miniofmtlaurel.com *.porschesandiego.com *.mbvansmapleshade.com *.holmanmotorcars.com *.holmanauto.com *.holmancollision.com *.riskpartners.com *.holmancollision.com *.holmantransportationrrg.com *.holmanvinfastfortlauderdale.com *.holmanineosgranider.com *.studio.porschesandiego.com *.audisandiegofashionvalley.com *.lexusofgreenwoodvillage.com *.holmanineosgrenadier.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1 default-src 'self'; block-all-mixed-content; connect-src 'self' go.metering.diehl.com go.controls.diehl.com analytics.diehl.com geolocation.onetrust.com *.onetrust.com cdn.cookielaw.org *.youtube-nocookie.com https://*.googleapis.com *.google.com https://*.gstatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://v.qq.com *.canto.de *.cloudfront.net *.google.com brandsonspeed.pageflow.io *.youtube-nocookie.com *.youtube.com; img-src 'self' cdn.cookielaw.org https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com img.youtube.com https://diehl-gruppe.canto.de https://*.cloudfront.net https://puui.qpic.cn *.ytimg.com data: analytics.diehl.com; media-src 'self' blob:; script-src 'self' analytics.diehl.com *.onetrust.com cdn.cookielaw.org pi.pardot.com go.metering.diehl.com go.controls.diehl.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.typekit.net *.youtube-nocookie.com *.ytimg.com cdn.syndication.twimg.com 'nonce-BKUduAK4Jf4oEnLOuLIV4A=='; style-src 'self' analytics.diehl.com https://fonts.googleapis.com *.typekit.net 'nonce-BKUduAK4Jf4oEnLOuLIV4A==' 1 default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com analytics.mbda-systems.com static.addtoany.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.epresspack.online analytics.mbda-systems.com; img-src 'self' data: *.epresspack.online newsroom.mbda-systems.com analytics.mbda-systems.com; media-src 'self' about: data:; frame-src 'self' *.youtube.com static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' analytics.mbda-systems.com static.addtoany.com stats.addtoany.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.google.com/ads/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://b.6sc.co/ https://app-sj27.marketo.com/ https://go.scaledagile.com/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://static.smartrecruiters.com/ https://*.company-target.com/ https://www.smartrecruiters.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://s.company-target.com/ https://scaledagilenetwork.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://www.google.com/ https://www.google.com/ads/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://cdn.vidyard.com/ https://cdn.vidyard.com/thumbnails/18287566/TcTilRh6vhdyHxZi9F4VIQ.png https://play.vidyard.com/ https://id.rlcdn.com/ https://b.6sc.co/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.linkedin.com/* https://go.scaledagile.com/ https://www.googletagmanager.com/ https://segments.company-target.com/ https://scaledagile.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://scaledagilenetwork.com/ https://safe.scaledagile.com/ https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/ https://scaledagilenetwork.com/ http://scaledagile.pathfactory.com https://scaledagile.pathfactory.com http://content.scaledagile.com https://content.scaledagile.com http://scaledagile.lookbookhq.com https://scaledagile.lookbookhq.com; 1 default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data: 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 frame-src spasibosberbank.ru new.spasibosberbank.ru 1 default-src https:; base-uri 'self'; connect-src https: ws:; font-src https: data:; frame-src https: blob:; img-src http: https: blob: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; 1 base-uri 'none';child-src 'none';connect-src 'self' https://www.facebook.com https://www.google.com https://www.google.com.ar https://www.google-analytics.com https://analytics.google.com http://static.ads-twitter.com http://script.crazyegg.com http://onelinksmartscript.appsflyer.com https://*.amplitude.com https://www.googletagmanager.com https://facebook.net https://analytics.tiktok.com https://map-handler.qa.playdigital.com.ar https://stats.g.doubleclick.net https://tracking.crazyegg.com https://*.crazyegg.com https://go.botmaker.com https://cdn.freshbots.ai https://www.freshbots.ai https://m-infra.appspot.com https://px.ads.linkedin.com wss://ws.botmaker.com *.freshbots.ai *.crazyegg.com *.botmaker.com *.googleapis.com *.playdigital.com.ar *.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;form-action 'self';frame-ancestors *;frame-src 'self' https://*.doubleclick.net https://*.modo.com.ar https://www.googletagmanager.com/ https://maps.googleapis.com https://www.google.com;img-src 'self' data: www.afip.gob.ar www.argentina.gob.ar modo.onelink.me *.playdigital.com.ar https://t.co https://analytics.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://assets.mobile.preprod.playdigital.com.ar https://assets.mobile.qa.playdigital.com.ar https://assets.mobile.develop.playdigital.com.ar https://assets.mobile.playdigital.com.ar https://s3.amazonaws.com https://www.google.com a.storyblok.com www.google.com.ar www.facebook.com storage.googleapis.com www.googletagmanager.com *.doubleclick.net *.salesforce.com *.my.salesforce.com *.force.com *.file.force.com *.my.site.com https://cdn.freshdesk.com https://px.ads.linkedin.com;manifest-src 'self';media-src https://storage.googleapis.com *.playdigital.com.ar *.googleapis.com;object-src https://amplitude.com;prefetch-src 'self';script-src 'self' 'unsafe-inline' https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://connect.facebook.net https://go.botmaker.com https://*.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com https://www.googleadservices.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.freshbots.ai https://*.botmaker.com https://storage.googleapis.com https://cdn2.botmaker.com;worker-src 'self' *.modo.com.ar blob:;script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://go.botmaker.com https://*.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com;report-uri /api/reporting;report-to /api/reporting; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net *.sentry-cdn.com *.adobedtm.com https://*.qualtrics.com api.wire.spbx.app blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com *.wistia.com; img-src 'self' www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms id.rlcdn.com segments.company-target.com tags.srv.stackadapt.com ad.doubleclick.net www.google.co.in *.prod.acquia-sites.com *.apple.com *.advanceinsurance.com https://*.qualtrics.com *.mdhv.io api.wire.spbx.app *.adsrvr.org data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com www.kff.org s.company-target.com https://*.qualtrics.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.wistia.net *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com bcbsks.data.adobedc.net adobedc.demdex.net https://*.qualtrics.com *.sentry-cdn.com *.adsrvr.org; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://connectwidgets.sutherlandconnect.com newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://ckf02.lancsd.org https://bam.nr-data.net https://js-agent.newrelic.com http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdn.sutherland.ai/messenger/twix/build/js/sgs-bundle.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://challenges.cloudflare.com/turnstile/v0/api.js https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://marspulse.my.site.com/ESWMWEinsteinBotGeneri1749101303349/assets/js/bootstrap.min.js https://analytics.tiktok.com https://analytics.tiktok.com/* https://tr.snapchat.com/* https://tr.snapchat.com https://*.bazaarvoice.com https://static.searchstax.com/studio-js/v3/js/studio-analytics.js; object-src 'none'; frame-src 'self' blob: https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://challenges.cloudflare.com/ https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://analytics.tiktok.com https://www.youtube-nocookie.com/ https://*.bazaarvoice.com.net https://www.youtube-nocookie.com https://www.facebook.com; child-src blob: 1 default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com fonts.googleapis.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com papi.hobex.at; navigate-to 'self' https: 1 default-src 'self'; font-src *;img-src * data:; script-src *; style-src * https:; 1 frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com https://*.cevalogistics.com https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 1 default-src 'self' ; script-src 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' oppwa.com *.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.snapchat.com snapchat.com *.medallia.eu medallia.eu *.tealiumiq.com tealiumiq.com *.outbrain.com outbrain.com *.paypal.com paypal.com reddit.com *.reddit.com *; frame-src 'self' directus.br.extranet.addmore.cloud oppwa.com *.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com *.snapchat.com snapchat.com *.googletagmanager.com googletagmanager.com *.paypal.com paypal.com; img-src 'self' data: 'unsafe-inline' oppwa.com *.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com *.bing.net bing.net maps.gstatic.com *.googletagmanager.com googletagmanager.com *.outbrain.com outbrain.com *.paypalobjects.com paypalobjects.com reddit.com *.reddit.com; media-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' oppwa.com *.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com *.sc-static.net sc-static.net *.snapchat.com snapchat.com *.outbrain.com outbrain.com *.paypal.com paypal.com redditstatic.com *.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline' *; worker-src 'self' blob: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.googleapis.com https://cdn.addevent.com https://platform.twitter.com embed.aidaform.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://partner.googleadservices.com https://*.list-manage.com https://*.clarity.ms https://c.bing.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.google.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net https://cdn-images.mailchimp.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://flo.uri.sh https://api.mapbox.com https://app.powerbi.com https://data.humdata.org https://drive.google.com calendar.google.com https://www.youtube.com https://datawrapper.dwcdn.net https://teamup.com https://lookerstudio.google.com https://experience.arcgis.com https://public.tableau.com https://rrmniger.azurewebsites.net/ *.unocha.org https://*.addevent.com https://cdn.knightlab.com https://dashboards.impact-initiatives.org https://docs.google.com https://e.infogram.com https://jmmi-northernsyria.shinyapps.io https://logie.logcluster.org https://m.facebook.com https://miro.com https://spxih.mjt.lu https://turkiyeeq.thedeep.io https://ukraine.servicesadvisor.net https://unhcr.carto.com https://www.arcgis.com https://www.facebook.com https://rwsupport.aidaform.com https://analytics.wfp.org *.un.org https://cdnapisec.kaltura.com https://vimeo.com https://player.vimeo.com https://ukraine.servicesadvisor.net https://*.kobotoolbox.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' *.google-analytics.com *.jsdelivr.net *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com/ns.html *.cookielaw.org *.licdn.com *.ads-twitter.com *.facebook.net https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://www.youtube.com https://cdnjs.cloudflare.com *.gstatic.com https://incyte.piwik.pro; style-src 'unsafe-inline' 'self' *.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' *.google-analytics.com *.facebook.com *.linkedin.com *.blob.core.windows.net *.azureedge.net *.cookielaw.org *.google.com *.google.co.in analytics.twitter.com t.co px.ads.linkedin.com px.ads.linkedin.com.x cdn.incyte.com data: *.googletagmanager.com *.opendns.com; media-src 'self' *.google-analytics.com *.blob.core.windows.net *.azureedge.net https://cdn.incyte.com; frame-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com *.facebook.com *.facebook.net *.youtube-nocookie.com; frame-ancestors 'self'; child-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src *; report-uri /report-csp-violation 1 default-src 'self'; frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com https://forms.hsforms.com https://www.googletagmanager.com https://tags.austinregionalclinic.com; frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://vmecharttest3 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://maps.googleapis.com https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://vmecharttest3 https://snap.licdn.com https://www.googletagmanager.com https://tags.austinregionalclinic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://code.jquery.com; form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com; img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://maps.gstatic.com https://hyropublic.blob.core.windows.net https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com https://www.google.com https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.googletagmanager.com; connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net wss://web.hyro.ws/widget-client https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://app.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com https://tags.austinregionalclinic.com; object-src 'none'; base-uri 'self'; media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1 default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.winsim.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://livechat.winsim.de wss://livechat.winsim.de https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-d22453dde92df88734ec4eef7c748db4' 'nonce-cf5284b32735785170ae1f9f3f59c959' 'nonce-a602f4b663256d36b7118e6e2669e7cb' 'nonce-28d2fb083189f463433b1a3ac08751b5' 'nonce-3d314e4daeef906c7a40696a872676fc' 'nonce-b193a4bc264613630bbd77c378380439' 'nonce-bc9a2ad2e4e3d26fb28bcf3e34710b1c' 'nonce-f1f775c527b8e31cf600ea3ae51b9766' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-d22453dde92df88734ec4eef7c748db4' 'nonce-cf5284b32735785170ae1f9f3f59c959' 'nonce-a602f4b663256d36b7118e6e2669e7cb' 'nonce-28d2fb083189f463433b1a3ac08751b5' 'nonce-3d314e4daeef906c7a40696a872676fc' 'nonce-b193a4bc264613630bbd77c378380439' 'nonce-bc9a2ad2e4e3d26fb28bcf3e34710b1c' 'nonce-f1f775c527b8e31cf600ea3ae51b9766' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' blob: *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.google.fr *.googleadservices.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io calendly.com *.calendly.com *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.privacy-center.org *.helo-activation.fr *.blackfire.io google.com *.googleapis.com modelviewer.dev formulaires-de-contact.fr; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr *.youtube.com *.vimeo.com *.atlantic.fr *.cookiebot.com *.doubleclick.net *.vectary.com *.instagram.com *.facebook.com *.cdninstagram.com *.googletagmanager.com *.pinterest.com calendly.com *.calendly.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com formulaires-de-contact.fr; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com *.privacy-center.org *.google.fr *.googleadservices.com modelviewer.dev; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.privacy-center.org *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.pinterest.com *.googletagmanager.com *.groupe-atlantic.com *.cookiebot.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.google-analytics.com *.soyooz.com *.mxpnl.com code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com *.blackfire.io googleads.g.doubleclick.net *.facebook.net *.tradelab.fr *.pinimg.com *.inbenta.services *.inbenta.io calendly.com *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com *.privacy-center.org *.googleapis.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.calendly.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.privacy-center.org 1 default-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: *.openstreetmap.org ; media-src 'self' ; font-src 'self' ; frame-src 'self' data: ; connect-src 'self' data: ; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.sim.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim.de https://livechat.sim.de wss://livechat.sim.de https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-6da329a188f0228830cd89819da9ce77' 'nonce-18c2073b3bd67524c3ed865de5692f56' 'nonce-9bd9f9447e97b10cd70464c847f0a5bc' 'nonce-3e5f6c282316bce41d378be864c82219' 'nonce-d8569fe2497379e454101558616645e3' 'nonce-2d51dc9c313d9b0c4195a22cfd9effa0' 'nonce-b729a220eecb11046860b7ae1f9ed86f' 'nonce-89dab012eeeaaf026374f3451f491237' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6da329a188f0228830cd89819da9ce77' 'nonce-18c2073b3bd67524c3ed865de5692f56' 'nonce-9bd9f9447e97b10cd70464c847f0a5bc' 'nonce-3e5f6c282316bce41d378be864c82219' 'nonce-d8569fe2497379e454101558616645e3' 'nonce-2d51dc9c313d9b0c4195a22cfd9effa0' 'nonce-b729a220eecb11046860b7ae1f9ed86f' 'nonce-89dab012eeeaaf026374f3451f491237' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://fonts.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://stats.g.doubleclick.net https://tools.applemediaservices.com https://*.apple.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1 default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src 'self' https://www.googletagmanager.com/ data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://app.privally.global/ https://js.hsforms.net/forms/embed/v2.js https://plugin.handtalk.me/ https://unpkg.com/blip-chat-widget https://static.unimedbh.io/portal/lingueta/js/lingueta.js https://js.hs-banner.com/v2/20542755/banner.js https://js.hscollectedforms.net/collectedforms.js https://js.hubspot.com/web-interactives-embed.js https://static.hotjar.com/c/hotjar-2350481.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/ https://script.hotjar.com/ https://www.google.com https://www.gstatic.com https://static.addtoany.com https://cdn.jsdelivr.net https://static.unimedbh.io https://www.youtube.com https://static.ads-twitter.com https://adsplay.com.br https://cdnjs.cloudflare.com ; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com https://www.googletagmanager.com/ https://*.fls.doubleclick.net/; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1 base-uri 'none';connect-src 'self' http://localhost:3001 http://127.0.0.1:3001 *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google.se *.google-analytics.com *.convertexperiments.com *.metrics.convertexperiments.com logs.convertexperiments.com *.convert.com *.oresundsbron.com *.adnxs.com *.bing.com *.bing.net *.clarity.ms *.facebook.com *.googleadservices.com *.powerplatform.com *.botframework.com wss://*.botframework.com *.quicksearch.se;font-src 'self' https://fonts.gstatic.com data:;form-action 'self' https://www.facebook.com;frame-ancestors 'self' https://app.contentful.com https://app.eu.contentful.com https://app.convert.com;img-src 'self' data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://region1.google-analytics.com *.bing.com *.bing.net *.clarity.ms blob: *.quicksearch.se;manifest-src 'self';media-src 'self' data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.convertexperiments.com *.metrics.convertexperiments.com logs.convertexperiments.com *.convert.com *.powerplatform.com *.bing.com *.bing.net *.clarity.ms *.botframework.com *.quicksearch.se;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.bing.com *.bing.net *.clarity.ms *.quicksearch.se;worker-src 'self'; 1 frame-ancestors 'self' https://twitter.com; 1 frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self' https://ajax.aspnetcdn.com https://mozaikportail.ca/;object-src 'none';frame-ancestors 'none';base-uri 'self';style-src 'self' 'unsafe-inline' https://ajax.aspnetcdn.com https://www.gstatic.com/recaptcha/ https://mozaikportail.ca/;script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://ajax.aspnetcdn.com https://www.gstatic.com/recaptcha/ https://mozaikportail.ca/;frame-src *;img-src *;upgrade-insecure-requests; 1 frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com pendo-static-5983075502653440.storage.googleapis.com *.pendo.io *.bing.com *.virtualearth.net cdn.qlikcloud.com *.newrelic.com *.nr-data.net; worker-src blob: 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.luckyorange.com https://*.googleapis.com; style-src *; img-src *; data:; connect-src https://*.luckyorange.com https://*.googleapis.com https://*.cloudflare.com https://*.mailchimp.com wss://*.visitors.live https://*.book4time.com https://*.salesforce.com https://*.googletagmanager.com https://*.boomtrain.com/ https://*.gstatic.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.chimpstatic.com https://*.list-manage.com;font-src * data: https://*.luckyorange.com; frame-src https://*.luckyorange.com https://*.book4time.com; worker-src blob:; media-src * data:; 1 script-src https://counter.simplybook.me https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-e047a7d06bbef8628e7fa42c6794d7c4'; child-src blob: ; frame-src * 1 default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src 'self' data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.analytics.google.com https://www.google.com https://checkout.stripe.com https://api.stripe.com https://*.ads.linkedin.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net r2cdn.perplexity.ai; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com https://px.ads.linkedin.com https://www.linkedin.com/px; object-src https://s3-eu-west-1.amazonaws.com/catapush-cdn/; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://js.stripe.com https://js.hsforms.net/forms/v2.js https://snap.licdn.com https://*.ads.linkedin.com 'report-sample' 'unsafe-inline' 'nonce-2WhMyDs3KyFOsscIigiZWA=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1 default-src 'self' data: https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self' https://ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: https://*.ckeditor.com https://*.clarity.ms/ https://*.teads.tv https://aax-eu.amazon-adsystem.com https://ams.creativecdn.com https://ara.paa-reporting-advertising.amazon https://c.amazon-adsystem.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://ecosystem.matomo.cloud https://insight.adsrvr.org https://maps.googleapis.com https://p1.outbrain.com https://region1.analytics.google.com https://region1.google-analytics.com https://static1.r66net.com https://stats.g.doubleclick.net https://www.google.com; frame-src 'self' https://*.doubleclick.net https://*.greenconnected.fr https://aax-eu.amazon-adsystem.com https://ams.creativecdn.com https://bonusqualirepar.ecosystem.eco https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://ecosystemfrance.qualtrics.com https://form.jotform.com https://insight.adsrvr.org https://match.adsrvr.org https://page.ecosystem.eco https://portail-reparateurs.ecosystem.eco https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.adveris.dev https://*.clarity.ms/ https://*.doubleclick.net https://*.ecosystem.eco https://*.teads.tv https://*.tracker.adotmob.com https://ads-engagement.presage.io https://adservice.google.com https://cm.creativecdn.com https://ih.adscale.de https://img.youtube.com https://imgsct.cookiebot.com https://insight.adsrvr.org https://jedonnemontelephone.fr https://ks1.b26net.com https://ks1.invibes.com https://maps.googleapis.com https://maps.gstatic.com https://pixel.rubiconproject.com https://r.phywi.org https://rt.udmserve.net https://track.adform.net https://www.img-static.com https://www.google.fr https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://*.ecosystem.eco; object-src 'none'; script-src 'unsafe-inline' 'self' https://*.clarity.ms/ https://ads-engagement.presage.io https://c.amazon-adsystem.com https://cdn.datatables.net https://cdn.matomo.cloud https://cdn.powerspace.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://fonts.googleapis.com https://insight.adsrvr.org https://js.adsrvr.org https://k.r66net.com https://maps.googleapis.com https://p.teads.tv https://s2.adform.net https://static.r66net.net https://tags.creativecdn.com https://track.adform.net https://www.googletagmanager.com https://www.youtube.com; style-src 'unsafe-inline' 'self' https://cdn.datatables.net https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; worker-src https://www.ecosystem.eco/34648096-9534-4a73-990c-2fd2a4560e51 1 default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-80aed628ad252653c211f2f7e90afae6' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-80aed628ad252653c211f2f7e90afae6' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com; object-src 'self' *.interiorhealth.ca; style-src 'self' 'unsafe-inline' *.interiorhealth.ca fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com d2hxmxr8sknmfu.cloudfront.net; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com wss://*.ca-central-1.amazonaws.com 1 script-src 'self' 'unsafe-eval' 'nonce-d953998a48db48fbd5f0569793d6a07c' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de https://*.trustedshops.com https://*.etrusted.com; style-src 'self' 'nonce-d953998a48db48fbd5f0569793d6a07c' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U=' 'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU=' 'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4=' 'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o=' 'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A=' 'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0=' 'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg=' 'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0=' 'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk=' 'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k=' 'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g=' 'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM=' 'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc=' 'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI=' 'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8=' 'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA=' 'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw=' 'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA=' 'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs=' 'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0=' 'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU=' 'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8=' 'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM=' 'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60=' 'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk=' 'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA=' 'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4=' 'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA=' 'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0=' 'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY=' 'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4=' 'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA=' 'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI=' 'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE=' 'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI=' 'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo=' 'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg=' 'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8=' 'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk=' 'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4=' 'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y=' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://assets.adobedtm.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://public.flourish.studio/ https://www.recaptcha.net https://www.gstatic.com https://*.google.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://code.jquery.com https://cdnjs.cloudflare.com; img-src 'self' data: https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.googlesyndication.com https://pagead2.googlesyndication.com https://worldbankgroup.sc.omtrdc.net https://smetrics.miga.org https://*.twitter.com https://*.t.co https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.linkedin.com https://*.worldbank.org https://cm.everesttech.net; frame-src 'self' https://www.youtube.com https://world-bank-editorial.shorthandstories.com https://flo.uri.sh/ https://stories.worldbank.org/ https://www.recaptcha.net https://www.google.com https://www.gstatic.com https://*.demdex.net; frame-ancestors 'none'; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://dpm.demdex.net https://public.flourish.studio https://worldbankgroup.sc.omtrdc.net https://*.tt.omtrdc.net https://smetrics.miga.org https://trustfunds.worldbank.org https://*.t.co https://*.google.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.googlesyndication.com https://pagead2.googlesyndication.com https://*.recaptcha.net https://*.twitter.com https://*.linkedin.com https://*.adobedtm.com https://*.adobedc.net; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://api.tiles.mapbox.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://bam.nr-data.net http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org https://cas.zma.gs/5406ddafe4b098fb1ee80a84/ssr/containers/20f59a2b-d9fe-4355-8530-33c659597e30/init.js https://static.klaviyo.com https://static-tracking.klaviyo.com https://cas.zma.gs https://apps.bazaarvoice.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://mpsnare.iesnare.com/snare.js https://mpsnare.iesnare.com/script/logo.js https://snap.licdn.com https://www.upsellit.com https://googleads.g.doubleclick.net https://d.impactradius-event.com https://googleads.g.doubleclick.net https://app.upsellit.com cdn.pricespider.com https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://px.ads.linkedin.com https://analytics.tiktok.com https://tr.snapchat.com https://connect.letslinc.com https://bat.bing.com https://static.searchstax.com/studio-js/v3/js/studio-analytics.js https://cdn.wayvia.com/1/5585/ps-utid.js; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://privacyportal.onetrust.com https://stage.brandsitedata.mars.com/orchard_vr/vr.html https://td.doubleclick.net https://ct.pinterest.com https://care.letslinc.com https://www.youtube-nocookie.com; child-src blob: 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1 default-src 'self'; base-uri 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1 frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 1 default-src 'self'; child-src data: blob:; connect-src 'self' *.aticdn.net *.cdnbasket.net *.cookiebot.com *.googleapis.com *.hotjar.com *.hotjar.io *.onconnect-coach.3slab.fr *.payline.com *.suez.com *.xiti.com bam.eu01.nr-data.net bam.nr-data.net data.gouv.nc ids.cdnwidget.com payline.com smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net stats.g.doubleclick.net ws.livingactor.com data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com wss://*.hotjar.com actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.jsdelivr.net *.jsdelivr.net general-runtime.voiceflow.com *.baker-park.com *.voiceflow.com runtime-api.voiceflow.com suez-search-engine.baker-park.com wss://*.voiceflow.com wss://*.baker-park.com; font-src 'self' data: *.hotjar.com *.payline.com *.suez.com fonts.gstatic.com payline.com smartsolution-onconnectcoach.azureedge.net *.suez.com actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com suez-cdn.baker-park.com suez-search-engine.baker-park.com; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-ancestors 'self' https://eco-gagnant-recette.stellio.io/ https://eco-gagnant.cud.fr https://seleniumbase.io/; frame-src 'self' data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com *.qualtrics.com *.cloudflare.com *.voiceflow.com *.baker-park.com suez-search-engine.baker-park.com; img-src 'self' data: blob: *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.hotjar.com *.payline.com *.suez.com *.youtube-nocookie.com *.youtube.com api.cabestan.com cdn1.iconfinder.com cloudfront.net maps.googleapis.com maps.gstatic.com payline.com smartsolution-onconnectcoach.azureedge.net www.googletagmanager.com *.suez.com *.cookiebot.com cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.voiceflow.com general-runtime.voiceflow.com *.baker-park.com cm4-production-assets.s3.amazonaws.com suez-search-engine.baker-park.com; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net suez-search-engine.baker-park.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ati-host.net *.aticdn.net *.atinternet-solutions.com *.atinternet.com *.atinternet.io *.capadresse.com *.cdnwidget.com d13qcyivyon4xf.cloudfront.net *.cookiebot.com *.google.com *.google.com/maps *.hotjar.com *.js-agent.newrelic.com *.newrelic.com *.onconnect-coach.3slab.fr *.payline.com *.piano.io *.suez.com *.xiti.com ajax.cloudflare.com bam.nr-data.net maps.googleapis.com fonts.googleapis.com smartsolution-smartcoach.azureedge.net suez-eau-france.dimelochat.com ws.livingactor.com www.googletagmanager.com www.gstatic.com *.cloudflare.com cdn.jsdelivr.net actorssl-5637.kxcdn.com cdnactor.myfeelback.com *.skeepers.io cdn.voiceflow.com suez-cdn.baker-park.com general-runtime.voiceflow.com runtime-api.voiceflow.com blob: suez-search-engine.baker-park.com ; style-src 'self' 'unsafe-inline' *.cloudfront.net *.googleapis.com *.hotjar.com *.payline.com *.suez.com fonts.googleapis.com payline.com smartsolution-smartcoach.azureedge.net www.gstatic.com *.googleapis.com *.suez.com cdn.jsdelivr.net actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io cdn.voiceflow.com suez-cdn.baker-park.com suez-search-engine.baker-park.com; worker-src blob: 1 "default-src *" 1 frame-ancestors 'self'; report-uri /report-csp-violation 1 base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-citQlOQjsHJ/VHz3cYfvaA=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1 default-src 'none'; block-all-mixed-content; connect-src 'self' *.abtasty.com *.bing.com *.bing.net *.clarity.ms *.google.com *.google.fr *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.infra-hellowork.com *.nr-data.net *.regionsjob.com *.twitter.com api.typeform.eu cdn.jsdelivr.net/gh/magma-app/magma-widget@latest/src/widget-v3.min.js googleads.g.doubleclick.net vimeo.com *.mixpanel.com; font-src 'self' fonts.cdnfonts.com/s/14903/ *.abtasty.com; frame-ancestors 'self'; frame-src 'self' *.abtasty.com *.francetv.fr *.frcapi.com *.googletagmanager.com *.instagram.com *.linkedin.com *.magma.app *.podcasts.apple.com *.slideshare.net *.soundcloud.com *.tiktok.com *.ttwstatic.com *.twitter.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.youtube.br *.youtube.com form.typeform.eu td.doubleclick.net datawrapper.dwcdn.net calendly.com; img-src 'self' data: *.abtasty.com *.bing.com *.bing.net *.facebook.com *.google.com *.google.fr *.googleadservices.com *.googletagmanager.com *.hellowork.com *.osm.org *.tile.openstreetmap.fr tile.openstreetmap.org *.twitter.com *.vimeocdn.com diplomeo.com https://i.hellowork.com diplomeo-static.com googleads.g.doubleclick.net *.googlesyndication.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' embed.typeform.com *.abtasty.com *.aticdn.net *.bing.com *.bing.net *.clarity.ms *.dev-hellowork.com *.facebook.com *.google.com *.google.fr *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.infra-hellowork.com *.instagram.com *.regionsjob.com *.tiktok.com *.ttwstatic.com *.twitter.com *.youtube-nocookie.com *.youtube.br *.youtube.com googleads.g.doubleclick.net *.mixpanel.com 'unsafe-inline' 'nonce-A07Abwjf9ZS5UoFKjDUL4w=='; style-src 'self' 'unsafe-inline' *.abtasty.com *.hellowork.com *.ttwstatic.com embed.typeform.com fonts.cdnfonts.com/css/sofia-pro; report-uri /nelmio/csp/report 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' *.sessioncam.com *.cloudfront.net *.snapchat.com *.cookielaw.org *.tintup.com *.snapchat.com *.amazon-adsystem.com https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.googleapis.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.betrad.com *.youtube.com *.evidon.com *.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net *.doubleclick.net *.hypemarks.com *.gstatic.com *.krxd.net *.adimo.co *.bazaarvoice.com *.iesnare.com *.googleadservices.com *.hotjar.com *.pricespider.com *.yahoo.com *.doubleclick.net *.hotjar.com *.nestle.co.uk *.google.com *.googleoptimize.com *.adsrvr.org *.gbqofs.com *.usabilla.com:* *.fusepump.com:* bam.nr-data.net:* *.locate.com:* *.mapbox.com:* *.pricespider.com:* *.sc-static.net *.snapchat.com *.tintup.com *.sc-static.net tintup.com:* sc-static.net:* *.cookielaw.org *.googletagmanager.com:* *.amazon-adsystem.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.addtoany.com *.jsdelivr.net *.cloudflare.com *.pinterest.com *.pinimg.com *.brightcove.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://nestlecesomni.my.site.com https://*.qualtrics.com https://nestlecesomni--preprod.sandbox.my.site.com https://advocacy.trueloyal.com/; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com *.typography.com *.google.com *.fontawesome.com *.nestle.co.uk *.pricespider.com:* *.mapbox.com:* *.cloudfront.net *.salesforce.com *.bazaarvoice.com *.adimo.co *.salesforce-sites.com https://nestlecesomni.my.site.com https://nestlecesomni--preprod.sandbox.my.site.com; img-src 'self' 'unsafe-inline' https: data: blob: *.googleapis.com *.gstatic.com *.cloudflare.com *.semasio.net *.sessioncam.com *.cloudfront.net *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.krxd.net *.starbucksathome.com *.adimo.co *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com *.google.co.in google-analytics.com *.google.com *.pantheonsite.io *.cookielaw.org *.pricespider.com:* *.adsrvr.org:* *.google.com *.google-analytics.com *.usabilla.com *.demdex.net *.yahoo.com *.bluekai.com *.imrworldwide.com *.sharethrough.com *.truoptik.com *.dotomi.com *.insightexpressai.com *.ml314.com *.amazon-adsystem.com *.googletagmanager.com *.eb2.3lift.com *.dr.mookie1.com *.track2.securedvisit.com *.mid.rkdms.com *.eb2.3lift.com https://app.optimizely.com https://cdn.optimizely.com https://siteintercept.qualtrics.com/; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com https://nestlecesomni.my.salesforce-scrt.com; frame-src 'self' *.addtoany.com *.youtube.com *.evidon.com *.fls.doubleclick.net *.youtube-nocookie.com *.hypemarks.com *.fusepump.com *.google.com *.krxd.net l3.evidon.com *.adimo.co *.bazaarvoice.com *.netsuite.com *.hotjar.com *.doubleclick.net *.netsuite.com *.flashtalking.com *.google.com *.tintup.com *.amazon-adsystem.com *.facebook.com *.adsrvr.org *.salesforce.com *.snapchat.com *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.pinterest.com *.adsrvr.org *.googletagmanager.com *.usabilla.com https://starbucks.jebbit.com/ https://a5763127292198912.cdn.optimizely.com https://a5763127292198912.cdn-pci.optimizely.com *.salesforce-sites.com https://*.qualtrics.com https://nestlecesomni.my.site.com/ https://nestlecesomni.my.site.com https://nestlecesomni.my.site.com/ESWUSMIAWAtHomeStarbuck1770364492806/assets/htdocs/sitecontext.min.html https://*.qualtrics.com https://nestlecesomni--preprod.sandbox.my.site.com/ https://nestlecesomni--preprod.sandbox.my.site.com https://nestlecesomni--preprod.sandbox.my.site.com/ESWUSMIAWAtHomeStarbuck1770364492806/assets/htdocs/sitecontext.min.html https://advocacy.trueloyal.com/; frame-ancestors 'self' *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.hypemarks.com *.usabilla.com https://starbucks.jebbit.com/ *.salesforce-sites.com https://nestlecesomni.my.site.com https://nestlecesomni.my.site.com/ https://nestlecesomni--preprod.sandbox.my.site.com; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com http://live-dig0028606-coffee-starbucks-usa.pantheonsite.io https://live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io https.live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io blob: https://*.optimizely.com; font-src 'self' data: *.gstatic.com *.fontawesome.com *.cloudflare.com; connect-src 'self' *.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.analyze.ly *.serving-sys.com *.doubleclick.net *.iriworldwide.com *.bazaarvoice.com *.hotjar.io *.nr-data.net *.bing.com *.nestle.gbqofs.io *.pricespider.com:* *.mapbox.com:* *.usabilla.com *.google-analytics.com *.clarity.ms *.tintup.com *.amazonaws.com *.snapchat.com *.cookielaw.org *.onetrust.com *.bam.nr-data.net bam.nr-data.net:* *.pinterest.com *.google.com *.google-analytics.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com https://*.optimizely.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://*.qualtrics.com https://nestlecesomni.my.site.com https://nestlecesomni.my.site.com/ https://nestlecesomni.my.salesforce-scrt.com/embeddedservice/v1/embedded-service-config https://nestlecesomni.my.salesforce-scrt.com/embeddedservice/v1/businesshours https://cdnjs.cloudflare.com https://s.pinimg.com/ https://nestlecesomni.my.salesforce-scrt.com https://nestlecesomni--preprod.sandbox.my.site.com https://nestlecesomni--preprod.sandbox.my.salesforce-scrt.com/embeddedservice/v1/embedded-service-config https://nestlecesomni--preprod.sandbox.my.salesforce-scrt.com/embeddedservice/v1/businesshours https://advocacy.trueloyal.com/ 1 font-src 'self'; 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://piwik.bioeg.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/ ; frame-src *.frcapi.com 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.sitkainsights.com/ https://*.newrelic.com/ https://*.youtube.com/ https://*.google.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://*.recyclecoach.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; img-src 'self' data: blob: https://*.youtube.com/ https://*.ytimg.com/ https://*.twimg.com/ https://*.xx.fbcdn.net/ https://*.cdninstagram.com/ https://*.ggpht.com/ https://*.recyclecoach.com/ https://*.tableau.com/ https://*.googletagmanager.com/ https://*.zscloud.net/ https://*.gstatic.com/ https://*.google.com/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; object-src 'self' data: blob: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net https://*.podbean.com/; frame-src 'self' data: blob: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net https://*.podbean.com/; 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; style-src https: 'unsafe-inline' https://hfmt-koeln.de https://*.hfmt-koeln.de https://metrics.mehrwert.de https://www.instagram.com https://static.cdninstagram.com; frame-src 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de https://www.youtube-nocookie.com https://www.youtube.com https://*.b-ite.com https://www.instagram.com https://static.cdninstagram.com; frame-ancestors 'self' https://hfmt-koeln.de https://*.hfmt-koeln.de https://*.hfmt.mwsrv.de; 1 default-src 'unsafe-inline' 'unsafe-eval' https: blob:;img-src * data: blob:;font-src * data:; 1 default-src 'self'; script-src 'self'; img-src 'self' 1 frame-ancestors 'self' bewerbung.jobs 1 default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com analytics.imirwin.com partner.googleservices.com partner.googleadservices.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com *.gstatic.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.google.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com td.doubleclick.net syndicatedsearch.goog;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com analytics.imirwin.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1 default-src 'self'; base-uri 'none'; connect-src 'self' www.google-analytics.com *.analytics.google.com *.google-analytics.com wss://www.joa.fr stats.g.doubleclick.net maps.googleapis.com www.novaresa.net www.joa.fr consentcdn.cookiebot.com consent.cookiebot.com www.facebook.com cxppusa1formui01cdnsa01-endpoint.azureedge.net *.dynamics.com; font-src 'self' data:; frame-ancestors https://enplug.com https://*.enplug.com cxppusa1formui01cdnsa01-endpoint.azureedge.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com module.lafourchette.com widget.thefork.com *.weezevent.com ubishaker.com t.regionsjob.com *.gaming1.com www.google.com widget.fanzo.com www.facebook.com consentcdn.cookiebot.com *.paperform.co; img-src 'self' www.googletagmanager.com media.joa.fr www.google-analytics.com ytimg.com i.ytimg.com img.youtube.com www.facebook.com www.google.com www.google.fr maps.googleapis.com *.gstatic.com data: blob: www.novaresa.net novaresa.net icons.batch.com www.google.ch www.google.hr www.google.lu www.joa.fr www.tripadvisor.fr via.batch.com apply.indeed.com brand.joa.fr media.ffycdn.net assets-fra.mkt.dynamics.com http://imgsct.cookiebot.com https://imgsct.cookiebot.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com www.youtube.com connect.facebook.net maps.googleapis.com www.novaresa.net www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.joa.fr www.weezevent.com t.regionsjob.com paperform.co static.cloudflareinsights.com cdnjs.cloudflare.com cxppusa1formui01cdnsa01-endpoint.azureedge.net brand.joa.fr; style-src 'self' 'unsafe-inline' www.novaresa.net www.googletagmanager.com; upgrade-insecure-requests; report-uri /csp 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club blob:; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.tiktokw.us https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://www.buymusic.club wss://ws.hotjar.com https://*.hcaptcha.com https://www.google.com https://www.googletagmanager.com https://api.friendlycaptcha.com https://pagead2.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors 'none'; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com https://www.googletagmanager.com/ https://td.doubleclick.net/ https://wdgt.slinger.to https://global.frcapi.com; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com https://*.licdn.com https://*.snapchat.com https://widget.slinger.to https://analytics.tiktok.com https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk@0.2.0/site.min.js https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk@0.2.0/site.compat.min.js 'nonce-nrZ56MBJhJoO4X37wnp5lw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com https://widget.slinger.to; upgrade-insecure-requests 1 frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' * blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1 block-all-mixed-content; upgrade-insecure-requests 1 frame-ancestors 'self' aviloo--uat.sandbox.my.site.com site.com checkjeaccu.nl www.checkjeaccu.nl 1 default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com www.googleadservices.com crmweb.burkert.com cloud.ccm19.de *.snitcher.com sst.burkert.com googleads.g.doubleclick.net deliver.raptorstatic.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com googleads.g.doubleclick.net cloud.ccm19.de; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com cloud.ccm19.de; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' data: www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net crmweb.burkert.com cloud.ccm19.de *.snitcher.com sst.burkert.com scnem.com scnem2.com mapsresources-pa.googleapis.com t.raptorsmartadvisor.com; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.googletagmanager.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com scnem2.com customerwidget.telavox.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1 child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1 base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com *.tableau.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com *.tableau.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=sDwra%2Bz8%2FNUJ4qTYAmd4CmxgHYfX4QAZP3H4gcjCsIzzO12cpBPGIOScwovCHaReHvACNdnbLl%2B3FPS8k983zg%3D%3D; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.analytics.google.com https://*.googlesyndication.com http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1 default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org piwik.bzga.de eu.frcapi.com; style-src 'self' 'unsafe-inline';font-src 'self' data:; media-src 'self' *.stage.bio; connect-src 'self' nominatim.openstreetmap.org ws://socket.stage.bio *.stage.bio piwik.bzga.de; img-src 'self' data: piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de *.stage.bio; frame-ancestors 'self'; 1 default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl blob:; worker-src blob:; frame-ancestors 'self' *.ufg.pl; 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1 base-uri 'none'; default-src 'self'; child-src https://*.yachtbuyer.com https://www.youtube.com https://www.google.com https://www.facebook.com https://iframe.mediadelivery.net; connect-src 'self' https://a.yachtbuyer.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.facebook.com https://zoom.yachtcast.net https://error.dfusion.com https://*.clarity.ms https://*.b-cdn.net; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://www.facebook.com; frame-ancestors https://*.yachtbuyer.com; img-src 'self' https://*.yachtbuyer.com https://*.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://*.googletagmanager.com https://www.google.com https://www.bugherd.com https://www.facebook.com https://zoom.yachtcast.net https://i.ytimg.com https://img.youtube.com https://*.clarity.ms https://*.b-cdn.net https://i.vimeocdn.com blob: data:; media-src 'self' https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https://*.yachtbuyer.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.youtube.com https://connect.facebook.net https://browser.sentry-cdn.com https://*.clarity.ms https://assets.mediadelivery.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://www.bugherd.com 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; 1 report-to 'self' ; child-src 'self' ; connect-src 'self' *.opentech.fund *.wpengine.com *.yoast.com *.cloudflareaccess.com *.googleapis.com; default-src 'self' ; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.opentech.fund *.gstatic.com *.bootstrapcdn.com 'self' data: *.cloudflareaccess.com; form-action 'self' ; frame-src 'self' *.opentech.fund *.youtube.com *.hrmdirect.com *.cloudflareaccess.com; frame-ancestors 'self' ; img-src 'self' 'self' data: *.w.org *.gravatar.com *.gstatic.com *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.google.com *.googleapis.com; manifest-src 'self' ; media-src 'self' 'self' data: *.opentech.fund; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' data: *.gstatic.com *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.google.com *.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' 'self' data: *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.google.com *.googleapis.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' 'self' data: *.opentech.fund *.google.com *.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' data: *.gstatic.com *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.googleapis.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' 'self' data: *.hrmdirect.com *.cloudflareaccess.com *.opentech.fund *.googleapis.com *.gstatic.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' 'self' data: *.cloudflareaccess.com *.opentech.fund *.googleapis.com *.gstatic.com; worker-src 'self' ; 1 frame-ancestors https://goloadup.com 1 default-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookieyes.com cdn-cookieyes.com *.googleapis.com www.google.com *.analytics.google.com matomo.cerfrance.fr stats.g.doubleclick.net *.google-analytics.com *.tawk.to wss://*.tawk.to pagead2.googlesyndication.com www.googletagmanager.com www.googleadservices.com www.google.fr googleads.g.doubleclick.net static.partoo.co api.partoo.co; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to unpkg.com; frame-ancestors 'self' www.google.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.google.com *.businesscomm.fr/ www.googletagmanager.com com.cerfrance.fr semantics-chat.wikit.ai; img-src 'self' com.cerfrance.fr *.hotjar.com cdn-cookieyes.com data: www.google.com www.google.fr storage.gra.cloud.ovh.net www.googletagmanager.com pagead2.googlesyndication.com lafabrique.cerfrance.fr maps.gstatic.com maps.googleapis.com maps.gstatic.com img.youtube.com *.tawk.to cdn.jsdelivr.net tawk.link fonts.gstatic.com googleads.g.doubleclick.net www.googleadservices.com www.facebook.com atmt-cerfrance-230102100137.cdn-wmk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.hotjar.com www.googletagmanager.com www.google.com www.gstatic.com com.cerfrance.fr *.googleapis.com matomo.cerfrance.fr semantics-chat.wikit.ai *.tawk.to cdn.jsdelivr.net googleads.g.doubleclick.net cdn.partoo.co connect.facebook.net; style-src 'self' 'unsafe-inline' com.cerfrance.fr fonts.googleapis.com *.tawk.to unpkg.com www.googletagmanager.com 1 connect-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru wss://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://api.carrotquest.app https://api.carrottrack.app https://rts-v2.carrotquest.app wss://rts-v2.carrotquest.app https://tracker.comagic.ru https://smartcaptcha.yandexcloud.net https://rutube.ru https://static.rutube.ru https://api.rutube.ru https://smartcaptcha.yandexcloud.net https://captcha-api.yandex.ru https://stats.g.doubleclick.net;default-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://tracker.comagic.ru https://stats.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://maps.google.com http://bitrix.info https://connect.facebook.net https://*.gstatic.com:* https://*.googleapis.com https://www.google.ru https://*.googleadservices.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.maps.yandex.net https://cdnjs.cloudflare.com https://app.comagic.ru https://cllctr.roistat.com https://cloud.roistat.com https://cdn.jsdelivr.net https://cdn.carrotquest.app https://use.fontawesome.com https://www.google.com/recaptcha/ https://smartcaptcha.yandexcloud.net captcha-api.yandex.ru https://yastatic.net:*;style-src 'self' 'unsafe-inline' data: https://mc.yandex.ru:* https://*.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.jsdelivr.net https://*.gstatic.com:*;img-src 'self' data: blob: https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app https://yastatic.net https://*.yastatic.net https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app https://*.api-maps.yandex.ru/ https://*.maps.yandex.net;font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.carrotquest.app https://*.gstatic.com:*;frame-src 'self' data: https://*.youtube.com https://*.youtu.be https://*.yandex.ru https://yandex.ru https://mc.yandex.ru https://www.google.com https://rutube.ru https://smartcaptcha.yandexcloud.net https://*.youtube-nocookie.com;base-uri 'self';form-action 'self' data: ; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://barebells.com/; img-src 'self' data: blob: https://barebells.com/; object-src 'self' data: blob: https://barebells.com/; frame-src 'self' data: blob: https://barebells.com/; 1 default-src 'self'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' https://client.rum.us-east-1.amazonaws.com/1.2.1/cwr.js https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.youtube.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/plugins/identity.js https://connect.facebook.net/signals/config/1525576007456708 https://connect.facebook.net/signals/config/1465344211021108 https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://static.hotjar.com https://*.clarity.ms https://c.bing.com https://api.mapbox.com 'unsafe-inline' https://connect.facebook.net/signals/config/undefined; frame-src 'self' bytedance: sslocal: https://webapi.nawy.com https://listing-api.nawy.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://www.google.com.eg; font-src 'self' data: https://fonts.gstatic.com/ *.googleapis.com; img-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com https://s3.eu-central-1.amazonaws.com https://prod-images.uae.nawy.com https://prod-images.uae.cooingestate.com https://s3.eu-central-1.amazonaws.com https://www.google.com https://www.google.com.eg https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://purecatamphetamine.github.io https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; media-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com https://prod-images.uae.nawy.com https://prod-images.uae.cooingestate.com; connect-src 'self' https://webapi.nawy.com https://listing-api.nawy.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://www.google.com https://www.google.com.eg https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://property-forms-api.cooingestate.com https://platform.cooingestate.com; frame-ancestors 'self' https://partners.nawy.com https://partners.cooingestate.com https://web-sandbox.oaiusercontent.com https://*.web-sandbox.oaiusercontent.com https://chatgpt.com https://*.chatgpt.com https://chat.openai.com https://*.chat.openai.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; manifest-src 'self'; upgrade-insecure-requests; worker-src 'self' blob:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1 default-src 'self'; script-src 'self' blob *.amalgamatedbank.com *.go-mpulse.net bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback *.cookielaw.org *.stackadapt.com *.linkedin.com snap.licdn.com *.facebook.net *.facebook.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ *.conforma.app; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co https://tags.srv.stackadapt.com; img-src 'self' *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com d21y75miwcfqoq.cloudfront.net *.cookielaw.org https://tags.srv.stackadapt.com *.conforma.app; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.conforma.app; frame-src *; child-src blob: *.amalgamatedbank.com; font-src 'self' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.go-mpulse.net abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net *.cookielaw.org *.onetrust.com *.akstat.io https://tags.srv.stackadapt.com *.googletagmanager.com *.linkedin.com snap.licdn.com *.facebook.net *.facebook.com *.conforma.app; report-uri /report-csp-violation 1 child-src 'none'; default-src 'self'; img-src 'self' data:; frame-src https://*.youtube.com https://youtu.be https://*.vimeo.com 'self'; manifest-src 'none'; script-src https://*.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'none'; frame-ancestors 'self'; media-src https://*.youtube.com https://*.vimeo.com https://youtu.be 'self'; report-uri /_csp 1 default-src 'self' https://www.google.com https://recaptcha.google.com https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org https://login.microsoftonline.com https://www.chatbase.co https://www.etracker.com https://www.etracker.de https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; font-src 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de https://www.google.com https://www.chatbase.co https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org https://www.chatbase.co https://www.etracker.com https://backend.chatbase.co https://www.etracker.de https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://www.chatbase.co https://code.etracker.com https://code.etracker.de https://www.etracker.de https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://www.etracker.com https://www.etracker.de https://www.chatbase.co https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://polyfill.io *.google.com *.google.ad *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.ki *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net https://maps.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.google.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://snap.licdn.com https://polyfill.io/v3 https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' *.pumps.circor.com *.circor.com *.youtube.com *.vimeo.com https://js.stripe.com https://consentcdn.cookiebot.com *.doubleclick.net *.google.com https://circor.prod.acquia-sites.com; child-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; connect-src 'self' https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu https://px.ads.linkedin.com wss://ws.hotjar.com https://content.hotjar.io https://www.google.com https://*.google-analytics.com https://metrics.hotjar.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.analytics.google.com https://maps.googleapis.com; report-uri /report-csp-violation 1 default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1 https://client.libertydentalplan.com; https://libertydentalplan.com 1 report-uri https://abgtr7ca.uriports.com/reports/enforce; report-to default; script-src 'self' 'unsafe-eval' 'strict-dynamic' https: 'unsafe-inline' 'sha256-bWtNIEqwd3GmlB74fues3RcTkv/+sez8ANObmbwbWcw=' 'sha256-m9l2cre+d6l5Y6OLkObn46E9GmWyKM7cV2mIkw3OUcs=' 'nonce-GRnakV/q7FOrGe4KgQBfyQ=='; object-src 'none'; base-uri 'none'; frame-ancestors 'self' https://weddybird.com/; upgrade-insecure-requests 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://cke4.ckeditor.com https://www.google.com https://www.googletagmanager.com https://region1.google-analytics.com; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.google.com https://www.gstatic.com https://www.youtube.com; img-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com http://www.w3.org/ data:; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.gstatic.com https://cdnjs.cloudflare.com https://www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; upgrade-insecure-requests 1 base-uri 'self'; default-src 'self' data: *.storck.com; script-src 'self' 'nonce-0RqsjwynKuLJTtHbxWx_dPMI1pSNYckoU-Lf3S-PqHEryhkJaw7HxA' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self' data:; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1 default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://www.crohnsandcolitis.org.uk https://docs.google.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com https://*.juicer.io https://*.reciteme.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' https://crohnsandcolitis.org.uk 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.sc-static.net https://*.bing.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com https://online.flippingbook.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.monitor.azure.com https://monitor.azure.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://bat.bing.com https://bat.bing.net https://*.reciteme.com ;connect-src 'self' https://crohnsandcolitis.org.uk https://docs.google.com https://www.google.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://*.monitor.azure.com https://bat.bing.com https://bat.bing.net https://*.reciteme.com ;img-src 'self' data: https://crohnsandcolitis.org.uk https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://t.co https://*.muchloved.com https://bat.bing.com https://bat.bing.net https://*.reciteme.com ;font-src 'self' https://crohnsandcolitis.org.uk data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' https://crohnsandcolitis.org.uk 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.issuu.com https://*.hotjar.com https://*.reciteme.com ;frame-src 'self' '' ' ' data: https://crohnsandcolitis.org.uk https://docs.google.com https://static.addtoany.com https://td.doubleclick.net https://www.googletagmanager.com https://forms.office.com https://customervoice.microsoft.com https://crohnsandcolitis.org.uk https://www.google.com https://app.postermaker.io https://www.muchloved.com https://e.issuu.com https://www.youtube.com https://www.youtube-nocookie.com https://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com https://chats.landbot.io https://online.flippingbook.com https://player.vimeo.com https://accounts.google.com https://*.reciteme.com https://whale-app-wry8i.ondigitalocean.app ;form-action 'self' https://crohnsandcolitis.org.uk https://*.readspeaker.com https://*.azureedge.net https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' https://crohnsandcolitis.org.uk https://*.reciteme.com 'unsafe-inline' data: ; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/; img-src 'self' data: blob: https://www.google.com/ https://www.gstatic.com/; object-src 'self' data: blob: https://www.google.com/ https://www.gstatic.com/; frame-src 'self' data: blob: https://www.google.com/ https://www.gstatic.com/; 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de plausible.io;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com plausible.io;style-src 'self' 'unsafe-inline'; 1 frame-ancestors *.manhattanprep.com *.manhattangmat.com *.manhattanlsat.com *.manhattangre.com *.s3.amazonaws.com *.beatthegmat.com gmatclub.com 1 default-src https: 'unsafe-inline' 1 default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report; worker-src 'self' blob: 1 default-src 'none'; block-all-mixed-content; connect-src 'self' www.google.com google-analytics.com www.google-analytics.com 127.0.0.1:8005 *.hcaptcha.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://pro.ip-api.com https://a.usbrowserspeed.com https://alocdn.com https://b-code.liadm.com https://idx.liadm.com https://rp.liadm.com; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com *.hcaptcha.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hcaptcha.com https://ddwl4m2hdecbv.cloudfront.net 'unsafe-inline' 'nonce-99P9XE/hLlWTHI2P64Ck4g=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com *.hcaptcha.com 'unsafe-inline' 'nonce-99P9XE/hLlWTHI2P64Ck4g=='; report-uri /csp/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.whatsupcams.com http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com; 1 object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1 base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-eAaXP/oFGYuFxaKTTynFag=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1 default-src *.addthis.com *.adform.net *.algolia.com *.algolia.io *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.ddev.site *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ina.fr *.ingest.sentry.io *.instagram.com *.jsdelivr.net *.maaap.it *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com *.youtu.be *.youtube-nocookie.com *.youtube.com alg.li cdn.jsdelivr.net/npm/search-insights https://youtu.be *.youtube.com *.youtube-nocookie.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://alg.li/insights-init https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://youtu.be inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' youtu.be; block-all-mixed-content; font-src *.adform.net *.ddev.site *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.ina.fr *.instagram.com *.maptiler.com *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; frame-src *.adform.net *.ausha.co *.calameo.com *.culture.fr *.culture.gouv.fr *.dailymotion.com *.ddev.site *.doubleclick.net *.facebook.net *.g.doubleclick.net *.genially.com *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.ina.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.spotify.com *.tiktok.com *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org *.x.com *.youtu.be youtu.be https://youtu.be *.youtube-nocookie.com *.youtube.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; img-src *.adform.net *.culture.fr *.culture.gouv.fr *.dailymotion.com *.ddev.site *.dmcdn.net *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.ina.fr *.instagram.com *.maptiler.com *.picsum.photos *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com *.youtu.be youtu.be https://youtu.be *.youtube.com *.youtube-nocookie.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline'; script-src *.addthis.com *.adform.net *.algolia.io *.culture.fr *.ddev.site *.ddev.site *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.ina.fr *.instagram.com *.jsdelivr.net *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com alg.li blob: cdn.jsdelivr.net/npm/search-insights http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.adform.net *.ddev.site *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.ina.fr *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://tarteaucitron.io inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline' 1 default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';img-src 'self' data: 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none' 1 frame-ancestors 'self' https://shopproxy.p-s-s.de ; style-src 'self' localhost:* https://fonts.googleapis.com https://test.vr-pay-ecommerce.de http://oxomi.com 'unsafe-inline' 1 default-src 'self' google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io https://s.pinimg.com https://*.pinterest.com https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.taboola.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://bat.bing.com https://bat.bing.net https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self' *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com https://bat.bing.net https://bat.bing.com https://analytics.tiktok.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io https://*.pinterest.com https://open.spotify.com *.fontawesome.com https://www.googletagmanager.com https://player.captivate.fm https://crelan-selfservice-qa.web.opercredits.com https://crelan-selfservice-production.web.opercredits.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com https://ct.pinterest.com *.fontawesome.com https://*.cookiepro.com https://*.taboola.com https://bat.bing.net https://bat.bing.com https://*.conversionsapigateway.com/ https://mpc-prod-18-s6uit34pua-uc.a.run.app https://analytics.tiktok.com; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 1 frame-src 'self' https://ep2.adtrafficquality.google https://cdn.affinipay.com https://calendly.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://tpc.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://images.tryascend.com https://www.youtube.com; img-src * 'self' blob: data:; 1 default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://meruscase-application-assets-production.s3.us-west-1.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 1 frame-ancestors https://*.innovatrics.com 1 default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.handyvertrag.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.handyvertrag.de https://livechat.handyvertrag.de wss://livechat.handyvertrag.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-495840e343b28aad7f727f30c7c30e03' 'nonce-6a9845f4e4de0e0899501c557f9b64a8' 'nonce-dbfeff36d180691eb764f86bb8365bf0' 'nonce-d5364ea4221a1eb8a4f104f72ced9b71' 'nonce-aa1b82ecd5179aaecf3c22a21110cc99' 'nonce-2fa60e036e856f04dd9057110aa2cfc7' 'nonce-2fad65fc8f665d25c27003bbf18f0820' 'nonce-27b5888cb1c4469847db5625895394b6' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-495840e343b28aad7f727f30c7c30e03' 'nonce-6a9845f4e4de0e0899501c557f9b64a8' 'nonce-dbfeff36d180691eb764f86bb8365bf0' 'nonce-d5364ea4221a1eb8a4f104f72ced9b71' 'nonce-aa1b82ecd5179aaecf3c22a21110cc99' 'nonce-2fa60e036e856f04dd9057110aa2cfc7' 'nonce-2fad65fc8f665d25c27003bbf18f0820' 'nonce-27b5888cb1c4469847db5625895394b6' 'self' 'unsafe-inline' https: 'report-sample' 1 frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1 default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.smartmobil.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.smartmobil.de https://livechat.smartmobil.de wss://livechat.smartmobil.de https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-9ed30b9f708723f59a276f8d5b83fa41' 'nonce-d35b6c93fff497a435aa049404e5d6ad' 'nonce-c603ba45cd20596f9cc9966af00cb966' 'nonce-12d2c64967de9aafa2db4fb94195a549' 'nonce-7aa7d1aa8e3289848d0702966aa5ffae' 'nonce-f264cc591fcc98209e62ff944e33e8e1' 'nonce-fe142a6ef67dd84ce355658f31ca6b54' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9ed30b9f708723f59a276f8d5b83fa41' 'nonce-d35b6c93fff497a435aa049404e5d6ad' 'nonce-c603ba45cd20596f9cc9966af00cb966' 'nonce-12d2c64967de9aafa2db4fb94195a549' 'nonce-7aa7d1aa8e3289848d0702966aa5ffae' 'nonce-f264cc591fcc98209e62ff944e33e8e1' 'nonce-fe142a6ef67dd84ce355658f31ca6b54' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1 frame-ancestors 'self' https://*.squaredup.com https://squaredup.com https://app.gather.town; 1 frame-ancestors 'self' 'hackintosh-olarila.com'; 1 upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1 default-src 'self' https://*.fbcdn.net https://*.cdninstagram.com https://api.audima.co https://speech.audima.co; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com https://connect.facebook.net https://www.facebook.com https://audio7.audima.co blob: data:; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com https://api.cvortex.com https://backmenu.audima.co https://ka-f.fontawesome.com https://cdn.privacytools.com.br https://pt.wiktionary.org https://en.wiktionary.org https://es.wiktionary.org https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://cdn.jsdelivr.net https://www.google.com https://myminerva.minervafoods.com https://raw.githubusercontent.com https://statistic.audima.co https://api.audima.co https://speech.audima.co https://googleads.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://menu.audima.co https://ka-f.fontawesome.com https://vlibras.gov.br https://cdn.jsdelivr.net https://fonts.bunny.net https://backmenu.audima.co data:; form-action 'self' https://www.facebook.com https://wpmudev.com data:; frame-ancestors 'none'; frame-src https://www.gstatic.com https://www.google.com https://audio7.audima.co https://www.youtube.com https://open.spotify.com https://clarity.microsoft.com https://td.doubleclick.net/ https://audio.audima.co https://vlibras.gov.br blob:; img-src 'self' https://minervafoods.com https://vlibras.gov.br https://www.google.com.br https://myminerva.minervafoods.com https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net https://s.w.org https://claritystatic.blob.core.windows.net https://menu.audima.co https://2.gravatar.com https://*.cdninstagram.com https://backmenu.audima.co https://*.tiktokcdn.com *.tiktokcdn.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com/ data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://menu.audima.co https://audio7.audima.co https://kit.fontawesome.com https://www.youtube.com https://cdn.privacytools.com.br https://www.vlibras.gov.br https://unpkg.com https://clarity.microsoft.com https://www.clarity.ms https://audio.audima.co https://backmenu.audima.co https://googleads.g.doubleclick.net https://snap.licdn.com 'unsafe-inline' 'unsafe-eval' blob: data:; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.privacytools.com.br https://fonts.bunny.net https://audio.audima.co https://menu.audima.co https://backmenu.audima.co https://vlibras.gov.br 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://embed.podcasts.apple.com https://w.soundcloud.com https://playlist.megaphone.fm; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com 'unsafe-inline' 'nonce-aWbajvPV/ksjfQUF5ZhOcA=='; style-src 'self' 'unsafe-inline' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com https://cdn.ckeditor.com https://static.cloudflareinsights.com https://b.static.lightning.force.com https://service.force.com static.cloudflareinsights.com https://sunwayedu.my.salesforce.com https://sunwayedu.my.site.com https://sunwayedu.my.salesforce-scrt.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com https://service.force.com https://sunwayedu.my.site.com; img-src 'self' * data: about: blob:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com https://service.force.com https://sunwayedu.my.site.com https://sunwayedu.my.salesforce-scrt.com https://*.salesforce.com https://tour.klapty.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com https://service.force.com https://sunwayedu.my.site.com https://sunwayedu.my.salesforce-scrt.com; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; connect-src 'self' *.cloudflareinsights.com *.google-analytics.com *.salesforceliveagent.com https://support.sunway.edu.my https://*.salesforce.com https://sunwayedu.my.salesforce-scrt.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; connect-src http://*.localtest.me https://*.attachecloud.com https://*.attacheonline.com;img-src 'self' data: https://*.attacheonline.com https://*.attachecloud.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com;sandbox allow-forms allow-same-origin allow-scripts allow-popups; 1 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1 base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-WiOuWyuhZqjyP/z95HzoCg=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1 frame-ancestors https://*.cloudfront.net https://*.streavent.de https://*.dwa.de https://*.dwa-bayern.de https://*.dwa-bw.de https://*.dwa-hrps.de https://*.dwa-mitte.de https://*.dwa-nord.de https://*.dwa-no.de https://*.dwa-nrw.de https://*.dwa-st.de https://*.gfa-news.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 default-src https: 'self' blob:;script-src https: 'unsafe-inline' 'unsafe-eval' 'self' blob:;script-src-elem https: 'self' 'unsafe-inline';object-src https: 'self' blob:;frame-src 'self' blob: https:;style-src 'unsafe-inline' https: data: 'self';font-src https: data:;img-src * data: 'self';connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://*.usw2.pure.cloud wss://intercept-api.questionpro.com; frame-ancestors https://embed.questionpro.com; 1 : default-src 'self' 1 default-src 'self' https://cdn.tailwindcss.com; script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com; style-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com; 1 base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; connect-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.googletagmanager.com https://*.pega.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mypurecloud.com.au https://*.youtube-nocookie.com https://*.youtube.com https://subscriptions.smartrecruiters.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; img-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://*.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io https://*.google.co.nz *.google.co.nz https://meridian-production-media.s3.ap-southeast-2.amazonaws.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://s.swiftypecdn.com https://*.mypurecloud.com.au https://static.smartrecruiters.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6229198/security/?sentry_key=d3383061a5464af09b0da48432305265&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com *.licdn.com https://translate.google.com https://translate.googleapis.com *.typekit.net; manifest-src 'self' https://www.wefact.nl; img-src 'self' data: *.wefact.ai *.taggrs.io *.analytics.google.com *.gstatic.com https://flow.wefact.nl https://maps.googleapis.com https://www.mijnwefact.nl *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://www.google.com https://www.google.be https://www.google.nl https://www.googleadservices.com https://googleads.g.doubleclick.net https://webstream.wefact.com https://webfiles.wefact.com https://googletagmanager.com *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.clarity.ms *.bing.com https://bat.bing.net https://www.mollie.com *.g.doubleclick.net; script-src 'self' 'unsafe-inline' *.wefact.ai https://flow.wefact.nl https://www.mijnwefact.nl https://www.youtube.com http://www.youtube.com/iframe_api *.ytimg.com *.facebook.com *.facebook.net *.linkedin.com *.licdn.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://developers.google.com https://maps.googleapis.com *.gstatic.com https://tagmanager.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com *.clarity.ms *.bing.com *.bing.net https://secure.adnxs.com *.googletagmanager.com *.cookiebot.com; font-src 'self' data: https://www.mijnwefact.nl *.typekit.net https://fonts.gstatic.com; connect-src 'self' *.open.cx *.wefact.ai https://flow.wefact.nl https://maps.googleapis.com https://places.googleapis.com https://www.mijnwefact.nl https://graphql.prepr.io *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.clarity.ms *.bing.com *.bing.net https://translate.googleapis.com https://translate-pa.googleapis.com *.cookiebot.com https://www.wefact.nl https://webstream.wefact.com https://webfiles.wefact.com; frame-src 'self' https://flow.wefact.nl https://calendar.google.com/ https://www.mijnwefact.nl https://www.youtube.com *.facebook.com *.facebook.net *.linkedin.com https://bid.g.doubleclick.net https://td.doubleclick.net https://outlook.office365.com *.googletagmanager.com *.cookiebot.com; frame-ancestors 'self'; object-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://www.wefact.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms *.bing.com *.bing.net; media-src 'self' https://www.mijnwefact.nl https://www.wefact.nl; child-src *.facebook.com *.facebook.net;form-action 'self' https://www.mijnwefact.nl; 1 default-src 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://brand-ecommerce-assets.fusepump.com https://cdn.krxd.net https://service.force.com https://cdn.storelocatorwidgets.com https://n1866.secure.force.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /log-report-uri/enforce 1 default-src 'self'; script-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net googleapis.com script.crazyegg.com unpkg.com *.google-analytics.com www.google.com/recaptcha/ www.googletagmanager.com www.gstatic.com app.powerbi.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com googleapis.com script.crazyegg.com unpkg.com; img-src 'self' data: googleapis.com *.google-analytics.com www.googletagmanager.com www.gstatic.com; frame-src 'self' https://aibc.pandemicoversight.gov blob: static.pandemicoversight.gov storymaps.arcgis.com www.arcgis.com www.google.com app.powerbi.com *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' https://www.pandemicoversight.gov https://pandemicoversight.gov https://aibc.pandemicoversight.gov; child-src blob: app.powerbi.com *.youtube.com *.youtube-nocookie.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com *.google-analytics.com www.google.com/recaptcha/ app.powerbi.com unpkg.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.twitter.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.fontawesome.com https://unpkg.com https://static.ads-twitter.com https://t.co https://www.unpkg.com https://www.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.youtube.com https://odcc2.bell.ca *.8x8.com *.jsdelivr.net *.google.com *.google.co.za https://login.microsoftonline.com; frame-ancestors 'self' *.facebook.com *.bsky.app *.linkedin.com *.instagram.com *.cdninstagram.com *threads.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js; img-src 'self' data: blob: http://fasadeu.public80.prekdemo.se/ https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1 default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.simplytel.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://livechat.simplytel.de wss://livechat.simplytel.de https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-95a3a108417936a86088777ae084f4e7' 'nonce-bd98eef7fd4d228bd9fc4a6c2940b2a3' 'nonce-c8890ea4b3cd670eb1a688b8a43b8fb4' 'nonce-8c23a7814800c2f7ee4ec654329d9efe' 'nonce-61d73d8617e32ee91462965638c2ddb5' 'nonce-0380abe3f2aa28033be64b2a4b764502' 'nonce-196b971919befc1dff16722b884f9523' 'nonce-22955b9072939ff5d08054084b0f31e6' 'nonce-9bcb1818e122aac29225cc05ba58cda5' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-95a3a108417936a86088777ae084f4e7' 'nonce-bd98eef7fd4d228bd9fc4a6c2940b2a3' 'nonce-c8890ea4b3cd670eb1a688b8a43b8fb4' 'nonce-8c23a7814800c2f7ee4ec654329d9efe' 'nonce-61d73d8617e32ee91462965638c2ddb5' 'nonce-0380abe3f2aa28033be64b2a4b764502' 'nonce-196b971919befc1dff16722b884f9523' 'nonce-22955b9072939ff5d08054084b0f31e6' 'nonce-9bcb1818e122aac29225cc05ba58cda5' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:* https://form.jotform.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:* https://form.jotform.com:* https://submit.jotform.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/scripttemplates/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://*.gstatic.com ; img-src 'self' https://cdn.cookielaw.org/ https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org/ https://www.jobup.ch https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://privacyportal-ch.onetrust.com/request/v1/consentreceipts https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net/ https://10857799.fls.doubleclick.net/; 1 script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz *.chatbase.co*.chatbase.co; style-src 'self' 'unsafe-inline' *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1 default-src 'self' https://*.energylink.com wss://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net 'unsafe-eval' 'unsafe-inline'; font-src 'self' blob: data: https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us https://fonts.googleapis.com https://fonts.google.com https://fonts.gstatic.com; img-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; object-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; media-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com https://player.vimeo.com; script-src 'self' blob: data: https://*.energylink.com https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://*.zoom.us wss://zpns.zoom.us https://api.rudderstack.com https://api.rudderlabs.com https://cdn.rudderlabs.com https://enverusluies.dataplane.rudderstack.com https://enveruswyupccs.dataplane.rudderstack.com https://*.appcues.com https://*.appcues.net wss://*.appcues.com wss://*.appcues.net https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: data: energylink.com *.energylink.com enverus.com *.enverus.com; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com; 1 default-src 'self'; base-uri 'self'; child-src 'self' blob: data:; connect-src 'self' https://maps.googleapis.com https://legalhelper.eu https://cdn.jsdelivr.net https://unpkg.com https://api.friendlycaptcha.com https://www.auma.com https://aumacloudb2c.b2clogin.com https://*.b2clogin.com https://login.microsoftonline.com https://*.google-analytics.com blob: data: ws: wss:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net blob:; form-action 'self' https://aumacloudb2c.b2clogin.com https://*.b2clogin.com https://login.microsoftonline.com https://www.auma.com blob: data:; frame-ancestors 'self' https://aumacloudb2c.b2clogin.com https://*.b2clogin.com https://login.microsoftonline.com; frame-src 'self' https://maps.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://www4.auma.com/ http://www.auma-usa.com https://*.yntro.video https://www.googletagmanager.com blob: data:; img-src 'self' data: https://cdn.jsdelivr.net https://maps.googleapis.com https://legalhelper.eu https://fonts.googleapis.com https://fonts.gstatic.com https://unpkg.com https://www.google-analytics.com https://www.googletagmanager.com blob:; manifest-src 'self' blob: data:; media-src 'self' blob: data: https://cdn.jsdelivr.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://maps.googleapis.com https://unpkg.com https://legalhelper.eu https://www.googletagmanager.com blob: data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdn.jsdelivr.net https://legalhelper.eu blob: data:; worker-src 'self' blob: data: https://cdn.jsdelivr.net 1 default-src 'self'; base-uri 'self'; connect-src 'self' https://analytics.tbd.be; font-src 'self' data: fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://open.spotify.com https://embed.mychannels.video https://player.vimeo.com https://lnk.to https://*.lnk.to https://ffm.to https://*.ffm.to; img-src 'self' data: blob: https://api.dicebear.com tiles.stadiamaps.com; object-src 'none'; script-src 'strict-dynamic' 'nonce-qzv6bWrw2ZYVq9NEB4vFPA=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'none' 1 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1 default-src 'unsafe-inline'; block-all-mixed-content; connect-src * blob:; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com https://sgtm.deltalight.com blob:; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com sgtm.deltalight.com https://cookie-cdn.cookiepro.com https://www.clarity.ms https://scripts.clarity.ms blob:; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com blob:; report-uri /nelmio/csp/report 1 frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' data: blob: https://www.paypalobjects.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/; 1 default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.premiumsim.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://livechat.premiumsim.de wss://livechat.premiumsim.de https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-c7a535567fdbc70f9c2f1072262d6ec4' 'nonce-5a24333c9d91f03e67f3b4c80df9b7f7' 'nonce-ed486df8378507d49cfa5b4e76c4628f' 'nonce-e5bbd4e77780b8ee82e760aacc51426b' 'nonce-6cfb41c348bdb0e25fe9c83c87d3db34' 'nonce-ec692a92f247b72efe07feed4f2fd062' 'nonce-a571f6a95e6c1692ed664bfe5e8296cb' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-c7a535567fdbc70f9c2f1072262d6ec4' 'nonce-5a24333c9d91f03e67f3b4c80df9b7f7' 'nonce-ed486df8378507d49cfa5b4e76c4628f' 'nonce-e5bbd4e77780b8ee82e760aacc51426b' 'nonce-6cfb41c348bdb0e25fe9c83c87d3db34' 'nonce-ec692a92f247b72efe07feed4f2fd062' 'nonce-a571f6a95e6c1692ed664bfe5e8296cb' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.sim24.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim24.de https://livechat.sim24.de wss://livechat.sim24.de https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-62bcb06892d52d15284ddb5c7e3656e5' 'nonce-2b53bc2f9972e4400480c8f4d4b5d011' 'nonce-71d3346c23efe622584aff5b476e50de' 'nonce-2ffa2fc613f983e8893c45eeffb3f806' 'nonce-4d7940510112fdaef3dd6851ef51f66c' 'nonce-804f600fc7651aad5a48151e451027f3' 'nonce-8e9d8e6c88b274fcb6b0768142cb09f7' 'nonce-00720eade149a7ba9e10a63697c2f704' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-62bcb06892d52d15284ddb5c7e3656e5' 'nonce-2b53bc2f9972e4400480c8f4d4b5d011' 'nonce-71d3346c23efe622584aff5b476e50de' 'nonce-2ffa2fc613f983e8893c45eeffb3f806' 'nonce-4d7940510112fdaef3dd6851ef51f66c' 'nonce-804f600fc7651aad5a48151e451027f3' 'nonce-8e9d8e6c88b274fcb6b0768142cb09f7' 'nonce-00720eade149a7ba9e10a63697c2f704' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-eu.purina.fr; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.fr; report-uri /log-report-uri/enforce 1 frame-ancestors 'self' www.skaki64.gr skaki64.gr 1 frame-ancestors *.scaledrone.com 1 frame-ancestors t.signalplus.com fi.signalplus.com t.signalplus.net fi.signalplus.net falconx.signalplus.com falconx.signalplus.net t-pre.signalplus.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1 default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.rollbar.com *.nrich.ai *.cookiebot.eu *.usemessages.com *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src *.bing.net *.nrich.ai *.usercentrics.eu *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' blob: *.vimeo.com *.googletagmanager.com *.cookiebot.eu *.hubspot.com td.doubleclick.net ad.doubleclick.net *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.ampproject.org *.ithemes.com *.hsappstatic.net *.run.app *.conversionsapigateway.com *.bing.com *.bing.net *.nrich.ai *.cookiebot.eu google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1 frame-ancestors https://*.estratraining.it 1 script-src blob: https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://d5.gs1.mwsrv.de https://consent.cookiefirst.com https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com https://static.virtualbadge.io; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://consent.cookiefirst.com https://d5.gs1.mwsrv.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' *.frcapi.com https://copilotstudio.microsoft.com https://td.doubleclick.net https://*.googletagmanager.com https://*.gs1-germany.de https://optimize.google.com https://*.walls.io https://consent.cookiefirst.com https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://easy-feedback.com https://*.easy-feedback.com https://ext.nonstoppartner.net https://*.gs1.org https://f5ba538cf0d6445983504cc2cd8ccb42.svc.dynamics.com https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net https://public.virtualbadge.io; frame-ancestors 'self' https://*.dev.mehrwert.de https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1 frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com https://cdnactor.myfeelback.com; 1 default-src 'self' *.unitil.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://cdn.jsdelivr.net https://static.ctctcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.doubleclick.net https://home-c28.incontact.com/inContact/ https://assets.juicer.io/embed.js https://www.juicer.io/embed/unitil/embed-code.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/ https://www.juicer.io/embed.js https://www.recaptcha.net/recaptcha/ https://static.cloudflareinsights.com/ *.contentsquare.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css *.doubleclick.net https://www.google.com/recaptcha https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://assets.juicer.io/embed.css https://www.juicer.io/embed.css; img-src data: 'self' https://www.google.com/pagead/ *.unitil.com https://www.googletagmanager.com https://static.ctctcdn.com/lp/images/ https://assets.juicer.io https://www.juicer.io/api/ https://www.googleadservices.com/pagead/ https://www.google.com https://www.google.ca *.doubleclick.net *.contentsquare.net ; media-src 'self'; frame-src 'self' *.unitil.com https://www.googletagmanager.com *.doubleclick.net https://www.google.com https://home-c28.incontact.com https://www.youtube.com https://customerforms.unitil.com https://www.recaptcha.net; frame-ancestors 'self' https://customerforms.unitil.com https://myaccount.unitil.com; child-src 'self' blob:; font-src 'self' data: https://use.typekit.net https://static.juicer.io/fonts/ https://assets.juicer.io https://fonts.gstatic.com ; connect-src 'self' *.doubleclick.net https://www.google.com/ccm/collect https://www.google.com/gmp/ https://www.google.com/pagead/ https://listgrowth.ctctcdn.com https://analytics.google.com/g/collect https://www.google.com/measurement/ https://www.google-analytics.com https://www.juicer.io/api/feeds/ https://www.juicer.io/api/page_views https://static.ctctcdn.com/js/signup-form-widget/ https://cdnjs.cloudflare.com https://www.googleadservices.com/pagead/ https://www.google.com https://www.recaptcha.net https://www.googletagmanager.com *.contentsquare.net; report-uri /report-csp-violation 1 default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ wss://api.staging.abchosting.org/ https://*.facebook.net https://*.facebook.com https://*.ingest.de.sentry.io/ https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure https://identitytoolkit.googleapis.com https://ajax.cloudflare.com https://*.google.com https://*.gstatic.com wss://relay.walletconnect.com https://solana-devnet.core.chainstack.com/20a2c52c93cf137f9e8d669becbbf0e1 wss://solana-devnet.core.chainstack.com/20a2c52c93cf137f9e8d669becbbf0e1 https://solana-rpc.publicnode.com wss://solana-rpc.publicnode.com https://eth.drpc.org https://bsc-dataseed.binance.org https://evm.confluxrpc.com https://cronos-evm-rpc.publicnode.com https://sepolia.infura.io/v3/7d13ef2fe66d44dd975aae3d1b784f53 https://data-seed-prebsc-1-s1.binance.org:8545 https://api.avax-test.network/ext/bc/C/rpc https://sepolia-rollup.arbitrum.io/rpc https://sepolia.base.org https://evmtestnet.confluxrpc.com https://cronos-testnet.drpc.org https://api.avax.network https://arb1.arbitrum.io/rpc https://mainnet.base.org/ https://polygon.drpc.org https://rpc-amoy.polygon.technology https://api.avax.network/ext/bc/C/rpc https://go.getblock.io/14ce6e894c354240a17a293421d88d5a https://ethereum-rpc.publicnode.com https://bsc.drpc.org https://public-bsc-mainnet.fastnode.io https://avalanche-c-chain-rpc.publicnode.com https://avalanche.drpc.org https://1rpc.io/arb https://arbitrum.drpc.org https://base.llamarpc.com https://base.drpc.org https://1rpc.io/matic https://cronos.drpc.org https://evm.cronos.org https://conflux-espace-public.unifra.io; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to https://fonts.googleapis.com; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com https://mintme.firebaseapp.com https://*.google.com https://*.gstatic.com https://verify.walletconnect.org; img-src data: * https://ajax.cloudflare.com; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com 'nonce-5Xe8p9ildEfrmXK8nLbreg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/gh/nelmio/NelmioApiDocBundle/public/swagger-ui/swagger-ui.css https://cdn.jsdelivr.net/gh/nelmio/NelmioApiDocBundle/public/style.css https://*.tawk.to https://ajax.cloudflare.com; report-uri /csp-report; worker-src 'none' 1 default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1 default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://newforma.my.site.com/ https://newforma.my.salesforce-scrt.com/ https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline' https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://newforma.my.site.com/ https://service.force.com; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://*.static.lightning.force.com https://*.salesforceliveagent.com https://newforma.my.site.com/ 'self' 'unsafe-eval' 'nonce-28fd88342628491ca7cea71eae5d68a6'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.newforma.com/ https://bimtrack.co https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://service.force.com/ https://newforma.my.site.com/ 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://konekt.help.newforma.com https://storbtqa.blob.core.windows.net/staticcontentcontainer/ https://www.newforma.com data: https://bt03storage.blob.core.windows.net/; 1 upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://*.taboola.com; 1 frame-src https://platform.twitter.com https://www.eucpn.org https://eucpn.org https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.youtube.com https://5306.f2w.bosa.be; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' https://ajax.googleapis.com; img-src 'self' https://ssl.google-analytics.com 1 frame-ancestors https://betway.be https://betway.com https://betway.de https://www.betway.dk https://betway.es https://www.betway.it https://betway.mx https://betway.se https://betway.ca https://betway.nl https://betwaysatta.com https://betwaysatta1.com https://betwayarabia.com https://betwayarabia1.com https://sports.betway.be https://sports.betway.com https://sports.betway.de https://sports.betway.dk https://sports.betway.es https://sports.betway.it https://sports.betway.mx https://sports.betway.se https://sports.betway.ca https://sports.betway.nl https://sports.betwaysatta.com https://sports.betwaysatta1.com https://sports.betwayarabia.com https://sports.betwayarabia1.com https://staging.betway.be https://staging.betway.com https://staging.betway.de https://staging.betway.dk https://staging.betway.es https://staging.betway.it https://staging.betway.mx https://staging.betway.se https://staging.betway.ca https://staging.betway.nl https://staging.betwaysatta.com https://staging.betwaysatta1.com https://staging.betwayarabia.com https://staging.betwayarabia1.com https://uat.betway.com https://uat.betway.de https://uat.betway.es https://uat.betway.mx https://uat.betway.ca https://uat.betwayarabia1.com https://sportsbackend.net https://*.sportsbackend.net https://sportsbackend.dev https://*.sportsbackend.dev https://sportsuat.com https://*.sportsuat.com https://uat.betway.com https://*.uat.betway.com 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.algolia.net *.algolianet.com *.bing.com *.facebook.net *.facebook.com *.mgtmod01.com trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinterest.com *.pinimg.com snap.licdn.com cdn.tailwindcss.com www.google.fr www.googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.googleadservices.com pagead2.googlesyndication.com *.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com *.ogone.com *.direct.worldline-solutions.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;frame-src 'self' *.openstreetmap.org *.facebook.com *.youtube-nocookie.com *.youtube.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com widget.eu.criteo.com *.pinterest.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr td.doubleclick.net *.doubleclick.net *.ogone.com secure.ogone.com ogone.test.v-psp.com *.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com *.v2-sim.preprod.psp-solutions.com v2-sim.preprod.psp-solutions.com *.psp-solutions.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;style-src 'self' 'unsafe-inline' *.googletagmanager.com tagmanager.google.com fonts.googleapis.com *.ogone.com;img-src 'self' data: https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr *.youtube-nocookie.com *.ytimg.com secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.criteo.com e1.emxdgt.com rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com *.yahoo.net *.postrelease.com *.pinterest.com *.pinimg.com *.adform.net *.facebook.net sync.1rx.io jadserve.postrelease.com *.unrulymedia.com bat.bing.net px.ads.linkedin.com aa.agkn.com www.google.com www.google.fr ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net *.g.doubleclick.net pagead2.googlesyndication.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com google.com *.ogone.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;font-src 'self' data:;connect-src 'self' *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com noembed.com bat.bing.com *.criteo.com *.taboola.com *.outbrain.com *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.pinterest.com *.facebook.com *.outbrain.com bat.bing.com bat.bing.net px.ads.linkedin.com www.google.fr www.google.com google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.g.doubleclick.net *.analytics.google.com *.google-analytics.com pagead2.googlesyndication.com *.googlesyndication.com *.ogone.com *.direct.worldline-solutions.com *.clarity.ms *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.hn *.google.com.jm *.google.com.jo *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws;base-uri 'self';media-src 'self' data:;report-uri /csp/report 1 base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/ https://matomo.vailsys.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com https://matomo.vailsys.com/ data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/ https://matomo.vailsys.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/*; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch *.cablex-germany.de; frame-ancestors *.cablex.test *.cablex.test:18443 *.azurewebsites.net *.prospective.ch *.cablex.ch *.cablex-germany.de *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com *.google.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/* *.youtube.com *.doubleclick.net *.google.com *.gstatic.com; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch *.cablex-germany.de; upgrade-insecure-requests 1 default-src 'self'; block-all-mixed-content; connect-src 'self' googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com bat.bing.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.at *.cookiebot.eu *.google-analytics.com connect.facebook.net px.ads.linkedin.com px4.ads.linkedin.com stats.g.doubleclick.net *.transgourmet.com *.transgourmet.at svrdntfctn.com analytics.tiktok.com *.tiktokw.us *.googleadservices.com *.clarity.ms c.bing.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.at *.gstatic.com *.googletagmanager.com *.google-analytics.com bat.bing.com api.mapbox.com *.mindspace.at *.vorauerfriends.com *.usercentrics.eu px.ads.linkedin.com px4.ads.linkedin.com *.transgourmet.com *.transgourmet.at *.facebook.com *.clarity.ms c.bing.com; script-src 'self' bat.bing.com *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.cookiebot.eu *.googletagmanager.com *.google-analytics.com snap.licdn.com connect.facebook.net svrdntfctn.com analytics.tiktok.com *.googleadservices.com *.clarity.ms; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; report-uri /csp/report 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/; img-src 'self' data: blob: https://secure.gravatar.com; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1 default-src 'self' *.region1.google-analytics.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://online.fliphtml5.com https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://api2.abtasty.com try.abtasty.com *.region1.google-analytics.com *.analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gstatic.com z.moatads.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com blob: *.abtasty.com;connect-src 'self' https://measurement-api.criteo.com https://mtmvxcv.pa-cd.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.googletagmanager.com www.gtm.js wss://*.bing.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com;img-src 'self' https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.google.com editor-assets.abtasty.com *.contentsquare.net https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com data: * *.abtasty.com;child-src blob:;worker-src blob:;style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://gum.criteo.com https://qa-assistant.abtasty.com try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com *.abtasty.com;font-src 'self' data: fonts.gstatic.com common-fonts.abtasty.com *.abtasty.com;frame-src 'self' https://online.fliphtml5.com https://online.fliphtml5.com/ https://static.criteo.net/ https://fledge.criteo.com/ https://measurement-api.criteo.com https://fledge.eu.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://dynamic.criteo.com/ https://gum.criteo.com/ https://bid.g.doubleclick.net https://qa-assistant.abtasty.com csxd.comptoirdesvoyages.fr *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com https://analytics.google.com https://*.googletagmanager.com www.facebook.com bing.com www.googleadservices.com https://player.vimeo.com https://player.podcastics.com https://www.podcastics.com https://track.podcastics.com https://files.podcastics.com;object-src 'none' 1 default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1 allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1 frame-ancestors https://*.posylka.de 1 default-src 'none'; base-uri www.hahn-airport.de www.hahn-airport-cargo.com; connect-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de; font-src www.hahn-airport.de www.hahn-airport-cargo.com; form-action www.hahn-airport.de www.hahn-airport-cargo.com parken.hahn-airport.de; frame-ancestors www.hahn-airport.de www.hahn-airport-cargo.com; frame-src www.hahn-airport.de www.hahn-airport-cargo.com; img-src www.hahn-airport.de www.hahn-airport-cargo.com data: *.openstreetmap.de; media-src www.hahn-airport.de www.hahn-airport-cargo.com; script-src www.hahn-airport.de www.hahn-airport-cargo.com matomo.hahn-airport.de 'sha256-3gL0ESqaJki/Wh0f/lc2YDLEdxGa87F8Q5TXgPOCikM=' 'sha256-81MEiw1n03G/Umzr1t9TBswGsKYi01GH9Qu+KQu7dD4=' 'sha512-xbcqNOgP70FrlmytA93CaZ+Lh4zepgmKXpUeumuNwRa8sD7TlgTwTgSBKrbiP5/HcguwdErI+ExunDL8rxCrkg==' 'sha512-px1M+IgU2D7N1Ag8ujEEbrR/bWVa9WcgiPLZ6flkhCC+8XiyDRgirHntE0Un+lSGbp4p/VA403aBf4NWUPAD8A==' 'sha512-Tyxc4Zm8bJMo23iSuUGf1AwygBbaOSZEvgDkIoZNrH9oAdhVZp6ZgdFSeajkBFA/J7YY/rQXtXaTxUiZUU1S/w=='; style-src www.hahn-airport.de www.hahn-airport-cargo.com 'unsafe-hashes' fast.fonts.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0kneztpqrRRhpdMukBrBUYV4ZMDr+1A5B/zcgBxiCdQ='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1 default-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1 default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' https://www.googletagmanager.com https://static.hotjar.com https://cdn.userway.org https://maps.googleapis.com https://js.hsforms.net https://cdn-cookieyes.com https://snap.licdn.com https://js.hs-scripts.com https://www.clarity.ms https://js.hs-banner.com https://js.hscollectedforms.net https://js.hubspot.com https://js.hs-analytics.net https://js.hsadspixel.net https://script.hotjar.com https://scripts.clarity.ms https://player.vimeo.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://recaptcha.net 'unsafe-inline'; style-src-elem 'self' https://cdn.userway.org https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' https://px.ads.linkedin.com data: https://forms-na1.hsforms.com https://track.hubspot.com https://cdn.userway.org https://forms.hsforms.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://perf-na1.hsforms.com https://px4.ads.linkedin.com https://c.clarity.ms https://cdn-cookieyes.com https://www.google.com https://www.google.co.uk https://cta-service-cms2.hubspot.com https://static.hubspot.com https://static.hsappstatic.net https://www.googleadservices.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org; connect-src 'self' https://api.userway.org https://static.hsappstatic.net https://h.clarity.ms https://forms.hsforms.com https://px.ads.linkedin.com https://maps.googleapis.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://content.hotjar.io wss://ws.hotjar.com https://i.clarity.ms https://vc.hotjar.io https://pagead2.googlesyndication.com https://cdn.userway.org https://www.googletagmanager.com https://b.clarity.ms https://q.clarity.ms https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://www.google.co.uk https://cdn-cookieyes.com https://googleads.g.doubleclick.net https://directory.cookieyes.com https://log.cookieyes.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.gstatic.com https://recaptcha.net; frame-src 'self' https://player.captivate.fm https://js.hsforms.net https://player.vimeo.com https://app.powerbi.com https://forms.hsforms.com https://3887711.hs-sites.com https://cdn.userway.org https://5ff328311ccd64-78690412.castos.com https://www.google.com https://www.gstatic.com https://recaptcha.net; media-src 'self' https://episodes.castos.com; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.recaptcha.net/ https://cdn.trustindex.io/loader.js https://www.google.com/recaptcha/api.js; img-src 'self' data: blob: https://cdn.trustindex.io https://lh3.googleusercontent.com; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1 default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1 default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com sky.blackbaudcdn.net www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com connect.facebook.net *.facebook.com *.facebook.net host.nxt.blackbaud.com/ *.trustpilot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs static.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com sky.blackbaudcdn.net widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com connect.facebook.net *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net feeds.trac.jobs static.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io connect.facebook.net *.facebook.com *.facebook.net; img-src 'self' data: blob: imgsct.cookiebot.com www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs static.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io connect.facebook.net *.facebook.com *.facebook.net *.trustpilot.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com use.typekit.net connect.facebook.net *.facebook.com *.facebook.net; connect-src 'self' *.browsealoud.com feeds.trac.jobs static.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com sky.blackbaudcdn.net payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io connect.facebook.net *.facebook.com *.facebook.net *.trustpilot.com; worker-src 'self' blob:; 1 allow *; options inline-script eval-script; 1 default-src 'self' http: https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://hcaptcha.com https://*.hcaptcha.com *.jsdelivr.net https://unpkg.com *.cloudflare.com *.googletagmanager.com https://*.google-analytics.com https://*.twitter.com https://*.facebook.com *.facebook.net https://*.linkedin.com https://www.youtube.com https://maps.googleapis.com https://*.blob.core.windows.net https://region1.google-analytics.com https://*.usercentrics.eu; object-src 'self'; style-src 'self' 'unsafe-inline' data: https://hcaptcha.com https://*.hcaptcha.com https://maxcdn.bootstrapcdn.com *.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.blob.core.windows.net; img-src 'unsafe-inline' 'self' data: http: https: https://*.google-analytics.com https://*.googletagmanager.com; media-src 'self' 'unsafe-inline' https:; frame-src 'self' 'unsafe-inline' https: https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self' https:; child-src 'self' 'unsafe-inline' https:; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' https://region1.google-analytics.com https://*.usercentrics.eu https://o15468.ingest.us.sentry.io/api/4509133704658944/envelope/; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.maxxim.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.maxxim.de https://livechat.maxxim.de wss://livechat.maxxim.de https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-d42e11b040fa4486ab23c68f91299e0c' 'nonce-696b31400f123e6eaca2c4933f50be19' 'nonce-272efee90bf0a3ac8f4acf8f7515bf53' 'nonce-e11455f8e4bbe724e506c1600dbf3dc3' 'nonce-b9cd0f0776c0e61c8ef230e36a76d784' 'nonce-7f06c0d4d2fba32bc9ef8db50d139aab' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-d42e11b040fa4486ab23c68f91299e0c' 'nonce-696b31400f123e6eaca2c4933f50be19' 'nonce-272efee90bf0a3ac8f4acf8f7515bf53' 'nonce-e11455f8e4bbe724e506c1600dbf3dc3' 'nonce-b9cd0f0776c0e61c8ef230e36a76d784' 'nonce-7f06c0d4d2fba32bc9ef8db50d139aab' 'self' 'unsafe-inline' https: 'report-sample' 1 frame-ancestors https://*.nileyouth.net 1 default-src 'self' 'unsafe-inline' ; img-src https://*; script-src 'self' 'unsafe-inline' https://sibforms.com/forms/end-form/build/main.js https://code.jquery.com/jquery-3.6.0.min.js; style-src 'self' 'unsafe-inline' http://sibforms.com/forms/end-form/build/sib-styles.css ; 1 frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.stripe.com/ https://*.stripecdn.com/ https://kit.fontawesome.com/ https://widgets.tree-nation.com/ https://tree-nation.com/ https://cdn.flowplayer.com/ https://ljsp.lwcdn.com/ https://*.lwcdn.com/ https://*.posturalyoga.com/ https://bookeo.com/ https://rebeccareis.bbvms.com/ https://cdn.bluebillywig.com/ https://cdn.addevent.com/ https://*.mailerlite.com/ https://*.supportai.com https://assets.mlcdn.com/; img-src 'self' data: blob: https://tree-nation.com/ https://cdn.flowplayer.com/ https://*.lwcdn.com/ https://*.posturalyoga.com/ https://*.live.com/ https://*.storage.live.com/ https://s.w.org/ https://rebeccareis.bbvms.com/ https://stats.bluebillywig.com/ https://cdn.addevent.com/ https://*.supportai.com; object-src 'self' data: blob: https://*.stripe.com/ https://*.stripecdn.com/ https://www5.cbox.ws/ https://widgets.tree-nation.com/ https://ljsp.lwcdn.com/ https://*.lwcdn.com/ https://*.posturalyoga.com/ https://*.bookeo.com/ https://rebeccareis.bbvms.com/ https://cdn.addevent.com/ https://*.supportai.com https://vimeo.com/; frame-src 'self' data: blob: https://*.stripe.com/ https://*.stripecdn.com/ https://www5.cbox.ws/ https://widgets.tree-nation.com/ https://ljsp.lwcdn.com/ https://*.lwcdn.com/ https://*.posturalyoga.com/ https://*.bookeo.com/ https://rebeccareis.bbvms.com/ https://cdn.addevent.com/ https://*.supportai.com https://vimeo.com/; 1 default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://*.slinger.to/ https://*.doubleclick.net/ https://hcaptcha.com https://*.hcaptcha.com wss://webchat-api.digitalcx.com https://flackr.github.io; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://mmc.cdn.cm.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-KRYEeHkmTH01pHPVeVxO0g=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/ blob:; upgrade-insecure-requests 1 base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; connect-src 'self' https://www.googletagmanager.com/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://api.cloud.247-inc.net/ https://stg-tie.cloud.247-inc.net/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://d1af033869koo7.cloudfront.net http://d1af033869koo7.cloudfront.net https://dpm.demdex.net/ https://adobedc.demdex.net/ https://edge.adobedc.net https://privacyportal-eu.onetrust.com/ wss://127.0.0.1:2045 https://az416426.vo.msecnd.net/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://fonts.gstatic.com/ https://*.everesttech.net/ data: blob:; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://cm.everesttech.net/ https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=aRhlTr6QU8GF3Bfqzw%2F6O0EJe9OoC0nzdBnJtkV%2Bu1f9JntMUo5yXaqqrrAi768i7Y5kFz2sOV%2FR7%2B8qpOqxrQ%3D%3D; 1 base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://stats.g.doubleclick.net https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.polkastarter.com https://*.cookie3.co https://*.analytics.google.com https://analytics.google.com https://www.google.com https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://*.bnbchain.org https://*.bnbchain.org:8545/ https://rpc.ankr.com/bsc https://*.binance.org https://testnet.omni.network https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.base.org https://sepolia.base.org https://forno.celo.org https://alfajores-forno.celo-testnet.org https://mainnet.mode.network https://sepolia.mode.network https://goerli.optimism.io https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc.ankr.com/polygon_mumbai https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://rpc.ankr.com https://rpc.ankr.com/eth https://rough-lingering-pine.bsc.quiknode.pro https://skilled-white-brook.quiknode.pro https://quiet-light-sanctuary.base-mainnet.quiknode.pro https://rpc.mainnet.sui.io/ https://httpbin.org/ https://evm-rpc.sei-apis.com/ https://evm-rpc-testnet.sei-apis.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'none';frame-src https://in.sumsub.com/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live https://www.tradingview-widget.com https://s.tradingview.com https://*.facebook.net https://*.facebook.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://*.cookie3.co https://www.youtube.com https://unpkg.com https://s3.tradingview.com https://*.facebook.net https://*.facebook.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;worker-src 'self'; 1 frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1 default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https: rldb:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1 default-src 'self'; script-src 'self' blob: *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com https://seatmap.vivenu.com https://vivenu.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com https://*.adnxs.com *.adnxs.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com/ 'unsafe-eval' connect.facebook.net graph.facebook.com js.facebook.com *.taboola.com *.userway.org; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudfront.net tagmanager.google.com *.googletagmanager.com googletagmanager.com *.google.com *.analytics.google.com analytics.google.com https://seatmap.vivenu.com https://vivenu.com rsms.me https://tagmanager.google.com https://fonts.googleapis.com *.userway.org; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.simplybook.me https://seatmap.vivenu.com https://vivenu.com s3.eu-central-1.amazonaws.com lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com *.mappedin.net mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://s3.amazonaws.com https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com www.googletagmanager.com *.adnxs.com https://ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://www.gstatic.com https://vcx-centre-websites-stripe-logo.s3.ap-southeast-2.amazonaws.com *.userway.org; font-src 'self' *.amazonaws.com *.cloudfront.net *.storyblok.com *.googleapis.com *.gstatic.com rsms.me https://seatmap.vivenu.com https://vivenu.com https://fonts.gstatic.com data: data: *.userway.org; connect-src 'self' wss://seatmap.vivenu.com stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.sentry.io *.simplybook.me https://seatmap.vivenu.com https://vivenu.com *.vicinity.com.au *.trackjs.com *.stripe.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://fonts.gstatic.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://vicinitycentres.jrni.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://fonts.gstatic.com https://*.google.com https://*.google.com.au https://*.analytics.google.com https://*.google.com.au about: *.facebook.com connect.facebook.net *.taboola.com *.userway.org; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com connect.facebook.net *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com bytedance sslocal *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://seatmap.vivenu.com https://vivenu.com *.taboola.com https://*.adsrvr.org *.userway.org; object-src *.googlesyndication.com; media-src dai.google.com *.storyblok.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net; form-action *.google.com *.facebook.com connect.facebook.net; worker-src blob: *.google.com; frame-ancestors https://app.storyblok.com 1 script-src 'nonce-sBJf7lXizhQYLy2wuhLFi3n83/w=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1 none 1 default-src 'self' https://chat.shellfire.de https://www.google.de https://maps.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.analytics.google.com https://*.googleapis.com https://*.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.google.com https://optimize.google.com https://www.sandbox.paypal.com https://www.paypal.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://*.sitegpt.ai https://cdn.jsdelivr.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.shellfire.de https://www.google.com https://maps.google.com https://www.google.net https://connect.facebook.net https://www.google.com https://www.google.net https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.googletagmanager.com https://static.ads-twitter.com https://analytics.twitter.com https://*.analytics.twitter.com https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.paypal.com https://cdn.cookie-script.com https://report.cookie-script.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://sitegpt.ai https://*.sitegpt.ai https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.facebook.net https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; img-src data: * ; 1 default-src 'self' ; frame-src 'self' https://by.id.facct.ru https://acs2.bgpb.by https://3ds.alfabank.by https://ipcacs.bps-sberbank.by https://3ds.priorbank.by https://emv3ds.npc.by https://emv3ds.npc.by:8443 https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi2.mtbank.by:8046/ https://ucas.npc.by:8443/ https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io https://app.blinger.io https://static.mybank.by data: blob: https://www.google-analytics.com https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1 script-src 'self' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-Ve5ys-fXc47vrlfgZt2AxIgGmayCHnpw'; report-uri /report-csp-violation 1 allow ‘self’; 1 frame-ancestors 'self' decisely.com *.decisely.com 1 frame-ancestors https://*.procampaign.net 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com data-eu.purina.pl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.pl; report-uri /report-csp-violation 1 default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://www.googletagmanager.com https://*.clarity.ms https://*.qualtrics.com https://translate.google.com https://translate-pa.googleapis.com https://translate.googleapis.com https://schema.org https://www.google-analytics.com https://*.gstatic.com https://cdn.jsdelivr.net ; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://dayofmourning.ns.ca https://*.gstatic.com https://*.qualtrics.com https://*.clarity.ms https://www.googletagmanager.com https://c.bing.com; media-src 'self'; frame-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://*.clarity.ms https://*.qualtrics.com https://translate.google.com https://translate-pa.googleapis.com https://translate.googleapis.com https://schema.org https://www.google-analytics.com/ https://*.gstatic.com; frame-ancestors 'self' https://translate.google.com https://www.gstatic.com; font-src 'self' https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://cdn.ckeditor.com https://www.googletagmanager.com https://*.clarity.ms https://www.google-analytics.com https://translate.googleapis.com https://*.qualtrics.com https://translate-pa.googleapis.com https://translate.googleapis.com https://schema.org https://*.gstatic.com https://cdn.jsdelivr.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1 default-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com develop-ms-business.immodvisor.digital ms-business.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital *.immodvisor.dev; block-all-mixed-content; connect-src https://mato.immodvisor.com https://*.immodvisor.com https://develop-ms-business.immodvisor.digital https://ms-business.immodvisor.com http://localhost https://localhost https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha/api2/clr www.google.com/recaptcha/api/siteverify *.immodvisor.doc *.immodvisor.dev cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; font-src 'self' fonts.gstatic.com *.immodvisor.doc *.immodvisor.dev; frame-src 'self' www.youtube.com www.dailymotion.com geo.dailymotion.com my.matterport.com public-site-wp.immodvisor.com https://www.google.com *.immodvisor.doc *.immodvisor.dev; img-src 'self' data: public-site-wp.immodvisor.com placehold.co secure.gravatar.com public-staging.immodvisor.com develop-www.immodvisor.digital http://localhost:8080 staging-pro-photo.s3.rbx.io.cloud.ovh.net pro-photo.s3.rbx.io.cloud.ovh.net *.tile.openstreetmap.org tile.openstreetmap.org *.immodvisor.com www.immodvisor.com immodvisor.com *.immodvisor.doc *.immodvisor.digital *.immodvisor.dev cdn-cookieyes.com *.youtube.com; script-src 'self' mato.immodvisor.com public-site-wp.immodvisor.com www.immodvisor.com immodvisor.com develop-ms-business.immodvisor.dev www.gstatic.com www.google.com *.immodvisor.doc *.immodvisor.dev cdn-cookieyes.com 'nonce-eToaAz/4at+Ip+UDwIRPcQ=='; style-src 'self' 'unsafe-inline' public-site-wp.immodvisor.com *.immodvisor.doc *.immodvisor.dev; upgrade-insecure-requests 1 base-uri 'self'; default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; style-src https: 'unsafe-inline' https://*.mwstatic.de https://*.accessibility-heroes.de https://*.mehrwert.de; frame-ancestors https://*.mehrwert.de; frame-src 'self' https://*.mehrwert.de; form-action 'self'; font-src data: 'self' https://*.mehrwert.de; img-src data: 'self' https://*.mehrwert.de; media-src data: 'self' https://*.mehrwert.de; object-src data: 'self' https://*.mehrwert.de; connect-src data: 'self' https://*.mehrwert.de; 1 script-src 'self'; object-src 'none'; https://xhmaster.com 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com wireframe.cc cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-e168255dafe712b7d320d9f86ff0bc4f' 'unsafe-eval' wireframe.cc https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframe.cc wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc wireframe.cc data:; child-src 'self'; base-uri 'none'; frame-ancestors 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 1 sandbox allow-scripts allow-same-origin allow-forms ; 1 default-src blob: https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' *.google-analytics.com *.analytics.google.com; img-src data: https://* 'self' *.google-analytics.com *.analytics.google.com 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; report-uri /fr/log-report-uri/enforce 1 default-src: none; 1 allow *; options inline-script eval-script; frame-ancestors 'self'; 1 frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1 img-src 'self' *.norma.fr https://piwik.norma-online.de https://captcha.liveidentity.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma.fr https://piwik.norma-online.de www.youtube.com blob:; object-src 'none'; font-src 'self' *.norma.fr; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.amap.com *.dotomi.com *.tiktok.com; img-src 'self' data: *.google.com *.googleapis.com *.gstatic.com nexus.ensighten.com www.googletagmanager.com citiintl.122.2o7.net www.google-analytics.com www.google.co.in www.facebook.com *.dotomi.com *.tiktok.com; 1 default-src 'self'; img-src 'self'; media-src 'self' data:; 1 default-src 'self' blob:; sandbox allow-downloads allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-modals; base-uri 'self' https://md-scp.kampyle.com;upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://*.worldpay.com https://*.lowell.co.uk https://lowell.co.uk https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://*.decibelinsight.net https://*.decibelinsight.com https://pay.google.com https://www.googleanalytics.com https://bat.bing.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://widget.trustpilot.com https://www.youtube.com api.reciteme.com events.reciteme.com linguistics.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://*.tiktokads.com https://pagead2.googlesyndication.com https://analytics-fe.digital-cloud-uk.medallia.eu https://tags.srv.stackadapt.comhttps://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.lowell.co.uk https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://stats.g.doubleclick.net https://google.com https://*.decibel.com *.visualwebsiteoptimizer.com app.vwo.com https://api.ipify.org https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com wss://mpsnare.iesnare.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://ubt-lb.digital-cloud-uk.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://ubt-lb.digital-cloud.medallia.com https://uk.cc.avayacloud.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://noembed.com https://cdn.plyr.io https://api.reciteme.com https://events.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://*.tiktokads.com https://www.googleadservices.com https://analytics-fe.digital-cloud-uk.medallia.eu https://analytics-ipv6.tiktokw.us https://www.facebook.com https://bat.bing.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;frame-ancestors https://*.cardinalcommerce.com https://applepay.cdn-apple.com https://*.lowell.co.uk https://lowell.co.uk https://www.fisglobal.com https://pay.google.com https://*.lowellgroup.co.uk;style-src 'self' 'unsafe-inline' https://*.lowell.co.uk https://lowell.co.uk https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://www.googleanalytics.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://resources.digital-cloud-uk.medallia.eu https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://googletagmanager.com api.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://www.googletagmanager.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://*.lowell.co.uk https://lowell.co.uk https://*.google-analytics.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://www.facebook.com https://connect.facebook.net data: https://bat.bing.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://i.ytimg.com https://tools.applemediaservices.com https://toolbox.marketingtools.apple.com api.reciteme.com https://*.tiktok.com https://*.tiktokcdn.com https://*.tiktokads.com https://*.tiktokv.com data: https://www.googleadservices.com https://fonts.gstatic.com https://analytics-fe.digital-cloud-uk.medallia.eu https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com;object-src data: 'unsafe-eval' https://*.lowell.co.uk;frame-src https://*.cardinalcommerce.com https://*.worldpay.com https://www.google.com https://*.doubleclick.net https://www.googletagmanager.com https://*.lowell.co.uk/ https://*.lowellgroup.co.uk https://pay.google.com app.vwo.com *.visualwebsiteoptimizer.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://www.youtube.com https://widget.trustpilot.com https://*.tiktok.com https://*.tiktokads.com https://*.tiktokv.com https://td.doubleclick.net;font-src 'self' https://*.lowell.co.uk https://lowell.co.uk https://fonts.gstatic.com https://fonts.googleapis.com https://applepay.cdn-apple.com data: https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://digital-cloud-phx1.medallia.com https://resources.digital-cloud-phx1.medallia.com https://td.doubleclick.net api.reciteme.com;worker-src 'self' https://*.decibelinsight.net wss://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.com blob:;media-src https://mpsnare.iesnare.com data: api.reciteme.com; 1 default-src 'self' https: 1 default-src *; connect-src *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 1 default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1 default-src 'self';; script-src 'self' 'unsafe-eval' https://winsnetwork.org/ https://www.winsnetwork.org/ https://cdn.ckeditor.com https://js-agent.newrelic.com/nr-rum-1.241.0.min.js https://s0.assets-yammer.com/assets/platform_social_buttons.min.js https://static.userback.io/widget/v1.js https://unpkg.com/aos@2.3.1/dist/aos.js https://www.googletagmanager.com/gtag/js;; object-src 'none'; style-src 'self' 'unsafe-inline' https://winsnetwork.org/ https://www.winsnetwork.org/ https://cdn.ckeditor.com https://fonts.googleapis.com https://pro.fontawesome.com https://unpkg.com data: url(*) ; ; img-src 'self' data: https://winsnetwork.org/ https://www.winsnetwork.org/;; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://pro.fontawesome.com; ; report-uri /report-csp-violation 1 default-src 'self'; script-src *.corp *.parceirosantander.com.br https://fve.paas.santanderbr.pre.corp *.santander.com.br *.go-mpulse.net go-mpulse.net https://s.go-mpulse.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googleoptimize.com 'self' 'unsafe-inline' https:; style-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' 'unsafe-inline'; child-src *.corp *.parceirosantander.com.br *.santander.com.br 'self'; img-src *.corp *.parceirosantander.com.br *.santander.com.br https://*.akstat.io 'self' data:; connect-src *.corp *.parceirosantander.com.br *.bs.br.bsch *.blob.core.windows.net *.santander.com.br https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://www.google.com 'self'; object-src 'self' blob:; media-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' blob:; frame-src https://www.google.com *.corp *.parceirosantander.com.br *.santander.com.br 'self'; font-src *.corp *.parceirosantander.com.br *.santander.com.br 'self' data:; frame-ancestors 'self' https://www.google.com *.corp *.parceirosantander.com.br *.santander.com.br 1 default-src 'none'; block-all-mixed-content; connect-src 'self' google.com www.google.com *.analytics.google.com nr-data.net *.nr-data.net *.smartsuppchat.com *.clarity.ms *.smartsuppcdn.com bat.bing.com consentcdn.cookiebot.com wss://websocket-visitors.smartsupp.com cdn.jsdelivr.net googlesyndication.com *.googlesyndication.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net manager.eu.smartlook.cloud google.cz www.google.cz *.seznam.cz analytics.tiktok.com www.analytics.tiktok.com *.elfsight.com analytics-ipv6.tiktokw.us www.analytics-ipv6.tiktokw.us *.metricool.com *.boldem.cz facebook.com www.facebook.com *.elfsightcdn.com universe-static.elfsightcdn.com googleadservices.com *.googleadservices.com *.googlesyndication.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net; img-src 'self' w3.org data: xdigr.cz facebook.com *.facebook.com bat.bing.com *.seznam.cz *.cookiebot.com www.google.com www.google.cz files.smartsuppcdn.com c.clarity.ms *.bing.com www.googletagmanager.com *.cdninstagram.com *.fbcdn.net *.googleusercontent.com *.elfsightcdn.com *.metricool.com; media-src 'self' *.smartsuppcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google.com www.gstatic.com js-agent.newrelic.com consent.cookiebot.com consentcdn.cookiebot.com smartsuppchat.com *.smartsuppchat.com clarity.ms scripts.clarity.ms www.clarity.ms smartlook.com *.smartlook.com seznam.cz *.seznam.cz bing.com *.bing.com www.smartsuppchat.com facebook.net *.facebook.net *.smartsuppcdn.com googleads.g.doubleclick.net www.googleadservices.com ajax.cloudflare.com www.ajax.cloudflare.com static.cloudflareinsights.com www.static.cloudflareinsights.com analytics.tiktok.com www.analytics.tiktok.com analytics-ipv6.tiktokw.us analytics-ipv6.tiktokw.us *.elfsight.com universe-static.elfsightcdn.com *.metricool.com *.boldem.cz; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.smartsuppcdn.com *.boldem.cz; worker-src 'self' blob: 1 default-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://youtube.com https://youtu.be https://*.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.facebook.net https://*.typekit.net https://*.google.be https://*.google.nl https://*.google.com https://*.googletagmanager.com https://*.analytics.google.com https://*.doubleclick.net https://m16.mailplus.nl https://flackr.github.io https://*.google-analytics.com https://region1.google-analytics.com https://mpc2-prod-1-is5qnl632q-uc.a.run.app https://demo-1.conversionsapigateway.com https://squeezely.tech https://*.squeezely.tech https://*.googlesyndication.com https://*.brevo.com/; block-all-mixed-content; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-uN37ks2NGANVgV1MPttJMg=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://static.mailplus.nl blob:; upgrade-insecure-requests 1 default-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org https://login.microsoftonline.com https://www.google.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://*.kununu.com https://*.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com https://*.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de https://global.frcapi.com https://www.google.com https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com https://*.kununu.com https://*.spendino.de https://*.youtube-nocookie.com https://*.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org https://cshs.myskbs.de https://pro.doctolib.de https://*.amazonaws.com https://*.cloudfront.net https://*.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com https://*.cloudfront.net https://*.kununu.com https://*.youtube-nocookie.com https://*.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com https://*.youtube-nocookie.com https://*.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com https://*.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://*.kununu.com https://*.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 1 frame-ancestors DENY 1 default-src * 'self' *.lpsnmedia.net *.billtrust.com; style-src 'self' http://* 'unsafe-inline' *.lpsnmedia.net *.liveperson.net *.billtrust.com https://*.hotjar.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.liveperson.net https://*.hotjar.com assets.adobedtm.com; img-src * 'self' data: https: *.lpsnmedia.net https://*.hotjar.com; font-src 'self' data: https://smart-ip.net *.kaltura.com https://*.hotjar.com; connect-src 'self' wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.azurewebsites.net wss://*.signalr.net *.signalr.net *.kaltura.com *.walkme.com *.demdex.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.omtrdc.net; frame-src * 'self' *.lpsnmedia.net *.liveperson.net; media-src 'self' blob: *.lpsnmedia.net *.kaltura.com; 1 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report 1 frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online https://ecommerctst.tatasteel.online https://ecmc01qa.tatasteel.online https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online https://local.tatacwr.com/CWR/docroot/ https://dev.tatasteelnederland.com/ https://test.tatasteelnederland.com/ http://local.tatasteel.nl/ https://www.tatasteelnederland.com/; report-uri /report-csp-violation 1 default-src 'none'; frame-ancestors 'self'; frame-src 'self' https://login.microsoftonline.com/ https://challenges.cloudflare.com/ https://forms.office.com https://www.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net/2.3.4/js/dataTables.js https://challenges.cloudflare.com/ https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.datatables.net/2.3.4/css/dataTables.dataTables.css https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://challenges.cloudflare.com/ https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; manifest-src 'self'; base-uri 'none'; form-action 'self' https://search.ebscohost.com https://logon.ebsco.zone https://research.ebsco.com 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.soundcloud.com https://*.instagram.com https://*.tiktok.com https://forms.office.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://analytics.tiktok.com https://*.doubleclick.net https://widget.tablefever.com https://www.facebook.com https://fonts.gstatic.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.gstatic.com https://www.facebook.com https://*.google.be https://*.google.nl https://*.googlesyndication.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com 'nonce-tg6ZFraKWvNknH5HdJva1Q=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1 form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://app.mailjet.com/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://app.mailjet.com/; object-src 'self' https://cdn.joomlacontenteditor.net/ 1 default-src 'self' unpkg.com *.gstatic.com *.clarity.ms maps.googleapis.com google-analytics.com *.google-analytics.com *.analytics.google.com *.doubleclick.net www.google.com google.com *.clickonometrics.pl www.awin1.com static.criteo.net welovedata.go2cloud.org *.bing.com *.cookiebot.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com *.stbuttons.click *.sharethis.com *.googleapis.com maps.google.com cke4.ckeditor.com; font-src 'self' *.gstatic.com bat.bing.com *.sovendus.com data:; frame-src 'self' *.google.com google.com *.youtube.com *.cookiebot.com *.clickonometrics.pl www.awin1.com bat.bing.com www.mainadv.com www.googletagmanager.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com data:; img-src 'self' data: *.google-analytics.com maps.gstatic.com maps.googleapis.com *.clickonometrics.pl *.google.com *.clarity.ms www.google.pl www.awin1.com welovedata.go2cloud.org bat.bing.com www.facebook.com *.roeye.com *.cookiebot.com *.bing.com *.sovendus.com *.sharethis.com 'unsafe-inline' *.tpay.com tpay.com; media-src *; script-src 'self' www.google.com *.gstatic.com developers.google.com www.googletagmanager.com clarity.microsoft.com *.clarity.ms *.cookiebot.com *.clickonometrics.pl www.dwin1.com www.awin1.com static.criteo.net connect.facebook.net *.roeyecdn.com *.cloudflareinsights.com *.bing.com *.doubleclick.net *.sovendus.com *.sharethis.com 'unsafe-eval' 'unsafe-inline' *.googleapis.com maps.google.com cke4.ckeditor.com; style-src 'self' *.googleapis.com *.clarity.ms *.cookiebot.com *.clickonometrics.pl *.sovendus.com bat.bing.com 'unsafe-inline' 1 frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.affirm.com *.app-us1.com *.bing.com *.clarity.ms *.doubleclick.net *.files-text.com *.fontawesome.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.typekit.com *.venmo.com *.visualwebsiteoptimizer.com *.vwo.com *.youtube.com ccint.activehosted.com cdn.ckeditor.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net fonts.bunny.net i.ytimg.com stackpath.bootstrapcdn.com trackcmp.net unpkg.com www.facebook.com; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com blob: https://*.vectorshift.ai https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://cdn.jsdelivr.net https://*.surveymonkey.com https://js.stripe.com/v3/ https://player.vimeo.com https://unpkg.com; img-src 'self' https://nzmca-666756499883.s3.ap-southeast-2.amazonaws.com https://cdn.nzmca.org.nz blob: https://d1o3mhf2l0m2f4.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://i.ytimg.com https://*.facebook.com https://*.surveymonkey.com; frame-src *.google.com *.vectorshift.ai https://*.doubleclick.net https://www.googletagmanager.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.stripe.com player.vimeo.com; connect-src 'self' https://nzmca-666756499883.s3.ap-southeast-2.amazonaws.com https://cdn.nzmca.org.nz https://d1o3mhf2l0m2f4.cloudfront.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://*.vectorshift.ai https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.surveymonkey.com https://vimeo.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com; worker-src blob: 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com aus-widget.freshworks.com *.clarity.ms *.google.com *.gstatic.com www.youtube.com; style-src 'self' 'unsafe-inline' aus-widget.freshworks.com; img-src 'self' data: *.clarity.ms c.bing.com *.googletagmanager.com i.ytimg.com; media-src 'self'; frame-src 'self' *.google.com www.youtube.com *.freshdesk.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' data:; connect-src 'self' *.google-analytics.com *.google.com aus-widget.freshworks.com *.clarity.ms *.freshdesk.com *.googletagmanager.com https://sentry.atech.host/api/24/envelope/; report-uri /report-csp-violation 1 frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none'; block-all-mixed-content; connect-src 'self' https://tiles2.ncm.gov.ae https://www.google-analytics.com; font-src 'self' https://assets.ncm.gov.ae; img-src 'self' data: https://tiles2.ncm.gov.ae https://assets.ncm.gov.ae; manifest-src 'self'; script-src 'self' https://assets.ncm.gov.ae 'unsafe-eval' 'unsafe-inline' 'nonce-NvvKqUJrlgnmxYYRYnM4yA=='; style-src 'self' https://assets.ncm.gov.ae 'unsafe-inline' 'nonce-NvvKqUJrlgnmxYYRYnM4yA=='; worker-src blob: 1 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://www.yobingo.pt 1 default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com letsgoeasy-koop.de; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src * https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl; report-uri /log-report-uri/enforce 1 default-src 'self'; script-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com cdn.ckeditor.com maps.googleapis.com *.polyfill.io *.google.com *.unpkg.com *.gstatic.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org connect.facebook.net; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: maps.gstatic.com maps.googleapis.com imgsct.cookiebot.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org return.flexmail.eu; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com slant.co data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: region1.google-analytics.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content 1 base-uri 'self' 1 default-src data: 'self' https://*.ytimg.com https://*.youtube.com https://*.youtu.be https://*.vimeocdn.com https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://*.google.be https://*.google.nl https://*.youtube-nocookie.com https://*.monday.com https://*.doubleclick.net https://*.slinger.to/ https://fonts.bunny.net/ https://forms.monday.com https://*.sibforms.com https://*.brevo.com https://*.tiktokw.us https://*.momants.ai wss://*.momants.ai https://backend-space.ams3.cdn.digitaloceanspaces.com; block-all-mixed-content; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-5H5y+aNh/fNjlnC+aLuSTA=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/ https://fonts.bunny.net/ https://sibforms.com; upgrade-insecure-requests 1 frame-ancestors https://go.cargomatic.com/l/911892/2023-10-10/rzl4f 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1 default-src 'self'; script-src 'self' 'nonce-IIUP3kB3TJNngOeoI6SXZw==' https://cdn.cookielaw.org https://cdn.leggett.com https://sc.lfeeder.com; script-src-elem 'self' 'nonce-IIUP3kB3TJNngOeoI6SXZw==' https://cdn.cookielaw.org https://cdn.leggett.com https://www.googletagmanager.com/ https://www.google.com https://sc.lfeeder.com; style-src 'self' 'nonce-IIUP3kB3TJNngOeoI6SXZw==' https://cdn.cookielaw.org https://cdn.leggett.com; style-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.leggett.com https://p.typekit.net; style-src-attr 'unsafe-inline'; img-src 'self' data: https://cdn.cookielaw.org https://i.vimeocdn.com https://cdn.leggett.com https://tr.lfeeder.com/; font-src 'self' https://use.typekit.net https://cdn.cookielaw.org https://cdn.leggett.com; frame-src 'self' https://vimeo.com https://*.vimeo.com https://leggett.com https://*.leggett.com; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com/ https://ds-portal-leggett.my.onetrust.com/ https://www.google-analytics.com/ https://www.google.com; base-uri 'self'; form-action 'self'; object-src 'none'; upgrade-insecure-requests 1 default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://consentcdn.cookiebot.com https://open.spotify.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.weezevent.com https://docs.google.com https://cdn.jsdelivr.net https://licensing.bitmovin.com https://analytics-ingress-global.bitmovin.com https://d12sgur2q2of22.cloudfront.net/ blob: https://*.tiktok.com https://*.analytics.google.com https://*.spotify.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com; object-src 'none'; script-src 'self' https://consent.cookiebot.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-pNM3LJdta+pBuEPGVjcN/Q=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://cdn.jsdelivr.net; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing https://www.freecontent.stream wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-gpSRPJO+HGzLXt4SmWfbpQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1 default-src 'self' data: https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://i.ytimg.com https://images-secure.pixibox.com https://www.instagram.com https://instagram.com https://capig.stape.cloud https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com; font-src 'self' data: https://cloud.typography.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://app.greenoco.io https://e-v-uat.reach5.net https://e-v-prod.reach5.net https://metrics.elle-et-vire.com https://www.google.com https://www.google.fr https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://www.youtube.com https://www.instagram.com https://maps.google.com/; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.elle-et-vire.com https://fonts.googleapis.com; report-uri /nelmio/csp/report 1 default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1 base-uri 'self'; default-src 'self'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com https://metrics.mehrwert.de https://api.usercentrics.eu https://app.usercentrics.eu https://graphql.usercentrics.eu https://consents.usercentrics.eu https://uct.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://sentry.dev.mehrwert.de; style-src https: 'unsafe-inline' https://www.junited-autoglas.de p-su0yn5.project.space https://www.youtube-nocookie.com https://metrics.mehrwert.de; frame-ancestors https://www.junited-autoglas.de https://p-su0yn5.project.space https://metrics.mehrwert.de; frame-src 'self' https://www.youtube-nocookie.com https://p-su0yn5.project.space https://metrics.mehrwert.de; form-action 'self'; font-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://fonts.gstatic.com; img-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com https://i.ytimg.com https://metrics.mehrwert.de; media-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://www.youtube-nocookie.com; object-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space; connect-src data: 'self' https://www.junited-autoglas.de https://p-su0yn5.project.space https://metrics.mehrwert.de; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://i.scdn.co/; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.jackbosch.com/ https://*.paypal.com/ https://*.stripe.com/ https://joinnow.live/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.jackbosch.com/ https://*.paypal.com/ https://*.stripe.com/ https://joinnow.live/; 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1 default-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; frame-src 'self'; object-src 'none'; upgrade-insecure-requests; base-uri 'none'; 1 default-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; script-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; style-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; font-src 'self' https: http://www.portaleamministrazionetrasparente.it/ 1 default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com piwik.itzbund.de matomo03.itzbund.de; img-src 'self' data: demografie-portal.de *.demografie-portal.de 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de matomo03.itzbund.de; frame-ancestors 'self'; 1 default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1 frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1 default-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com https://api-eu.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://pay.google.com https://google.com https://*.google.com https://applepay.cdn-apple.com https://*.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://static.digitalchargingsolutions.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://api.mixpanel.com https://api-js.mixpanel.com https://api-eu.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://pay.google.com https://google.com https://*.google.com https://applepay.cdn-apple.com ; frame-src 'self' https://pay.sandbox.datatrans.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://pay.google.com https://google.com https://*.google.com https://applepay.cdn-apple.com ; img-src 'self' https: data: https://cpo-logo.digitalchargingsolutions.com https://static.digitalchargingsolutions.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://pay.google.com https://google.com https://*.google.com https://applepay.cdn-apple.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com ; style-src 'self' 'unsafe-inline' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.adyen.com https://*.cdn.adyen.com https://*.paypal.com https://pay.google.com https://google.com https://*.google.com https://applepay.cdn-apple.com ; font-src 'self' https://static.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com data: https://applepay.cdn-apple.com; 1 default-src 'self' https://www.google.com/ ; frame-ancestors 'self' https://*.nhs.uk; frame-src 'self' https://webchat.mitel.io/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' https://maps.googleapis.com https://webchat.mitel.io/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://webassistant.onconnect.app; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://fonts.googleapis.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net https://webassistant.onconnect.app; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://*.api.mitel.io https://jsonip.com https://maps.googleapis.com/ https://gcp-gateway.eu.api.mitel.io/ https://director.api.mitel.io/ https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net https://webassist.onconnect.app https://webassistant.onconnect.app https://produkswebassistsignalr18.service.signalr.net wss://produkswebassistsignalr18.service.signalr.net; manifest-src 'self'; base-uri 'none'; form-action 'self'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.aok.de https://mediathek.aok.de https://mediathek.aok.de:8443 https://anonym.aok.de https://vimeo.com https://*.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com https://app.easy-feedback.com https://easy-feedback.de https://e.infogram.com https://challenges.cloudflare.com; img-src 'self' https://mediathek.aok.de https://anonym.aok.de https://*.vimeocdn.com https://*.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com https://app.easy-feedback.com data:; script-src 'self' 'unsafe-inline' https://mediathek.aok.de https://anonym.aok.de https://e.infogram.com https://app.easy-feedback.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://challenges.cloudflare.com https://e.infogram.com https://www.youtube-nocookie.com https://*.youtube.com https://vimeo.com https://*.vimeo.com; worker-src 'self' blob:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.sgwidget.com/; img-src 'self' https://secure.gravatar.com/; object-src 'self' ; frame-src 'self' ; 1 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com code.jquery.com chatserver.comm100.com *.comm100.io *.twitter.com *.facebook.net *.facebook.com cdnjs.cloudflare.com *.1automations.com *.ipify.org; worker-src 'self' blob:; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.typekit.net use.fontawesome.com cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht *.google.com *.google.co.in *.comm100.io *.comm100.com www.googletagmanager.com i.ytimg.com secure.gravatar.com *.w.org *.twitter.com *.facebook.com *.facebook.net cdn.jsdelivr.net; media-src 'self' *.wikimedia.org; frame-src 'self' blob: *.google.com www.youtube.com www.googletagmanager.com *.twitter.com *.facebook.com *.facebook.net; font-src 'self' data: fonts.gstatic.com *.typekit.net chatserver.comm100.com use.fontawesome.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com stats.g.doubleclick.net chatserver11.comm100.io yoast.com *.ipify.org *.1automations.com; frame-ancestors 'self' https://afsiasolar.com https://*.afsiasolar.com https://mesia.com https://*.mesia.com https://mesia.glueup.com https://cdn.jsdelivr.net; 1 frame-ancestors *.carkeys.co.uk 1 base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com https://staticcdn.co.nz https://www.youtube-nocookie.com/; img-src 'self' https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://staticcdn.co.nz https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-ZjRhOGM3YjE3OWY4ZDdhN2ViYmRhZDUwYzc2MzM3MmZkNDY0NDcwNDE3NjQ5MWI0YzZkZjdlZWJjZWYxYmFkZWE5ZjA4MTJmYTdhZGRkZjY5YTJhODQwNWZhMWQwNjc2ODRhYWYxZjYzNjcyZDZmMThiN2Q2MTljZGJlNzdlNDY=' 'unsafe-eval' blob:; style-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1 default-src 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org https://login.microsoftonline.com https://www.google.com https://ctk.matomo.cloud http://ctk.matomo.cloud ctk.matomo.cloud https://eutils.ncbi.nlm.nih.gov https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de https://global.frcapi.com https://www.google.com https://*.youtube-nocookie.com https://*.youtube.com https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdn.matomo.cloud http://cdn.matomo.cloud cdn.matomo.cloud https://ctk.matomo.cloud http://ctk.matomo.cloud ctk.matomo.cloud https://zlm.mul-ct.de http://zlm.mul-ct.de zlm.mul-ct.de https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 1 default-src 'none'; script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com cognitoforms.com *.cognitoforms.com typekit.net *.typekit.net static.srcspot.com; frame-ancestors 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; frame-src 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; img-src * data: blob: 'unsafe-inline'; report-uri /nelmio/csp/report 1 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1 default-src 'self'; connect-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.googleapis.com https://*.acsbapp.com https://acsbapp.com https://*.analytics.google.com; font-src 'self' https://kit.fontawesome.com https://ka-p.fontawesome.com https://acsbapp.com https://*.acsbapp.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://online.flippingbook.com https://*.googletagmanager.com https://www.google.com; img-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://acsbapp.com https://*.acsbapp.com https://secure.gravatar.com; script-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://kit.fontawesome.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://acsbapp.com https://*.acsbapp.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://tagmanager.google.com https://acsbapp.com https://*.acsbapp.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self'; script-src 'self'; img-src 'self'; connect-src 'self'; 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com app.privacybee.ch app.privacybee.io *.googleapis.com *.google.com *.google.ch; font-src 'self' fonts.gstatic.com cdn.scaleflex.it; frame-src player.vimeo.com www.googletagmanager.com challenges.cloudflare.com; img-src 'self' data: region1.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.google.ch maps.gstatic.com; script-src 'self' region1.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.privacybee.ch app.privacybee.ch app.privacybee.io challenges.cloudflare.com ga.jspm.io 'nonce-7bFcuQE3w3kwAO8oPdUTBQ=='; style-src 'self' fonts.googleapis.com app.privacybee.ch app.privacybee.io 'unsafe-inline'; upgrade-insecure-requests; report-uri /nelmio/csp/report; worker-src 'self' blob: 1 allow 'self' data: blob; 'inline' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com www.creativecomputerconsulting.ca *.tiktok.com *.ttwstatic.com; 1 base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-4jP5xQcEI22S48mvwDwsQg=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1 block-all-mixed-content; report-uri /nelmio/csp/report 1 frame-ancestors * *.funnld.com funnld.com *.reactrealestate.com reactrealestate.com *.1clickrealestate.com 1clickrealestate.com *.miamirealestate.agency miamirealestate.agency *.themortgagecalculator.co themortgagecalculator.co *.themortgagecalculator.com themortgagecalculator.com *.signrequest.com signrequest.com; 1 default-src 'self' 'unsafe-inline'; 1 default-src 'self'; base-uri 'none'; connect-src 'self' https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://api.privacy-center.org https://bat.bing.com https://bat.bing.net https://pagead2.googlesyndication.com https://srnllpf.pa-cd.com https://tagassistant.google.com https://topics.avads.net https://trackster.avads.net https://www.facebook.com https://www.google.com https://www.google.fr https://www.googleadservices.com https://analytics.google.com https://*.analytics.google.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://privacy.telethon.fr https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube-nocookie.com https://ps.avads.net; img-src 'self' data: https://x.bidswitch.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://ads.avads.net https://bat.bing.com https://googletagmanager.com https://nocookie.avads.net https://pagead2.googlesyndication.com https://www.afm-telethon.fr https://www.facebook.com https://www.google.com https://www.google.fr https://www.googleadservices.com https://analytics.google.com https://*.analytics.google.com; media-src 'self' data:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://analytics.tiktok.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://googletagmanager.com https://pagead2.googlesyndication.com https://sdk.privacy-center.org https://srnllpf.pa-cd.com https://static.avads.net https://tag.aticdn.net https://tagassistant.google.com https://tagmanager.google.com https://www.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://googletagmanager.com https://tagassistant.google.com https://tagmanager.google.com https://www.googletagmanager.com; worker-src 'none' 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com https://*.sentry.io; font-src 'self' https://*.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src *; img-src 'self' https://*.google-analytics.com data:;; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.smooch.io https://*.sentry.io https://*.zdassets.com https://*.zendesk.com https://*.zopim.com 'nonce-JrKCctIhgm4YsP/8FpeRZw=='; style-src 'self' 'unsafe-hashes' 'unsafe-eval' https://cdn.jsdelivr.net https://*.googleapis.com 'nonce-JrKCctIhgm4YsP/8FpeRZw=='; upgrade-insecure-requests 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com static.hotjar.com sc-static.net connect.facebook.net embed.tawk.to *.google-analytics.com *.paypal.com script.hotjar.com ajax.googleapis.com ws.colissimo.fr *.colissimo.fr api.mapbox.com *.axept.io *.tawk.to cdn.jsdelivr.net *.matomo.cloud *.googleapis.com *.snapchat.com *.youtube.com landing.ls.skeepers.io googleads.g.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googleadservices.com *.googlesyndication.com *.klaviyo.com;frame-src 'self' *.snapchat.com vars.hotjar.com *.google.fr *.facebook.com *.tawk.to *.youtube.com *.calameo.com *.vimeo.com td.doubleclick.net ls-prd-cdn.s3.eu-west-1.amazonaws.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' tagmanager.google.com api.mapbox.com ws.colissimo.fr *.colissimo.fr embed.tawk.to cdn.jsdelivr.net fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com blob: *.googletagmanager.com *.klaviyo.com;img-src 'self' data: tr.snapchat.com *.facebook.com *.google.fr *.google.com *.onyourmap.com ws.colissimo.fr *.colissimo.fr *.mapbox.com axeptio.imgix.net *.tawk.to cdn.jsdelivr.net tawk.link script.hotjar.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.be favicons.axept.io googleads.g.doubleclick.net spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.terreseteaux.fr *.mux.com *.klaviyo.com *.cloudfront.net;font-src 'self' data: ws.colissimo.fr *.colissimo.fr *.tawk.to fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net github.com fonts.googleapis.com ls-prd-cdn.s3.eu-west-1.amazonaws.com *.mux.com;connect-src 'self' *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne in.hotjar.com stats.g.doubleclick.net ws.colissimo.fr *.colissimo.fr *.hotjar.io *.axept.io tr.snapchat.com *.hotjar.com *.tawk.to wss://*.tawk.to wss://*.hotjar.com api.sandbox.getalma.eu api.getalma.eu maps.googleapis.com terreseteaux.matomo.cloud *.facebook.com *.analytics.google.com *.google.com *.snapchat.com *.googlesyndication.com spockee-cdn.s3.ca-central-1.amazonaws.com backoffice-api.spockee.io api.spockee.io api-analytics.ls.skeepers.io landing.ls.skeepers.io api-backoffice.ls.skeepers.io api.ls.skeepers.io party.spockee.io ls-prd-cdn.s3.eu-west-1.amazonaws.com wss://api-socket.ls.skeepers.io api-feature-flag.ls.skeepers.io *.mux.com *.litix.io stream.mux.com *.skeepers.io googleads.g.doubleclick.net *.googleadservices.com *.google.fr mpc-prod-17-s6uit34pua-wl.a.run.app demo-1.conversionsapigateway.com *.klaviyo.com *.mapbox.com;base-uri 'self';media-src 'self' data: *.tawk.to ls-prd-cdn.s3.eu-west-1.amazonaws.com stream-mux.com *.mux.com blob:;report-uri /csp/report;form-action secure.payzen.eu *.tawk.to *.facebook.com ls-prd-cdn.s3.eu-west-1.amazonaws.com 1 default-src 'self' www.fotoprofi.de img.fotoprofi.de https://pc-cdn.fra1.cdn.digitaloceanspaces.com/ rmail.fotoprofi.de c.emailsys2a.net apple.com *.apple.com cdn.pay1.de d.ratepay.com d.ratepay.de secure.pay1.de https://www.youtube-nocookie.com img.youtube.com i.ytimg.com analytics.google.com *.analytics.google.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com tagmanager.google.com *.tagmanager.google.com apis.google.com *.apis.google.com www.gstatic.com bat.bing.com bat.bing.net connect.facebook.net facebook.com *.facebook.com facebook.net *.facebook.net *.etrusted.com *.trustedshops.com *.saal-digital.net *.fotodiensteservice.de https://s3.eu-central-1.amazonaws.com/fra-webresources/ https://s3.eu-central-1.amazonaws.com/fra-webpages.shop.saal-digital.net/ fra-webresources.s3.eu-central-1.amazonaws.com photoservice.cloud https://*.loadbee.com/ availability.loadbee.com/v3/EAN/ https://cdn.loadbee.com https://content.syndigo.com/asset/ https://content.syndigo.com/page/ https://content.syndigo.com/site/ https://scontent.webcollage.net https://syndi.webcollage.net/site/xenudo-de-de/tag.js https://*.joomag.com/res_mag/ https://www.gravatar.com media.flixcar.com media.flixfacts.com *.flix360.com media.flixsyndication.net *.flix360.io syndication.flix360.com *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.jwplayer.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com analytics.webgains.io api.webgains.io 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report.php; upgrade-insecure-requests 1 script-src 'self' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'unsafe-eval' https://siteimproveanalytics.com https://*.mouseflow.com https://*.app.cookieinformation.com; frame-ancestors *.commentor.dk https://pensure.dk https://drb.bankdata.dk https://*.bankdata.dk https://*.jyskebank.dk https://*.pension.dk *.bec.dk http://pbuapp.ngrok.io https://portal.pfa.dk https://mit.pfa.dk https://mitpfa.dk https://www.industrienspension.dk https://Pka.dk https://Pbu.dk https://Lppension.dk *.danicapension.dk *.appension.dk *.pensure.dk https://mppension.dk *.pka.dk *.pbu.dk *.lppension.dk drb://drb.jyskebank.dk https://drb.jyskebank.dk https://localhost:44337/* https://akademikerpension.dk https://*.sydbank.dk https://*.almbrand.dk drb://drb.sydbank.dk drb://drb.almbrand.dk https://staging.pengeprofilen.dk https://min.pengeprofilen.dk https://app.kreditdata.dk *.mitotium.dk *.pensure.dk https://drb.nordfynsbank.dk drb://drb.nordfynsbank.dk https://drb.skjernbank.dk drb://drb.skjernbank.dk https://drb.djurslandsbank.dk drb://drb.djurslandsbank.dk https://drb.kreditbanken.dk drb://drb.kreditbanken.dk https://drb.landbobanken.dk drb://drb.landbobanken.dk https://drb.spks.dk drb://drb.spks.dk https://netpension.velliv.dk 1 default-src 'self';script-src 'self' 'nonce-YrFy0JMI93dva5JU3RWv0ijaFmJSMbo2NknqucSsbp4=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com https://*.vimeocdn.com https://*.lime-forms.se;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com https://*.gstatic.com https://*.google.com https://*.google.se https://*.lime-forms.se data: https://bat.bing.com;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.se https://*.doubleclick.net https://bat.bing.com;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.lime-forms.se;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com https://*.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.lime-forms.se https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com; 1 frame-ancestors 'self' https://appwizzy.com 1 default-src 'self' data:; block-all-mixed-content; connect-src http: https: ws: blob: 'self' *.tinymce.com *.tiny.cloud blob:; font-src 'self' data: fonts.gstatic.com *.tinymce.com *.tiny.cloud *.fontawesome.com; frame-src 'self' data: *.stonly.com; img-src 'self' data: http: https: *.tinymce.com *.tiny.cloud data: blob:; script-src 'self' 'unsafe-inline' js-agent.newrelic.com static.zdassets.com *.zendesk.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com *.posthog.com stonly.com *.stonly.com *.tinymce.com *.tiny.cloud unpkg.com 'nonce-UDOygHdu7+DSCubhALE5cA=='; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com stonly.com *.stonly.com *.tinymce.com *.tiny.cloud; upgrade-insecure-requests; worker-src 'self' blob: 1 frame-ancestors https://*.affordablehousing411.com 1 frame-ancestors 'self' https://*.etracker.com 1 base-uri 'self'; script-src 'self' www.googletagmanager.com graph.instagram.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com rawgit.com 'unsafe-inline' fontawesome.com www.youtube.com recaptcha.net s.ytimg.com 0.0.0.0:8080 'unsafe-eval' static.axept.io cdn.tailwindcss.com cdn.jsdelivr.net 1 default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg www.google.mu www.google.com.tj www.google.com.kw ajax.cloudflare.com www.google.com.pe www.google.li www.google.com.gh www.google.sn www.google.bj www.google.dz www.google.com.jm www.google.com.cu www.google.cd api.wp-rocket.me; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1 img-src * data:; media-src * data: blob:; 1 frame-src https://www.olisnet.com/ https://olisnet.com/ https://www.fa.olisnet.com/ https://www.tableau.olisnet.com/ https://www.edr.olisnet.com/ https://ebanking-auth.edmond-de-rothschild.eu/ 1 default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr *.google.com google.com https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com *.googletagmanager.com googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com https://instapi.s3.rbx.io.cloud.ovh.net *.imagino.com *.fabriquedestyles.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.experimentation.dev *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.pinterest.com *.pinterest.net *.pinterest.fr *.analytics.google.com *.privacy-center.org privacy-center.org *.clarity.ms *.fabriquedestyles.com *.paypal.com paypal.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com *.google.com google.com *.privacy-center.org privacy-center.org *.paypal.com paypal.com;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /fr/log-report-uri/enforce 1 frame-ancestors rextheme.com; 1 default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com www.googleadservices.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com https://*.intercom-messenger.com wss://*.intercom-messenger.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net https://ajax.googleapis.com bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors 'self' https://admin.yallastore.co.il; 1 frame-ancestors 'self' https://weiterbildung.snv.ch/ 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org unpkg.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com unpkg.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com unpkg.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1 frame-ancestors https://*.communaute-paysbasque.fr 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.google.com https://*.typekit.net https://metrics.mehrwert.de https://www.google-analytics.com/; style-src https: 'unsafe-inline' https://*.myfonts.net https://*.twitter.com https://*.google.de https://*.typekit.net https://metrics.mehrwert.de; frame-ancestors https://www.fortuna-koeln.de https://verein.fortuna-koeln.de https://verein.www.fortuna-koeln.de https://www.fortuna-koeln.de https://twitter.com https://*.twitter.com 1 default-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self';style-src 'self' 'unsafe-inline' https://cdn.eye-able.com https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' blob: data: https://www.googletagmanager.com https://viewer.babylonjs.com https://*.googleapis.com https://maps.gstatic.com/ https://imgsct.cookiebot.com data: https://cdn.eye-able.com; object-src 'self' data:; frame-src 'self' mailto: tel: *.youtube.com *.youtube-nocookie.com https://www.google.com https://consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://cdn.babylonjs.com https://cdn.eye-able.com/ https://*.googleapis.com https://www.google.com https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com ; connect-src 'self' https://*.google-analytics.com https://consent.cookiebot.com https://viewer.babylonjs.com https://*.googleapis.com https://cdn.eye-able.com https://consentcdn.cookiebot.com; font-src 'self' https://fonts.gstatic.com data:; 1 frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1 default-src 'unsafe-inline' 'self' data: image/* https://google.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://*.gstatic.com https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://*.quantserve.com https://*.quantcount.com https://measurement-api.criteo.com https://bat.bing.com https://*.clarity.ms https://use.fontawesome.com https://player.vimeo.com https://extend.vimeocdn.com https://my.matterport.com https://*.onetrust.com https://cdn.cookielaw.org https://bam.nr-data.net https://web-sandbox.pypestream.com https://*.pype.tech https://*.launchdarkly.com https://cdn.jsdelivr.net https://*.typekit.net https://*.facebook.com https://connect.facebook.net https://*.tiktok.com https://*.linkedin.com https://*.redditstatic.com https://*.reddit.com ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com https://*.googlesyndication.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://*.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com https://*.criteo.com https://*.criteo.net https://bat.bing.com https://*.clarity.ms/ https://use.fontawesome.com https://*.vimeo.com https://*.vimeocdn.com https://static.cloudflareinsights.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://web-sandbox.pypestream.com https://*.pype.tech https://*.pypest https://web.pypestream.com https://*.facebook.net https://business-api.tiktok.com/ https://analytics.tiktok.com/ https://snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.redditstatic.com https://*.www.redditstatic.com https://*.reddit.com ; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://www.googletagmanager.com/ https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com https://www.google.com; upgrade-insecure-requests 1 default-src 'self'; frame-src 'self' https://challenges.cloudflare.com/ *.reciteme.com https://secure.livechatinc.com *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com/ *.reciteme.com https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com https://api.livechatinc.com https://cdn.livechatinc.com *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' *.reciteme.com https://cdn.livechatinc.com *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reciteme.com *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: *.reciteme.com p.typekit.net; object-src 'self' blob:; connect-src 'self' *.reciteme.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' *.reciteme.com https://static.zdassets.com https://api.reciteme.com 1 base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.googletagmanager.com https://td.doubleclick.net;img-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32 https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acuteintuitive52.com https://cdn.cookielaw.org https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1 base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-mduDXA4/pLKTjNrx6gL6sLUA' 'nonce-KLiePG03N2S9A7iZA3YDn6Dz' 'nonce-KHulrAsqjf2v47UR3ohwrC4F' 'nonce-P4yVgn4ycuUUN1YXD5rTF3LK' 'nonce-1NbJwtVONWBqqoBYKSLypkCJ' 'nonce-riD2p//N3PkeaM+4oSCG1N1C' 'nonce-htKv7nvDesPPtrPTGx9ey+Ac' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1 frame-ancestors 'self' *.tracegains.com *.tracegains.net tracegains.net;base-uri 'self';object-src 'none';media-src 'self';worker-src 'none'; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.youtube.com/ https://www.facebook.com/ https://www.google.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://games.tactic.net/; img-src 'self' data: blob: https://games.tactic.net https://tactic.net https://img.youtube.com http://dev.tactic.net/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net; object-src 'self' data: blob: https://*.youtube.com/ https://www.recaptcha.net/ https://www.google.com/ https://games.tactic.net/; frame-src 'self' data: blob: https://*.youtube.com/ https://www.recaptcha.net/ https://www.google.com/ https://games.tactic.net/; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1 base-uri 'none'; frame-ancestors 'self' 1 default-src 'self' *.optimizely.com wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1 allow 'self'; frame-ancestors dev.togostanza.org 1 base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-ylbERV71Ax1mrslR3BhSiw=='; report-uri https://sentry.jobijoba.io/api/10/security/?sentry_key=f7fdb7ea43674b0889145b92f6d6811e 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://mailworx.marketingsuite.info/Scripts/Captcha https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu https://code.jquery.com https://cdnjs.cloudflare.com https://mailworx.marketingsuite.info/Scripts/Captcha https://bot.insertchatgpt.com/widgets/ https://bot.insertchat.com/ https://app.insertchatgpt.com/widgets/ https://app.insertchat.com/widgets/chatbot.js; object-src 'self'; media-src 'self' https://www.youtube.com 'self' https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha https://bot.insertchat.com https://www.youtube-nocookie.com; child-src 'self' https://www.youtube.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none'; script-src 'self' https://code.jquery.com https://www.google-analytics.com; img-src ' self 'https://www.google-analytics.com; connect-src' self '; font-src' self '; style-src' self '; 1 default-src 'self'; base-uri 'self'; connect-src 'self' https: http: https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.facebook.com https://*.fbcdn.net https://*.leeloo.ai https://widgets.binotel.com https://*.binotel.com https://www.youtube.com https://s.ytimg.com https://a.plerdy.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.google.com https://www.gstatic.com https://connect.facebook.net https://*.facebook.com https://*.leeloo.ai https://widgets.binotel.com https://*.binotel.com https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: blob: https: https://i.ytimg.com https://s.ytimg.com https://a.plerdy.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.facebook.com https://*.fbcdn.net https://*.leeloo.ai https://widgets.binotel.com https://*.binotel.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.youtube.com https://*.youtube.com https://s.ytimg.com https://a.plerdy.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://s.ytimg.com https://widgets.binotel.com https://*.binotel.com 1 default-src 'self'; object-src 'self' https://pts.bigsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.bigsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.bigsim.de https://livechat.bigsim.de https://umfrage.bigsim.de https://pts.bigsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.bigsim.de https://livechat.bigsim.de wss://livechat.bigsim.de https://livechat.bigsim.de https://stats.bigsim.de https://imagepool.bigsim.de https://pts.bigsim.de https://analytics.tiktok.com https://umfrage.bigsim.de; script-src 'strict-dynamic' 'nonce-bc87ae7b16eaba77b1713a70017e20a3' 'nonce-00d8918606bbd0e8a202861bdc8e405f' 'nonce-16caa6931db35a82cf08277ed088a9d1' 'nonce-e05212a8bea2551102442d5fea30aed4' 'nonce-b97f09ac36adb02e09413b4c69bccb16' 'nonce-fb3fa9aae9a8dfae8377a7bbb1c160f9' 'nonce-c555a08ce67755b19398a6dcde15ddd4' 'nonce-7ccfaa87f1b3f24997f360578bf05818' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.bigsim.de https://umfrage.bigsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-bc87ae7b16eaba77b1713a70017e20a3' 'nonce-00d8918606bbd0e8a202861bdc8e405f' 'nonce-16caa6931db35a82cf08277ed088a9d1' 'nonce-e05212a8bea2551102442d5fea30aed4' 'nonce-b97f09ac36adb02e09413b4c69bccb16' 'nonce-fb3fa9aae9a8dfae8377a7bbb1c160f9' 'nonce-c555a08ce67755b19398a6dcde15ddd4' 'nonce-7ccfaa87f1b3f24997f360578bf05818' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.linkedin.com https://px.ads.linkedin.com https://imgsct.cookiebot.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://www.google.de data: https://*.hsforms.com https://26981824.fs1.hubspotusercontent-eu1.net; object-src 'self' data:; frame-src 'self' *.googletagmanager.com *.youtube.com *.youtube-nocookie.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://www.krone-trailer.com https://publish.flyeralarm.digital https://*.hsforms.com https://www.google.com https://js-eu1.hsforms.net/ https://google.com/; script-src 'self' 'unsafe-inline' https://snap.licdn.com https://connect.facebook.net https://www.googleadservices.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js-eu1.hsforms.net https://www.google.com https://www.gstatic.com https://google.com https://recaptcha.net; connect-src 'self' https://www.google.de https://consent.cookiebot.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://consentcdn.cookiebot.com https://*.hsforms.com https://*.amazonaws.com https://www.googleadservices.com ; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' https://web296.cybob-one.com https://www.krone-group.com https://krone-group.com; 1 default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee arensburg.ee www.iaa.ie kliimaministeerium.ee konkurents.ee laaneharju.ee images.marinetraffic.com www.konkurents.ee www.google.com.af www.lngconference.eu www.upf-group.dk www.cruiseeurope.com tentea.ec.europa.eu www.google.as www.google.com.et www.google.cf www.google.com.tj www.google.com.om www.google.co.ck www.google.co.zm kit.fontawesome.com ka-p.fontawesome.com sc.lfeeder.com tr.lfeeder.com; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1 base-uri 'none'; default-src 'self'; child-src https://www.youtube.com https://skk.erecruiter.pl https://heyzine.com https://*.heyzine.com https://*.google.com https://www.googletagmanager.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src 'self' https://skk.erecruiter.pl https://*.seznam.cz https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com https://*.gstatic.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com https://*.gstatic.com https://skk.erecruiter.pl https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com ttps://skk.erecruiter.pl 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.un.org; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com cdn.jsdelivr.net *.un.org; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' *.google-analytics.com *.google.it *.googletagmanager.com data:;; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com *.un.org unitednations.sharepoint.com cdnapisec.kaltura.com; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com unitednations.sharepoint.com cdnapisec.kaltura.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' *.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1 default-src 'self' *.pinimg.com *.pinterest.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;font-src 'self' data: fonts.gstatic.com *.zbozi.cz *.cj.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.clarity.ms *.smartlook.cloud *.smartlook.com *.tiktok.com *.permutive.com *.teads.tv *.prmutv.co *.adnxs.com *.gjirafa.tech *.gjirafa.net *.mczbf.com *.sjwoe.com *.zbozi.cz *.foxentry.cz *.bing.com *.apple.com apple.com iplatebnibrana.csob.cz api.ipify.org *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googlesyndication.com www.googletagmanager.com h.seznam.cz c.seznam.cz https://bat.bing.net https://analytics-ipv6.tiktokw.us eshops-uet-tags.ams3.cdn.digitaloceanspaces.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.facebook.net *.imedia.cz *.gstatic.com *.heureka.cz *.heureka.sk *.hotjar.com *.adform.net *.teads.tv *.clarity.ms *.smartlook.cloud *.smartlook.com *.etargetnet.com *.tiktok.com *.permutive.com *.gjirafa.net *.doubleclick.net *.mczbf.com *.zbozi.cz *.seznam.cz *.cj.com https://glamipixel.com *.foxentry.cz *.foxentry.com *.bing.com *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googleadservices.com *.glami.cz *.glami.sk cdn.heureka.group *.licdn.com *.linkedin.com im9.cz *.seznam.cz *.zbozi.cz *.googlesyndication.com https://www.googletagmanager.com https://tags.creativecdn.com;form-action 'self' *.facebook.com *.facebook.net ;frame-src 'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz www.googletagmanager.com;worker-src 'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz www.googletagmanager.com;frame-ancestors 'self' ;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.facebook.com *.imedia.cz im9.cz *.teads.tv *.seznam.cz *.clarity.ms *.adnxs.com www.zasilkovna.cz www.zasielkovna.sk *.packeta.com *.bing.com *.fg.cz *.zbozi.cz *.mczbf.com *.kdukvh.com *.emjcd.com *.dotomi.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.glami.cz *.glami.sk *.heureka.cz *.heureka.sk www.googletagmanager.com https://bat.bing.net https://analytics-ipv6.tiktokw.us https://server.seadform.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.gstatic.com www.googletagmanager.com *.zbozi.cz *.cj.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;object-src 'self' 1 font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1 base-uri 'self'; default-src 'none'; child-src 'self'; connect-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://vic.verzekeringsinzicht.nl https://cloud.langfuse.com https://verzekeringsinzicht.nl; font-src https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/ data:; form-action 'self' https://*.verzekeringsinzicht.nl; frame-ancestors 'self'; img-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/ https://verzekeringsinzicht.nl/images/ https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/favicon.ico data:; object-src 'none'; script-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/javascript/ https://verzekeringsinzicht.nl/vendor/ 'nonce-d8U/F8XPBfDnDCaqf5vwlmiO'; style-src https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/vendor/ 'nonce-d8U/F8XPBfDnDCaqf5vwlmiO'; upgrade-insecure-requests 1 frame-ancestors 'self' webshop.ufp.at 1 font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.productreview.com.au https://fonts.yieldify-production.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com https://sdk.giftflick.com.au https://libraries.unbxdapi.com https://cdn.jsdelivr.net https://static.klaviyo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://ib.adnxs.com https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.eventbrite.com.au https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://bat.bing.com https://sdk.giftflick.com.au https://www.clarity.ms https://googleads.g.doubleclick.net https://cdn.taboola.com https://trc.taboola.com https://wave.outbrain.com https://secure.quantserve.com https://rules.quantcount.com *.retargeted.co https://wisepops.net https://cdn.wisepops.com https://cdn.wisepops.net https://app.getwisp.co https://loader.wisepops.com https://script.crazyegg.com https://ct.pinterest.com https://libraries.unbxdapi.com https://search.unbxdapi.com *.amazonaws.com https://gateway.pmnts.io https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://static.elfsight.com https://cdn.pmnts.io https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://cdn.jsdelivr.net https://code.jquery.com; default-src 'self' https://images.wineselectors.com.au https://vars.hotjar.com https://www.google.com https://www.facebook.com https://notifications.wisepops.com https://wisepops.net; connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://c.flx1.com wss://ws1.hotjar.com https://bacon.section.io https://in.hotjar.com https://www.facebook.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://tr.outbrain.com https://stats.g.doubleclick.net https://t.clarity.ms https://cds.taboola.com https://pips.taboola.com https://maps.googleapis.com *.retargeted.co https://cdn.giftflick.com.au/ https://wisepops.net https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://search.unbxd.io https://www.pinterest.com https://*.unbxd.io https://*.s3.amazonaws.com https://tracking.popsplot.com.au https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://www.google.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://centinelapistag.cardinalcommerce.com https://writer.cardinalcommerce.com https://core.service.elfsight.com https://widget-data.service.elfsight.com https://gateway.pmnts.io https://centinelapi.cardinalcommerce.com https://*.execute-api.us-east-1.amazonaws.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://a.klaviyo.com https://*.cloudfront.net https://pixel.quantserve.com https://cdn.productreview.com.au https://wineselectors.ipscape.com.au https://www.googleadservices.com https://js.go2sdk.com https://cdn.jsdelivr.net https://static-forms.klaviyo.com https://fast.a.klaviyo.com; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au https://phosphor.utils.elfsightcdn.com; object-src 'self' https://images.wineselectors.com.au; child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://www.instagram.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://www.google.com.au https://wineselectors.ipscape.com.au https://www.ojrq.net https://tracking.gopsjump.com.au https://*.yieldify.com https://ct.pinterest.com https://ct.pinterest.com https://td.doubleclick.net https://cdn.taboola.com https://wisepops.net https://tracking.popsplot.com.au https://www.googletagmanager.com https://geostag.cardinalcommerce.com https://*.elf.site/ https://geo.cardinalcommerce.com https://www.rsa3dsauth.co.uk https://centinelapi.cardinalcommerce.com https://mycardsecure.com https://secure7.arcot.com https://authentication.cardinalcommerce.com; frame-src * 1 worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1 default-src 'self' https://constructor.app; object-src 'none'; frame-ancestors https://constructor.app; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src 'self' data:; frame-ancestors 'self'; img-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; frame-src 'self' data: blob:; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://ep2.adtrafficquality.google/ https://www.instagram.com/; img-src 'self' data: blob: https://*.fna.fbcdn.net/ https://*.fbcdn.net/ https://ep1.adtrafficquality.google/ https://s.w.org/ https://www.sportfiskarna.se/; object-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://sverigesradio.se/ https://www.sverigesradio.se/ https://www.instagram.com/ https://open.spotify.com/ https://www.facebook.com/ https://www.podbean.com/ https://accounts.google.com/ https://*.fbcdn.net/; frame-src 'self' data: blob: https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://sverigesradio.se/ https://www.sverigesradio.se/ https://www.instagram.com/ https://open.spotify.com/ https://www.facebook.com/ https://www.podbean.com/ https://accounts.google.com/ https://*.fbcdn.net/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1 base-uri 'none';child-src 'none';connect-src 'self' nusantaradev.chakra.uno nusantara.chakra.uno be-chilgo-prenagen-dev-d33dgvhu5a-as.a.run.app articlecommunityapi.chakra.uno storage.googleapis.com fastly.jsdelivr.net *.facebook.com www.google-analytics.com revamp-loyalty-bff-wcjse4tjjq-et.a.run.app nusantara.chakrarewards.com analytics.google.com unpkg.com https://*.g.doubleclick.net revamp-loyalty-bff-dev-chdcaf35ya-et.a.run.app be-chilgo-prenagen-dev-chdcaf35ya-et.a.run.app revamp-loyalty-bff-dev-12772865132.asia-southeast2.run.app be-chilgo-prenagen-dev-12772865132.asia-southeast2.run.app analytics.tiktok.com www.google.com www.googleadservices.com www.google.co.id www.googletagmanager.com https://*.useinsider.com https://*.api.useinsider.com https://hb-s3-media-stg.s3.ap-southeast-3.amazonaws.com https://hb-s3-media-prod.s3.ap-southeast-3.amazonaws.com https://analytics-ipv6.tiktokw.us https://cdn.jsdelivr.net wss://*.useinsider.com ws: webpack://*;default-src 'self';font-src 'self' fonts.gstatic.com *.useinsider.com *.api.useinsider.com;form-action 'self';frame-ancestors https://loyalty-teman-prenagen-dev-chdcaf35ya-et.a.run.app https://loyalty-web-chilgo-dev-chdcaf35ya-et.a.run.app https://blackmores-rewards-club-dev-chdcaf35ya-et.a.run.app https://loyalty-kecc-dev-chdcaf35ya-et.a.run.app https://loyalty-entrasol-dev-chdcaf35ya-et.a.run.app https://entrasol2021.dev.rollingglory.com *.prenagen.com https://www.chilgorewardsclub.com https://loyalty.blackmores.co.id https://www.blackmores.co.id https://loyalty.sahabatkecc.com https://sahabatkecc.com https://loyalty.entrasol.com https://kpoin.entrasol.com https://entrasol.com https://www.entrasol.com https://kecc.kalbe.co.id https://kalbe.co.id https://www.kalbe.co.id https://kecc.klikdokter.com https://klikdokter.com https://www.klikdokter.com https://loyalty.morinagaweb.by.rollingglory.com https://morinagaweb.by.rollingglory.com https://loyalty.morinaga.id https://kpoin.morinaga.id https://morinaga.id;frame-src *;img-src 'self' * data: blob:;manifest-src 'self';media-src 'self' * data:;object-src 'self' 'unsafe-inline' *.useinsider.com *.api.useinsider.com;script-src 'self' www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com *.facebook.com connect.facebook.net tinyurl.com cdn.tiny.cloud assets.adobedtm.com analytics.tiktok.com www.googleadservices.com www.google.co.id *.useinsider.com *.api.useinsider.com *.youtube.com https://cdn.jsdelivr.net https://*.g.doubleclick.net 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval';style-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net tinyurl.com www.gstatic.com www.googletagmanager.com cdn.tiny.cloud *.useinsider.com *.api.useinsider.com 'unsafe-inline';worker-src 'self' * data: blob:; 1 font-src 'self' data: https://fonts.gstatic.com https://fonts.mailerlite.com https://assets.mlcdn.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/ https://landing.mailerlite.com https://p2p-loans.paysera.com https://p2p-loans.paysera-staging.net; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com https://track.mailerlite.com https://assets.mlcdn.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline' https://*.mailerlite.com https://assets.mlcdn.com; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline' https://static.mailerlite.com https://fonts.mailerlite.com https://assets.mlcdn.com; report-uri /v2/csp-violations/report 1 child-src 'unsafe-inline' self; connect-src 'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io https: ; default-src self; font-src 'unsafe-inline' self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com https: *.gstatic.com ; frame-src 'unsafe-inline' self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com https: *.youtube.com *.vimeo.com ; img-src 'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com https: *.gravatar.com *.wordpress.org s.w.org ; media-src s.w.org; script-src 'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com https: *.googleapis.com *.gstatic.com ; script-src-elem 'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io https: *.googleapis.com *.gstatic.com ; style-src 'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com https: *.googleapis.com ; style-src-elem 'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com https: *.googleapis.com ; style-src-attr 'unsafe-inline' ; worker-src 'unsafe-inline' blob:; 1 default-src 'self' data:; script-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com; object-src 'none'; connect-src 'self' *.google-analytics.com *.doubleclick.net; img-src 'self' data: *.google-analytics.com *.google.com *.google.com.* *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com; media-src *;base-uri 'self';form-action 'self';frame-ancestors 'self'; frame-src 'self' *.google.com; font-src 'self' *.googleapis.com *.gstatic.com *.google.com; 1 default-src 'self'; object-src 'none'; frame-ancestors 'self' https://www.okioki.app https://okioki.app https://accountants.okioki.app ; base-uri 'self'; script-src 'self' https://js.stripe.com https://app.productfruits.com https://www.okioki.app https://okioki.app https://accountants.okioki.app https://www.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com 'nonce-zOQB5hdoiSfJ2gfbRyV3BbQtXy+rqAd6y7bjtp36niE=' 'strict-dynamic' ; style-src 'self' https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://app.productfruits.com/static/ https://www.okioki.app https://okioki.app https://accountants.okioki.app 'nonce-zOQB5hdoiSfJ2gfbRyV3BbQtXy+rqAd6y7bjtp36niE=' ; img-src 'self' blob: data: https://www.okioki.app https://okioki.app https://accountants.okioki.app https://okiokiproductionstorage.blob.core.windows.net/ https://cdn-assets.productfruits.com https://www.google.com/ccm/collect ; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://www.okioki.app https://okioki.app https://accountants.okioki.app ; connect-src 'self' https://api.stripe.com https://js.monitor.azure.com https://dc.services.visualstudio.com/v2/track https://app.productfruits.com wss://ws2.productfruits.com https://www.google-analytics.com https://www.okioki.app https://okioki.app https://accountants.okioki.app https://account.okioki.app https://okiokiproductionstorage.blob.core.windows.net/ https://clickstream.productfruits.com https://region1.google-analytics.com https://region2.google-analytics.com https://region3.google-analytics.com https://www.google.com/ccm/collect ; frame-src https://js.stripe.com https://hooks.stripe.com https://www.okioki.app https://okioki.app https://accountants.okioki.app https://www.youtube.com ; worker-src 'self' blob: https://www.okioki.app https://okioki.app https://accountants.okioki.app ; upgrade-insecure-requests; 1 block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com https://scontent.cdninstagram.com https://*.cdninstagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tag.aticdn.net 1 frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1 urbanohio.com 1 default-src https://www.pitmodule.de http://www.pitmodule.de https://counter.pitmodule.de https://www.pitcom-webanalyse.de img-src 'self' data:; 1 script-src 'self'; 1 frame-ancestors 'self' https://uchicagomedicineadventhealth.org https://*.uchicagomedicineadventhealth.org; object-src 'none'; base-uri 'none' 1 default-src 'self'; connect-src 'self' https://webgate.ec.europa.eu https://intracomm.ec.europa.eu https://intragate.ec.europa.eu https://webgate.ec.testa.eu https://ecas.ec.europa.eu https://ecas.cc.cec.eu.int:7002 https://www.cc.cec https://ecas.ec.testa.eu; font-src 'self'; frame-ancestors 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; img-src https:; manifest-src 'none'; media-src 'self'; object-src 'self'; script-src 'self'; style-src 'self'; block-all-mixed-content; 1 base-uri 'none';child-src 'none';connect-src 'self' ws://localhost:42187/ https://www.youtube.com/ https://apiportalpaciente.grupohla.com/ https://api.grupohla.com https://upload.wikimedia.org https://flagcdn.com https://fonts.gstatic.com https://staging-hlacms.kinsta.cloud https://hlacms.kinsta.cloud https://restcountries.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://o170707.ingest.sentry.io https://www.google.co.ve data:;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'none';frame-src 'self' https://www.youtube.com/ https://td.doubleclick.net/;img-src 'self' https://upload.wikimedia.org https://api.grupohla.com https://i.ytimg.com https://flagcdn.com https://staging-hlacms.kinsta.cloud https://hlacms.kinsta.cloud https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.ve https://maps.googleapis.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-eval' https://maps.googleapis.com https://www.googletagmanager.com 'sha256-oq8dfSyuEQI2Ztvy8gmTPftpZ795aO8ZIUeCjeOT61w=' 'sha256-rCrKJCTfeum4GGLI5ruU7/2mwEyl4EPl3ydZ6Fd89R4=' 'sha256-eiXcqgswe0MtmkqaOQG3mQyiNJ3LbnUSmVmmMiLjNho=' 'sha256-W5ST9YaLeTJuxyFu3tg6K4exjVUdnBm2fBcFBsSw6SA=' 'sha256-Ia7Ry4CRrNt8QF6XTuuz5eylnih7pWwewqkie7EU0bU=' 'sha256-3QKAf+EDy4yTPW81FymVKf7ROOLSd1xaDmL2AIx/H2I=' 'sha256-3fCUSFKlIOw6RCtZp/pi8EYaxWrNeyPPCRqPVPCdpDc=' https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com http://www.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;worker-src 'self'; 1 frame-ancestors 'self' https://*.lovevite.com 1 default-src 'self'; connect-src 'self' wss: *; font-src 'self' fonts.gstatic.com use.fontawesome.com webshop.abahn.net ccchat.estpak.ee embed.tawk.to data:; img-src blob: data: http: https: 'self'; script-src 'self' cdn.modera.org *.salesfront.eu modera-serverless-microservices-assets.s3.eu-north-1.amazonaws.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.youtube.com www.gstatic.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com static.zdassets.com cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com ajax.googleapis.com maps.googleapis.com maps.google.com webshop.abahn.net banners.adnetmedia.lt mediabrands.containers.piwik.pro services.digitalmatter.ai scdn.cxense.com id.cxense.com track.adform.net s2.adform.net static.hotjar.com script.hotjar.com cdn.visitor.chat ccchat.estpak.ee snap.licdn.com cdn-cookieyes.com analytics.tiktok.com pagead2.googlesyndication.com embed.tawk.to plausible.io www.redditstatic.com delfilt.adocean.pl gateway.aveotech.com embeds.iubenda.com www.iubenda.com cdn.iubenda.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' cdn.modera.org *.salesfront.eu fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net webshop.abahn.net use.fontawesome.com ccchat.estpak.ee embed.tawk.to embeds.iubenda.com www.iubenda.com cdn.iubenda.com 'unsafe-inline'; media-src http: https: 'self'; base-uri 'self'; object-src 'none'; frame-src http: https: 'self'; upgrade-insecure-requests; block-all-mixed-content 1 default-src data: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.here.com https://vawidget.dhl.com;style-src 'self' 'unsafe-inline' ;object-src 'self' blob:;img-src 'self' data: blob:;connect-src blob: 'self' https://*.here.com https://vawidget.dhl.com https://vawidget-eu.dhl.com;frame-src https://vawidget.dhl.com;worker-src blob: 1 default-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.gstatic.com https://*.google.com/ https://*.google.co.jp/ https://googleads.g.doubleclick.net https://*.googletagservices.com/ https://*.adtrafficquality.google/ ; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.gstatic.com https://*.google.com/ https://*.google.co.jp/ https://googleads.g.doubleclick.net https://*.googletagservices.com/ https://*.adtrafficquality.google/ data: blob: 1 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://api.ipify.org https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://*.claspo.io https://*.ads.linkedin.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com; frame-src 'self' * blob:; img-src 'self' 'unsafe-inline' data: https://haulotte.ephoto.fr https://maps.googleapis.com https://maps.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://*.ads.linkedin.com https://recruitingbypaycor.com https://www.google.fr https://www.google.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com https://static.addtoany.com https://code.jquery.com https://haulotte-dam.ephoto.fr https://*.googletagmanager.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://static.hotjar.com https://snap.licdn.com https://*.claspo.io https://recruitingbypaycor.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://storage.googleapis.com https://cdn.jsdelivr.net https://malsup.github.io https://static.cloudflareinsights.com https://telegram.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://netdna.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://www.gstatic.com https://netdna.bootstrapcdn.com data:; img-src 'self' data: https: blob:; media-src 'self' data: blob:; connect-src 'self' blob: https://api.pwagroup.ai wss://api.pwagroup.ai https://ads.pwagroup.ai https://preview.pwagroup.ai https://sentry.pwastage.xyz https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://malsup.github.io https://telegram.org https://oauth.telegram.org; worker-src 'self' blob:; manifest-src 'self'; frame-src https://telegram.org https://oauth.telegram.org https://preview.pwagroup.ai https://www.youtube.com; frame-ancestors 'self' https://dash.pwa.group https://preview.pwa.group https://*.pwa.group https://*.pwagroup.ai; base-uri 'self'; form-action 'self' https://preview.pwagroup.ai; object-src 'none'; upgrade-insecure-requests; report-uri https://dash.pwa.group/api/101/csp-report; 1 default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.beastcreditmonitoring.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com www.googleadservices.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.beastcreditmonitoring.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.beastcreditmonitoring.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com https://*.intercom-messenger.com wss://*.intercom-messenger.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net https://ajax.googleapis.com bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; \ script-src 'self' https://ssl.google-analytics.com; \ img-src 'self' https://ssl.google-analytics.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.datatables.net http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net https://www.googletagmanager.com https://glamipixel.com; img-src 'self' data: https://cdn.datatables.net https://glamipixel.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://glamipixel.com; 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1 default-src "self"; img-src *; media-src * data:; 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1 default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net https://cdn.chatbot.com widget.trustpilot.com www.dockx.be 'self' data.dockx.be; img-src * data:; manifest-src www.dockx.be 'self'; media-src www.dockx.be; script-src www.dockx.be 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://cdn.chatbot.com https://bat.bing.com https://s.ytimg.com/ https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://prism.app-us1.com https://trackcmp.net https://*.clarity.ms https://c.bing.com widget.trustpilot.com data.dockx.be https://cdn.popupsmart.com snap.licdn.com; style-src www.dockx.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com https://cdn.popupsmart.com; report-uri /nelmio/csp/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://msg-gets-ae-fn-av-prd.azurewebsites.net https://msggetsavaesaprd.blob.core.windows.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com; 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.spotify.com/ https://open.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://*.google.com https://*.google.be; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-4Dsgz1QHhcVHVg5TrK7sYQ=='; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; media-src 'self' https://reile.co.jp 1 default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com cdn.datatables.net export.highcharts.com *.highcharts.com www.google.com/recaptcha/api2/; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com *.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js cdnjs.cloudflare.com cdn.datatables.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1 frame-ancestors 'self' *.myhotelschool.nl ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; img-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; object-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; frame-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com https://api.infomaniak.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1 allow 'self'; font-src 'self'; media-src *; img-src * 'self'; script-src 'self' https://*.gravatar.com https://ajax.googleapis.com; https://*.google.com; style-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google https://*.googleapis.com https://*.gstatic.com https://www.gstatic.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://cdn.jsdelivr.net https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com https://*.gstatic.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.google.com https://*.google https:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://region2.google-analytics.com https://region3.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google https://*.gstatic.com https://www.gstatic.com https://*.doubleclick.net https://*.googlesyndication.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://*.fundingchoicesmessages.google.com https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google; frame-src 'self' https://www.googletagmanager.com https://*.google.com https://*.google https://*.goog https://*.doubleclick.net https://*.googlesyndication.com https://fundingchoicesmessages.google.com https://*.fundingchoicesmessages.google.com https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 1 allow 'self' *.onesignal.com; 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://ajax.googleapis.com/ https://cdn.datatables.net/; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://graph.facebook.com https://widgets.pinterest.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://www.linkedin.com https://api-public.addthis.com http://localhost https://player.vimeo.com https://www.njuskalo.hr; connect-src 'self' https://*.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://graph.facebook.com https://api-public.addthis.com http://localhost https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.njuskalo.hr; img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://graph.facebook.com https://widgets.pinterest.com https://maps.gstatic.com https://maps.google.com https://www.linkedin.com https://api-public.addthis.com https://player.vimeo.com https://www.njuskalo.hr; font-src 'self' https://fonts.gstatic.com https://www.njuskalo.hr; frame-src 'self' https://playe* 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1 X-Content-Security-Policy script-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://www.general-security.gov.lb 'unsafe-inline'; connect-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 1 default-src 'self' www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net service.force.com molcocarparts.my.salesforce-sites.com molcocarparts.my.salesforce.com molcocarparts.my.site.com molcocarparts.my.salesforce-scrt.com molcocarparts--accept.sandbox.my.site.com molcocarparts--accept.sandbox.my.salesforce-scrt.com *.salesforceliveagent.com www.google.com/recaptcha/api2/anchor *.mouseflow.com consentcdn.cookiebot.com pagead2.googlesyndication.com consent.cookiebot.com www.google.com/ccm/collect; font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com/bootstrap/3.1.1/fonts/ *.mouseflow.com; frame-src service.force.com 360.molco.nl www.google.com www.google.nl www.googletagmanager.com consentcdn.cookiebot.com molcocarparts.my.salesforce.com molcocarparts.my.site.com molcocarparts.my.salesforce-scrt.com molcocarparts--accept.sandbox.my.site.com molcocarparts--accept.sandbox.my.salesforce-scrt.com; img-src 'self' data: *.google-analytics.com www.google.com www.google.nl www.googletagmanager.com *.mouseflow.com 360.molco.nl imgsct.cookiebot.com bogijn.nl/ webshop.molco.nl/; script-src 'self' 'strict-dynamic' www.googletagmanager.com www.google-analytics.com www.googleoptimize.com az416426.vo.msecnd.net ajax.googleapis.com/ajax/libs/angularjs/1.5.9/angular.min.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ *.salesforceliveagent.com molcocarparts.my.salesforce.com molcocarparts.my.site.com molcocarparts.my.salesforce-scrt.com molcocarparts.my.salesforce-sites.com molcocarparts--accept.sandbox.my.site.com molcocarparts--accept.sandbox.my.salesforce-scrt.com *.static.lightning.force.com service.force.com *.mouseflow.com consent.cookiebot.com consentcdn.cookiebot.com info.bogijn.nl/ info.molco.nl/ 'unsafe-inline' 'nonce-GKLWu50hedH3l/9Wmk2HsA=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css molcocarparts.my.salesforce-sites.com molcocarparts.my.salesforce.com molcocarparts.my.salesforce-scrt.com molcocarparts.my.site.com molcocarparts--accept.sandbox.my.site.com molcocarparts--accept.sandbox.my.salesforce-scrt.com service.force.com; report-uri /nelmio/csp/report 1 object-src 'self'; connect-src https://*; style-src 'self' https://* 'unsafe-inline'; media-src 'self'; worker-src 'self'; frame-src https://*; report-uri https://*; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://maps.googleapis.com/ https://www.google.com https://www.gstatic.com https://connect.facebook.net/ https://maps.googleapis.com/; font-src 'self' https://*; img-src 'self' https://* data: ; child-src 'none'; manifest-src 'self' 1 default-src 'self' data:;font-src 'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src 'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com *.seznam.cz *.clarity.ms *.facebook.com *.googlesyndication.com googletagmanager.com *.csob.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com *.clarity.ms *.googlesyndication.com *.csob.cz;form-action 'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com *.fliphtml5.com *.csob.cz;worker-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net www.googletagmanager.com *.fliphtml5.com *.csob.cz;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk *.leady.com *.clarity.ms *.bing.com *.googlesyndication.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz www.googletagmanager.com;object-src 'self' 1 script-src 'self' blob: maps.googleapis.com cdn.knightlab.com ajax.googleapis.com consent.cookiefirst.com kit.fontawesome.com www.googletagmanager.com cdn.jsdelivr.net cdn.plyr.io 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 1 connect-src 'self' https://*.e-spirit.hosting wss://*.e-spirit.hosting https://*.paypal.com wss://*.paypal.com wss://*.upscope.io https://*.upscope.io https://sjmvgfnyja.execute-api.us-west-2.amazonaws.com https://mig-prod-connect-p-storg-bkt.s3.us-west-2.amazonaws.com https://d1lz30fckg5qs2.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://*.transport.connect.us-west-2.amazonaws.com https://analytics.google.com https://www.google.com https://www.google-analytics.com https://google.com https://googleads.g.doubleclick.net https://forms.hscollectedforms.net https://stats.g.doubleclick.net https://*.cloudfront.net https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://*.bc0a.com wss://*.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com https://*.segment.com https://*.segment.io https://*.px-cdn.net https://*.pxchk.net https://*.px-cloud.net https://*.mercuryinsurance.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inphota.com kit.fontawesome.com *.googletagmanager.com tagmanager.google.com consent-manager.metomic.io consent-manager.confirmic.com platform.twitter.com syndication.twitter.com static.ads-twitter.com cdn.syndication.twimg.com analytics.twitter.com analytics.google.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com www.googleadservices.com www.google.com www.google.ae https://www.gstatic.com/recaptcha/ connect.facebook.net aff.bstatic.com *.algolianet.com *.algolia.net ; report-uri https://www.inphota.com/en/security/csp-report; style-src 'self' 'unsafe-inline' *.inphota.com fonts.googleapis.com kit.fontawesome.com ka-f.fontawesome.com kit-free.fontawesome.com cdnjs.cloudflare.com translate.googleapis.com tagmanager.google.com fonts.googleapis.com fast.fonts.net ; img-src data: blob: *; font-src data: fonts.gstatic.com ka-f.fontawesome.com kit-free.fontawesome.com cdnjs.cloudflare.com fast.fonts.net; connect-src wss: *.inphota.com kit.fontawesome.com ka-f.fontawesome.com www.google-analytics.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.analytics.google.com *.googletagmanager.com api.rollbar.com *.inphota.com *.facebook.com *.algolia.net *.algolianet.com apipub.metomic.io apipub.confirmic.com cdn.plot.ly translate.googleapis.com t.co ; frame-src self *.inphota.com www.facebook.com www.booking.com https://www.google.com/recaptcha/ www.youtube.com veloviewer.com translate.google.com www.googletagmanager.com ; frame-ancestors 'self' *.inphota.com adsc.ae www.adsc.ae therakhalfmarathon.com www.therakhalfmarathon.com cyclechallenge.ae www.cyclechallenge.ae abudhabi.triathlon.org 1 default-src 'self' fonts.googleapis.com fonts.gstatic.com data:; block-all-mixed-content; connect-src 'self' https://region1.google-analytics.com/g/collect https://geolocation.onetrust.com/cookieconsentpub/ https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/logos/ https://www.google.com/recaptcha/api2/; frame-src 'self' https://www.youtube.com www.gstatic.com www.google.com; img-src 'self' data: https:; script-src 'self' https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://unpkg.com https://www.googletagmanager.com/gtag/js https://region1.google-analytics.com/g/collect https://cdn.cookielaw.org/ 'unsafe-inline' 'nonce-2ARqh9XyassEJewY8n0gfA=='; style-src 'unsafe-inline' 'self' fonts.googleapis.com fonts.gstatic.com; report-uri /nelmio/csp/report 1 default-src 'self' *.bhh.dev.init *.init.de *.init-ag.de *.bundeshaushalt.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.bhh.dev.init *.init-ag.de *.twitter.com *.twimg.com *.bundeshaushalt.de *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundeshaushalt.de *.bhh.dev.init *.init-ag.de *streamfarm.net http://multimedia.gsb.bund.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundeshaushalt.de *.bhh.dev.init *.init-ag.de *.bundesfinanzministerium.de; frame-ancestors 'self'; connect-src 'self' *.bhh.dev.init *.init.de *.init-ag.de *.bundeshaushalt.de; report-uri /site/servlet/csp-report; 1 default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://nhs.attendanywhere.com https://feeds.trac.jobs/ https://www.google-analytics.com *.google.com *.googleapis.com https://*.google.co.uk https://*.googletagmanager.com https://*.g.doubleclick.net 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://visitwroclaw.eu/dist/ https://visitwroclaw.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net/npm/lightbox2@2/dist/js/lightbox.min.js https://visitwroclaw.lama-media.com/; img-src 'self' data: blob: https://secure.gravatar.com/avatar/ https://app.allaccessible.org/ https://s.w.org/images/core/emoji/ https://visitwroclaw.eu/wp-content/themes/visitwroclaw/assets/ https://visitwroclaw.s3.eu-central-1.amazonaws.com/ https://visitwroclaw.lama-media.com/; object-src 'self' data: blob: https://visitwroclaw.lama-media.com/; frame-src 'self' data: blob: https://visitwroclaw.lama-media.com/; 1 frame-ancestors 'self' http://clients.pensoagency.com; upgrade-insecure-requests 1 default-src 'self'; script-src 'self'; connect-src 'self' 1 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de https://googleads.g.doubleclick.net; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com https://www.googletagmanager.com; connect-src 'self' *.commerce-connector.com https://pagead2.googlesyndication.com https://privacyportal-de.onetrust.com https://www.google.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com https://www.google.de https://www.googleadservices.com 1 default-src 'self'; connect-src 'self' wss: *; font-src 'self' fonts.gstatic.com use.fontawesome.com webshop.abahn.net ccchat.estpak.ee embed.tawk.to data:; img-src blob: data: http: https: 'self'; script-src 'self' cdn.modera.org *.salesfront.eu modera-serverless-microservices-assets.s3.eu-north-1.amazonaws.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.youtube.com www.gstatic.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com static.zdassets.com cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com ajax.googleapis.com maps.googleapis.com maps.google.com webshop.abahn.net banners.adnetmedia.lt mediabrands.containers.piwik.pro services.digitalmatter.ai scdn.cxense.com id.cxense.com track.adform.net s2.adform.net static.hotjar.com script.hotjar.com cdn.visitor.chat ccchat.estpak.ee snap.licdn.com cdn-cookieyes.com analytics.tiktok.com pagead2.googlesyndication.com embed.tawk.to plausible.io www.redditstatic.com delfilt.adocean.pl gateway.aveotech.com embeds.iubenda.com www.iubenda.com cdn.iubenda.com 'unsafe-inline' 'unsafe-eval' chat.askly.me; style-src data: 'self' cdn.modera.org *.salesfront.eu fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net webshop.abahn.net use.fontawesome.com ccchat.estpak.ee embed.tawk.to embeds.iubenda.com www.iubenda.com cdn.iubenda.com 'unsafe-inline'; media-src http: https: 'self'; base-uri 'self' chat.askly.me; object-src 'none'; frame-src http: https: 'self'; upgrade-insecure-requests; block-all-mixed-content 1 default-src 'self' *.google-analytics.com *.googletagmanager.com *.googlesyndication.com www.paypal.com consentcdn.cookiebot.com www.google.com region1.analytics.google.com *.skeepers.io *.apple.com apple-pay-gateway.apple.com; block-all-mixed-content; font-src 'self' data: *.googleapis.com *.gstatic.com *.fontawesome.com *.skeepers.io; frame-src 'self' *.youtube.com *.googletagmanager.com consentcdn.cookiebot.com *.google.com api-sogecommerce.societegenerale.eu www.paypal.com assets.braintreegateway.com c.paypal.com *.skeepers.io challenges.cloudflare.com *.apple.com applepay.cdn-apple.com; img-src 'self' data: facebook.com flickr.com imgsct.cookiebot.com unpkg.com api-sogecommerce.societegenerale.eu *.openstreetmap.org s3-us-west-2.amazonaws.com t.paypal.com www.paypal.com www.paypalobjects.com b.stats.paypal.com c.paypal.com lhr.paypal.com lhr.stats.paypal.com paypal.sylius.com *.skeepers.io; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com code.jquery.com cdn.jsdelivr.net consent.cookiebot.com *.googlesyndication.com *.google.com *.gstatic.com api-sogecommerce.societegenerale.eu www.paypal.com www.paypalobjects.com consentcdn.cookiebot.com *.skeepers.io challenges.cloudflare.com *.apple.com applepay.cdn-apple.com; style-src 'self' 'unsafe-inline' unpkg.com *.googleapis.com code.jquery.com api-sogecommerce.societegenerale.eu consentcdn.cookiebot.com *.skeepers.io 1 default-src 'self' https://youtube.com https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1 default-src 'self'; img-src 'self' 'unsafe-inline' https://colprodeupublicstorage.blob.core.windows.net:443 data: https://*.talogytech.com https://pdbrdgeu01sa001.blob.core.windows.net https://pdcmgteu01sa001.blob.core.windows.net https://pdrptgeu01sa001.blob.core.windows.net https://pdrptgeu01sa002.blob.core.windows.net https://pdcoreeu01cdnsa001.blob.core.windows.net; connect-src https://colprodeupublicstorage.blob.core.windows.net:443 https://dc.services.visualstudio.com 'self' https://*.cubiksconnect.com https://*.cubikstech.com https://ipinfo.io; frame-src 'self' https://colprodeupublicstorage.blob.core.windows.net:443 https://*.vzaar.com:443 https://*.dacast.com:443 https://www.google.com:443; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://colprodeupublicstorage.blob.core.windows.net:443 https://*.talogytech.com https://fonts.googleapis.com; script-src https://*.vzaar.com:443 https://*.dacast.com:443 https://*.vo.msecnd.net:443 https://colprodeupublicstorage.blob.core.windows.net:443 'self' https://dc.services.visualstudio.com 'unsafe-inline' 'unsafe-eval' https://www.google.com:443 https://www.gstatic.com:443; 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://o419240.ingest.sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com/ https://maps.googleapis.com https://maps.googleapis.com https://www.facebook.com/ cdn.datatables.net https://analytics.google.com/; font-src 'self' fonts.gstatic.com; frame-src https://www.youtube.com https://www.facebook.com https://web.facebook.com/ https://www.google.com/ https://youtube.com/ https://td.doubleclick.net/; img-src 'self' facebook.com flickr.com https://maps.gstatic.com/ https://maps.googleapis.com/ data: https://www.google.com https://www.google.rs https://i.ytimg.com https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' connect.facebook.net https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com 'nonce-6fjx3hMsuqmZxVHfFgzSYQ=='; style-src 'self' fonts.googleapis.com/css 'unsafe-inline' 1 default-src 'self' ;font-src *.hasicovo.cz 'self' data: fonts.gstatic.com ;connect-src *.hasicovo.cz 'self' *.google.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.facebook.net *.clarity.ms ;script-src *.hasicovo.cz 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.googletagmanager.com www.google-analytics.com *.facebook.net *.gstatic.com *.twitter.com *.clarity.ms *.googleadservices.com *.glami.cz *.licdn.com *.linkedin.com;form-action 'self' *.facebook.com *.facebook.net cesty.uniqa.cz www.rb.cz onb.rb.cz online.rsts.cz ;frame-src 'self' www.youtube.com *.youtube-nocookie.com *.facebook.com www.firesport.eu *.twitter.com player.vimeo.com www.google.com *.google.com *.firealarm.cz *.mapy.cz *.googletagmanager.com *.iplatba.cz *.essox.cz;worker-src 'self' www.youtube.com *.youtube-nocookie.com *.facebook.com www.firesport.eu *.twitter.com player.vimeo.com www.google.com *.google.com *.firealarm.cz *.mapy.cz *.googletagmanager.com *.iplatba.cz *.essox.cz;frame-ancestors 'self' www.staresmrkovice.cz www.krimi-plzen.cz ;img-src *.hasicovo.cz 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.facebook.com *.twitter.com *.ytimg.com *.facebook.net *.youtube.com *.clarity.ms *.bing.com *.glami.cz;style-src *.hasicovo.cz 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com ;object-src 'self' 1 default-src 'self'; img-src 'self' https: data:; script-src 'self' https://inaadress.maaamet.ee https://www.google.com https://www.gstatic.com ; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com blob:; 1 frame-src 'self' https://academic.ktbuniv.ac.in/ https://www.google.com/ https://www.youtube-nocookie.com/ https://www.youtube.com https://www.facebook.com/; img-src 'self' data:; connect-src 'self' https://www.google-analytics.com;child-src 'none'; object-src 'none' 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/glightbox/dist/css/glightbox.min.css https://cdn.jsdelivr.net/npm/glightbox/dist/js/glightbox.min.js https://mapy.com/* https://www.na-statku.cz/ https://corekit.oxyninja.com/ https://mapy.com/s/nusahetaro https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://web-sdk.smartlook.com https://chaterimo.fra1.digitaloceanspaces.com; img-src 'self' data: blob: https://www.na-statku.cz/ https://mapy.com/* https://corekit.oxyninja.com/ https://www.google.com https://www.gstatic.com https://web-sdk.smartlook.com https://fra1.digitaloceanspaces.com; object-src 'self' data: blob: https://www.na-statku.cz/ https://mapy.com/* https://www.google.com https://www.recaptcha.net https://web-sdk.smartlook.com; frame-src 'self' data: blob: https://www.na-statku.cz/ https://mapy.com/* https://www.google.com https://www.recaptcha.net https://web-sdk.smartlook.com; 1 default-src 'none'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://*.vimeo.com https://vimeo.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://*.youtube.com https://*.vimeocdn.com; img-src data: 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be https://*.ytimg.com https://i.vimeocdn.com/ https://www.facebook.com/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://snapchat.com https://*.snapchat.com https://*.google.com https://*.google.be https://fonts.gstatic.com https://www.googletagmanager.com https://*.vimeo.com https://vimeo.com; manifest-src 'self'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js https://getintouch.group/wa-link.js 'nonce-NoSBXnrw/errB4Mx304oEQ=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1 default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1 img-src * data: blob:; default-src 'self' blob: data: wss://*.transport.connect.eu-west-2.amazonaws.com https://*.amazonaws.com https://*.one.network https://ukwest-0.in.applicationinsights.azure.com https://ukwest-0.in.applicationinsights.azure.com/v2/track https://js.monitor.azure.com https://az416426.vo.msecnd.net https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com https://translate.googleapis.com https://siteimproveanalytics.com https://apps.parcelforce.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google.co.uk https://*.cloudfront.net https://*.paypal.com https://www.paypalobjects.com https://portal.roadworks.org https://api.reciteme.com https://cdn.reciteme.com https://events.reciteme.com https://api.tomtom.com https://www.youtube.com https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://dc.services.visualstudio.com https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com https://fonts.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://recaptcha.google.com https://www.recaptcha.net https://mdepayments.epdq.co.uk https://*.epdq.co.uk https://payments.cardstream.com/paymentform/ https://*.sandbox.my.site.com https://*.my.site.com https://*.sandbox.my.salesforce-scrt.com https://*.my.salesforce-scrt.com https://*.sandbox.vf.force.com https://*.vf.force.com https://*.sandbox.lightning.force.com https://*.lightning.force.com 'unsafe-inline' 'unsafe-eval'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1 default-src 'self';block-all-mixed-content ;connect-src 'self' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.zopim.com *.zdassets.com wss://* 'self' *.google-analytics.com goedapotheek.zendesk.com *.doubleclick.net *.zendesk.com *.hotjar.io *.hotjar.com *.googleapis.com https://cookiehub.net zendesk-eu.my.sentry.io www.google.be maps.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com https://analytics.goed.be pagead2.googlesyndication.com goed.containers.piwik.pro goed.piwik.pro tr.outbrain.com api-eu1.hubapi.com *.bing.com *.clarity.ms *.bing.net;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.zopim.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.zopim.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.be *.facebook.com secure.adnxs.com *.zendesk.com *.goed.be *.hotjar.com *.outbrain.com www.surplusgezondheid.be tr.outbrain.com www.blabla.be i.ytimg.com www.thuiszorgwinkel.be www.google.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net track-eu1.hubspot.com *.bing.com *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.zopim.com *.google-analytics.com *.google.com *.cookiehub.net static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com *.bing.com *.clarity.ms;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.cookiehub.net cookiehub.net;report-uri /csp/violation/report;frame-src www.youtube.com *.vimeo.com www.google.com clementineweb.azurewebsites.net *.jotform.com *.jotformeu.com optimize.google.com *.facebook.com *.actito.com *.hotjar.com *.testyourhearing.com www.goed.be www.yumpu.com form.jotformeu.com form.jotform.com submit.jotformeu.com mozbar.moz.com www3.actito.com loremipsum.io www.google.be www.hln.be eur03.safelinks.protection.outlook.com www.testyourhearing.com https://bid.g.doubleclick.net td.doubleclick.net https://my.3-dee.be/tour/goed https://share-eu1.hsforms.com www.googletagmanager.com email.goed.be;media-src static.zdassets.com *.goed.be www.goed.be;script-src-elem *.googleapis.com *.zopim.com *.zdassets.com data connect.facebook.net trk.adbutter.net *.hotjar.com *.googleoptimize.com *.cookiehub.net www.googleoptimize.com players.yumpu.com static.hotjar.com amplify.outbrain.com www.youtube.com tr.outbrain.com js-eu1.hs-scripts.com/145712486.js js-eu1.hs-analytics.net js-eu1.hsadspixel.net js-eu1.hs-banner.com 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.doubleclick.net *.cookiehub.eu *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.google.com static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com *.bing.com *.clarity.ms;style-src-elem fonts.googleapis.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline' *.google.com 1 frame-ancestors 'self' weleda.sabio.de 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com/ https://www.paypalobjects.com/ https://t.paypal.com/; img-src 'self' data: blob: https://www.paypalobjects.com/; object-src 'self' data: blob: https://www.google.com https://*.paypal.com/; frame-src 'self' data: blob: https://www.google.com https://*.paypal.com/; 1 script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self';form-action 'self';frame-ancestors 'self';block-all-mixed-content 1 frame-src https://www.youtube.com 'self'; child-src https://www.youtube.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'self';child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;connect-src 'self' *.amplitude.com *.analytics.google.com *.bing.net *.bing.com *.stream-io-api.com *.cloud.gist.build *.cloudinary.com *.cookieyes.com/ *.customer.io *.daily.co *.datocms-assets.com *.datocms.com *.doubleclick.net *.facebook.com *.facebook.net *.featuregates.org/ *.featureassets.org/ *.google-analytics.com *.googletagmanager.com *.googleoptimize.com *.google.com *.google.co.uk *.gstatic.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.ingest.de.sentry.io *.ingest.sentry.io *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.impct.site *.impactcdn.com *.linkedin.com/ *.mux.com *.productfruits.com https://productfruits.help *.pusher.com *.referralsaasquatch.com *.segment.com *.segment.io *.stripe.com *.ssqt.io *.onesignal.com onesignal.com *.statsigapi.net/ *.trustpilot.com *.vercel-analytics.com *.vercel-insights.com *.youtube.com *.ytimg.com *.typeform.com adservice.google.com analytics.google.com browser-intake-datadoghq.eu cdn-cookieyes.com cdn.linkedin data: embed.acuityscheduling.com featuregates.org/ featureassets.org/ google.com prodregistryv2.org open.spotify.com statsigapi.net/ *.gist.build vercel.live/ wss://*.daily.co wss://*.intercom.io wss://*.productfruits.com wss://*.pusher.com wss://ws.hotjar.com wss://*.stream-io-api.com;default-src 'self';font-src 'self' *.hotjar.com *.intercomcdn.com *.typekit.net data: fonts.gstatic.com vercel.live;form-action 'self' *.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io;frame-ancestors 'self' *.flown.com https://plugins-cdn.datocms.com;frame-src 'self' *.flown.com *.acuityscheduling.com *.daily.co *.doubleclick.net *.facebook.com *.gist.build *.googletagmanager.com *.gotolstoy.com *.hotjar.com *.productfruits.com *.spotify.com *.stripe.com *.trustpilot.com *.trustpilot.io *.typeform.com *.vercel *.vercel.app *.youtube.com copilot.as.me daily.flown.com intercom-sheets.com preview.daily.flown.com vercel.live blob://*;img-src 'self' *.ap-south-1.amazonaws.com *.bing.com *.googlesyndication.com *.cloudinary.com *.customer.io cdn-cookieyes.com *.facebook.com *.g.doubleclick.net *.getstream.io getstream.imgix.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googletagmanager.com fonts.gstatic.com *.intercomcdn.com *.intercomusercontent.com *.intercomassets.com *.linkedin.com *.onesignal.com *.productfruits.com *.ssqt.io *.tenor.com *.twitter.com *.vercel.com *.ytimg.com data: blob: t.co vercel.com www.datocms-assets.com;manifest-src 'self';media-src 'self' *.mux.com blob://* www.datocms-assets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;object-src 'none';script-src 'self' 'nonce-ZjNhODRkZTUtNjQ4MC00MjM0LWJhZTgtOWE3MGUyMzFkZGYz' 'sha256-+SoN4AYEO7MIojy8t+pMAZVDX7KhQzTQI+8i7LAo6HM=' 'sha256-111DY6ucUS2euDqh93ylFTnnaf+9aYuD3PJWCgYTn+w=' 'sha256-1QiKvWvaeuGeYkEbME0QclU2tCRDQDKlL0+XrFuFVmE=' 'sha256-4OZKYuOHAce0LSFazkaayEWT6JLiXt0Lgcre3+Sjuis' 'sha256-5hBVOyELPCqO/N8CikapnRXXhZz/HRHfgNRUZjqshG4=' 'sha256-BzHBoZ8xtfQm3LNTbReiluIPQRcxisgx2mdRNwpNHcU=' 'sha256-HNMk6SVD8tUFzYDasCBApUarqEuczJ8aXgX1n5N0p7Q=' 'sha256-I0qRwJzAAHaN1/K5UoQ0GuHLe7PtFhYYrrarj8PErRw=' 'sha256-IPgMRJYZUz8lznT1nRXD6HDFgXoVQQVY/3wT108wLLc=' 'sha256-L7S+VtFKJtIFUp0HP9li29GjkFAcQontRK8dW5uQsA8=' 'sha256-Y/Nm6FoRDI7eFQwN1V+6XqC4IbTg8tzyEPJSfNZBxME=' 'sha256-ccEm0GiYLjsbXK3KbKT4QFcC00OAoxtFYKLZSuMuo8k=' 'sha256-eJYOFA2XbEBxR3DHqvNKwdAh8lugXzY/fgrkbF2gzMo=' 'sha256-fApKFPeDHEwP3jIdVMBOuJMYDSkTooaFkD59Sp8RN0M=' 'sha256-grdef4AlM85kk/jkVX+XN4vPTxKfb/Kx7cURs8XZBDE=' 'sha256-l6DO/mJ8d7LuRBtvgk+eUTzCnCcJ6jXkDQ7iMTcjmmo=' 'sha256-tUnHUS+zXnbf2U7tp5cxVGi7KZn4YeMzH5kcUUtxnHc=' 'sha256-GEml+/1QhullJ26IDnspgB/ZHk6oHioZ+3IEZjF/lQM=' 'sha256-DhcNoYJ+4BdozHBpXwc2uzUlM1y2H1qworc7Y/0EBwo=' 'sha256-EgA3qdZo5t1vrnBfQB4YYtKnZ0j43PaUnZd90a4RYiU=' 'sha256-ylSwfDEamwBoNmPGoe40ma7y0SxPdtkxysEVLQnGNfw=' 'sha256-3s6LVAE1ivJpM/6p9skjGrYLK/vMgq5sJODz9qyTfVI=' 'sha256-pryN4nEG+LYnboZ3wF0veqfpVrFM0H+XQ+YTvEX+1OY=' 'sha256-nRZ2m8aLyL/zOcREdLeqnvVBWLjBmoW6X4ijuye3zII=' 'sha256-o/NUrrzAdIF261Ux8Sl/8YAa2JMZ52ZTHIAMPStxnHc=' 'sha256-dPSLi75gtxNyfA1e5E3/XwS7uNY0QZANNaXq9FI9PoY=' 'sha256-EyanOBIWBYxsGVsd3L53j7g8CVY26iBAKa3vX3vYTmI=' *.acuityscheduling.com/ *.ads-twitter.com *.amplitude.com *.bing.com *.cookieyes.com *.customer.io *.daily.co *.facebook.net *.gist.build/ *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.impactcdn.com *.intercom.io *.intercomcdn.com *.licdn.com/ *.onesignal.com *.productfruits.com *.segment.com *.stripe.com *.ssqt.io fast.ssqt.io *.trustpilot.com *.youtube.com accounts.google.com blob://* cdn-cookieyes.com embed.typeform.com onesignal.com vercel.live/ vitals.vercel-analytics.com vitals.vercel-insights.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com;style-src 'self' 'unsafe-inline' *.cookieyes.com *.intercom.io *.intercomcdn.com *.productfruits.com *.googletagmanager.com *.ssqt.io *.typeform.com cdn-cookieyes.com fonts.googleapis.com *.gstatic.com onesignal.com vercel.live;worker-src 'self' blob:;report-to default;report-uri https://flown-reports.uriports.com/reports/report; 1 default-src 'self'; script-src 'self' 'unsafe-inline' static.addtoany.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com cdn.matomo.cloud matomo.lmc.systems https://www.google.com https://platform.twitter.com https://www.gstatic.com https://cdn.ckeditor.com https://proxy-event.ckeditor.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' * data:; frame-src 'self' static.addtoany.com www.youtube.com https://www.google.com https://platform.twitter.com https://www.gstatic.com www.helloasso.com; font-src 'self' fonts.gstatic.com; connect-src 'self' matomo.lmc.systems; report-uri /report-csp-violation 1 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; form-action 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1 frame-ancestors https://*.buxfer.com https://*.wpstaging.com 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google.se *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com *.redditstatic.com *.doubleclick.net; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com *.reddit.com *.doubleclick.net *.googlesyndication.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com *.googletagmanager.com *.doubleclick.net *.issuu.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com *.reddit.com *.redditstatic.com *.google.se *.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors 'self' p.isdgroup.com 1 default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' blob: *.readspeaker.com http://multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 frame-ancestors https://www.tatasteel.online https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com test.tatasteeluk.com www.tatasteeluk.com https://ecmc05-d.tatasteel.online/nexus/ https://ecmc05-d.tatasteel.online https://ecmc05-t1.tatasteel.online/nexus/ https://ecmc05-t2.tatasteel.online/nexus/ https://ecmc05-pp.tatasteel.online/nexus/ https://www.tatasteeleurope.com/nexus/ https://ecmc05-t1.tatasteel.online/ https://ecmc05-acc.tatasteel.online/ https://ecmc05-t2.tatasteel.online/ https://ecmc05-pp.tatasteel.online/ nexustest.tatasteeluk.com dev.tatasteeluk.com nexus.tatasteeluk.com www.tatasteeleurope.com www.tatasteeleurope.com/nexus; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.googleapis.com youtube.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com *.doubleclick.net *.youtube.com cdn.jsdelivr.net unpkg.com lottie.host *.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.siteimprove.net *.curator.io *.google.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com curator-assets.b-cdn.net *.googletagmanager.com *.google.com.au *.google.com *.clarity.ms *.bing.com *.seqwater.com.au; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com *.google.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.siteimprove.com *.facebook.com td.doubleclick.net player.vimeo.com *.googletagmanager.com app.powerbi.com *.getwaterfit.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net *.siteimprove.com api.curator.io *.addthis.com *.pingdom.net maps.googleapis.com *.google.com *.googlesyndication.com *.googleadservices.com *.clarity.ms; report-uri /report-csp-violation 1 default-src 'self'; child-src blob:; connect-src 'self' data https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.googleadservices.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://js.zi-scripts.com https://analytics.inzynk.io https://collector4.leadinfo.net https://collector.leadinfo.net https://api.leadinfo.com https://ws.zoominfo.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; font-src 'self' data: data fonts.gstatic.com; frame-src https://*.youtube.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://prod1.solutions.webfg.ch https://*.google.com https://td.doubleclick.net https://www.coface.fr https://pwm-image.trendmicro.com https://edge.media-server.com; img-src 'self' data: data blob https://tr.line.me https://*.lfeeder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://*.hsforms.com https://*.hubspot.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; object-src 'none'; script-src 'self' blob 'sha256-r5XNBZKG5SuRALRop397WzCpL6A7PPnVeJHjxu4dYoM=' 'sha256-PvjejqLYd3NWAQbuI5ztPkrH0+NbIyvfHcohUy/cDgY=' 'sha256-ixt9cJSW7l/TjcAHQwIkthvmNXKVhbctw0KIBmfT3vI=' 'sha256-TBFB22YzPYBT6rIyeICABgKnf6AS2XlCon7PlKpqwx0=' 'sha256-Mdr7Elzu0r9o/uLCgHaqqkGF/Cjybl8xHE3xxAJOpvE=' 'sha256-Fac3ZJh9Y/mUcXMm30RrYwSt3wFvJ7dvzNvifF3wz9o=' 'sha256-j7hX0Eb40FknxDtJlw+/vJUvnDRI62XPkRyAgR5yDPs=' 'sha256-7vg2+gdz1/ftFJq3ZBimCuYwW04BTLPk0Z8E7kVeGHY=' 'sha256-VyY8SEWR8lMYk6OETYa7fhiLcLnQwdZtN03ECJL48t0=' 'sha256-XbnphNbfccFW7zQZOKk1NECfmmjWeq0cg1FwHrMZZ3A=' 'sha256-nVZbCRzRQSuWk+9W2ls61mQODCppOVf74kz9tIVcvD8=' 'sha256-oIOkXW3jJVB3WzdBAFDW1Y+ploUa4qVp1mqHQeZ7U+Q=' 'sha256-uILB4C9XYyBWeOx5+XQDrAjrU4EsdqN9Ms3lKdPVl58=' 'sha256-fEneWIDmgpMHym15EtxErZC6ZUMtKxivpJeC0XmqQGc=' 'sha256-tAWD8lytuBP8gEXDAj+ZibUssoc3mxK0Qpx5aFn8TT4=' https://*.lfeeder.com https://tags.inzynk.io https://cdn.leadinfo.net https://plugin.sopro.io https://d.line-scdn.net https://js.zi-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://googleads.g.doubleclick.net https://*.gstatic.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hs-scripts.com https://*.linkedin.com https://*.licdn.com https://*.google.com https://*.google.fr https://*.upsun-eu-5.observability-pipeline.blackfire.io 'sha256-IexDL0Ce6hsKeoWgG8tjIGqt0kCAsq7wliagPeAhqtU='; style-src 'self' 'unsafe-inline'; worker-src blob: 1 frame-ancestors 'self' https://device.mobilitysignage.com http://device.mobilitysignage.com 1 default-src 'self' https://*.youtube.com https://*.youtu.be https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.spotify.com/ https://open.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://pagead2.googlesyndication.com https://*.googleadservices.com https://*.google.com https://*.google.be https://snazzymaps.com https://my.matterport.com https://donate.autoworld.be https://*.doubleclick.net https://*.typekit.net https://flackr.github.io; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.facebook.com https://*.google.be https://*.google.com https://*.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-mliePRGf8BeXqktb3AcC1w=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.googletagmanager.com https://fonts.googleapis.com blob:; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.addtoany.com *.youtube.com live-sip-platform.pantheonsite.io; object-src 'self' *.googleapis.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org; img-src 'self' data: *.gstatic.com *.facebook.com *.googletagmanager.com *.jsdelivr.net *.googleapis.com i.ytimg.com; media-src 'self'; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.spotify.com player.vimeo.com *.vimeo.com vimeo.com; font-src 'self' data:; connect-src 'self' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.us-central1.run.app *.conversionsapigateway.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'unsafe-inline' 'self' data: *.eru.cz *.eru.gov.cz *.googleapis.com nia.identitaobcana.cz app.powerbi.com fonts.gstatic.com cdn.jsdelivr.net *.youtube-nocookie.com *.youtube.com *.ytimg.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz unpkg.com datawrapper.dwcdn.net *.google.com; report-uri /report-csp-violation 1 default-src 'self'; child-src 'self' blob:; connect-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.google.com https://www.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://px.ads.linkedin.com https://*.googlesyndication.com https://*.analytics.google.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.doubleclick.net https://*.googleadservices.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://*.cookieyes.com https://*.simplecast.com https://*.youtube.com https://*.vimeo.com https://*.youtu.be https://*.spotify.com https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.jotform.com https://*.flipsnack.com; img-src 'self' https://*.elliottletters.com *.elliottletters.com https://elliottletters.com https://dev-elliott-letters.pantheonsite.io https://test-elliott-letters.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://px.ads.linkedin.com https://t.co https://www.facebook.com https://analytics.twitter.com https://secure.gravatar.com https://*.jotform.com https://*.google.com blob: data:; object-src; script-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://*.gstatic.com https://*.googlesyndication.com https://*.googleadservices.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.doubleclick.net https://*.jotform.com https://*.google.com https://static.cloudflareinsights.com 'unsafe-inline' 'report-sample'; style-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;style-src * 'unsafe-inline' https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*; 1 base-uri 'self'; default-src 'self' blob: data: *.storck.com *.wonderlandmovies.de *.stage.sto.adacor.net ar.merci.at ar.merci.pl *.amazonaws.com; script-src 'self' 'nonce-VCLKZ9biNKySRsl6NR0g9VvyRfYj9F4EmcGCU-ldqEkx-cqVjAH1AA' blob: data: *.storck.com storck.piwik.pro *.googleadservices.com *.pricespider.com *.mapbox.com s3.us-west-2.amazonaws.com click2cart.com *.click2cart.com maps.googleapis.com; img-src 'self' blob: data: *.storck.com storck.piwik.pro *.pricespider.com *.wonderlandmovies.de *.stage.sto.adacor.net staebchen-designer.merci.de *.amazonaws.com *.gstatic.com attach-videos.s3.amazonaws.com *.albertsons-media.com *.media-amazon.com *.walmartimages.com click2cart.com *.click2cart.com maps.gstatic.com maps.googleapis.com c.imedia.cz gdecz.hit.gemius.pl ib.adnxs.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.pricespider.com *.mapbox.com click2cart.com *.click2cart.com maxcdn.bootstrapcdn.com s3.us-west-2.amazonaws.com fonts.googleapis.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mapbox.com *.iriworldwide.com click2cart.com *.click2cart.com maps.googleapis.com; font-src 'self' data: *.storck.com s3.us-west-2.amazonaws.com maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' *.storck.com data: ar.merci.at ar.merci.pl *.stage.sto.adacor.net staebchen-designer.merci.de blob: di.rlcdn.com; frame-ancestors 'self'; form-action 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; img-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; object-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; frame-src 'self' data: https://*.openstreetmap.org/ https://*.texmet.pl/ http://*.texmet.pl/ https://texmet.pl/ http://texmet.pl/ https://texmet.s1.zetohosting.pl/ http://texmet.s1.zetohosting.pl/; 1 base-uri 'none'; block-all-mixed-content; frame-ancestors 'none'; object-src 'none'; script-src 'strict-dynamic' 'nonce-lwiSEuS1DwZU8ldD+eR5ug=='; report-uri /csp-report 1 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1 default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.googleadservices.com *.usercentrics.eu connect.facebook.net snap.licdn.com *.google.com *.linkedin.com *.doubleclick.net cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.docksal.site:* *.ddev.site:* *.gstatic.com chosen.js *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.clarity.ms; object-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com *.usercentrics.eu cdn.jsdelivr.net cdnjs.cloudflare.com chosen.css unpkg.com; img-src 'self' data: *.google.com *.google.be *.facebook.com *.linkedin.com *.typekit.net *.icons8.com *.usercentrics.eu www.googletagmanager.com *.doubleclick.net *.hubspot.com c.clarity.ms *.bing.com; media-src 'self'; frame-src 'self' *.usercentrics.eu app.powerbi.com *.youtube.com *.google.com www.googletagmanager.com *.spotify.com *.apple.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' 'unsafe-inline' *.typekit.net *.icons8.com; connect-src 'self' *.google-analytics.com *.usercentrics.eu *.linkedin.com *.facebook.com *.google.com unpkg.com *.clarity.ms; report-uri /report-csp-violation 1 default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' *.webspellchecker.net/ https://fnk-main-prd-zsa-uploads.s3.eu-west-1.amazonaws.com/ https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.webspellchecker.net/ https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/ *.hotj blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.webspellchecker.net/ *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1 default-src 'self' https://*.youtube.com https://youtube.com https://youtu.be https://*.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://noembed.com/embed https://cdn.plyr.io https://apps.ticketmatic.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.analytics.google.com https://capig.stape.be https://capig.stape.cc https://*.google.be https://*.google.com https://*.doubleclick.net https://flackr.github.io; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://sparklink-dama.s3.eu-north-1.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://lab.digital-asset.app https://*.google.be/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://cdn.plyr.io https://*.facebook.com 'nonce-5IEW3ELI0PkeJTu8RwUg/Q=='; style-src 'self' 'unsafe-inline' https://cdn.plyr.io/ https://*.googletagmanager.com blob:; upgrade-insecure-requests 1